From 508d41a1d49a2be83d99c1c414fda687ba224033 Mon Sep 17 00:00:00 2001 From: aaron Date: Mon, 18 Dec 2023 18:01:44 +0000 Subject: [PATCH] Upload files to "/" --- Monitor-LocalAdminPasswordChange.ps1 | 12 ++++++++++ Monitor-NewDomainUsers.ps1 | 20 ++++++++++++++++ Monitor-OldComputers.ps1 | 19 +++++++++++++++ Monitor-OldUsers.ps1 | 23 ++++++++++++++++++ Monitor-OrthotracBackup.ps1 | 35 ++++++++++++++++++++++++++++ 5 files changed, 109 insertions(+) create mode 100644 Monitor-LocalAdminPasswordChange.ps1 create mode 100644 Monitor-NewDomainUsers.ps1 create mode 100644 Monitor-OldComputers.ps1 create mode 100644 Monitor-OldUsers.ps1 create mode 100644 Monitor-OrthotracBackup.ps1 diff --git a/Monitor-LocalAdminPasswordChange.ps1 b/Monitor-LocalAdminPasswordChange.ps1 new file mode 100644 index 0000000..e56bbee --- /dev/null +++ b/Monitor-LocalAdminPasswordChange.ps1 @@ -0,0 +1,12 @@ +# Monitors whether the local Administrator account's password has changed + +$version = (Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion").CurrentVersion +if($Version -lt "6.3") {write-host "Unsupported OS. Only Server 2012R2 or 8.1 and up are supported."; exit 0} + +$LastDay = (Get-Date).addhours(-24) +$AdminGroup = Get-LocalGroupMember -SID "S-1-5-32-544" + +$ChangedAdmins = foreach($Admin in $AdminGroup){get-localuser -ErrorAction SilentlyContinue -sid $admin.sid | Where-Object {$_.PasswordLastSet -gt $LastDay}} + +if (!$ChangedAdmins){write-host "Healthy"} +else {write-host "Unhealthy. Please check diagnostics"; write-host ($ChangedAdmins | fl *); exit 1} diff --git a/Monitor-NewDomainUsers.ps1 b/Monitor-NewDomainUsers.ps1 new file mode 100644 index 0000000..0bb7bed --- /dev/null +++ b/Monitor-NewDomainUsers.ps1 @@ -0,0 +1,20 @@ +# Monitors if any new active directory users are created + +$When = ((Get-Date).AddDays(-1)).Date +$GetUsers = Get-ADUser -Filter { whenCreated -ge $When } -Properties whenCreated + +$UserChanges = foreach ($User in $GetUsers) { + [PSCustomObject]@{ + Name = $user.name + CreatedOn = $user.whencreated + UPN = $user.userprincipalname + } +} + +if (!$GetUsers) {Write-Host "Healthy - No new users found"} +else { + Write-Host "New Users Found" + if (($UserChanges | Measure-Object).Count -ne 1){foreach ($User in $UserChanges) { $User }} + else{$UserChanges[0]} + exit 1 +} diff --git a/Monitor-OldComputers.ps1 b/Monitor-OldComputers.ps1 new file mode 100644 index 0000000..1fc7c16 --- /dev/null +++ b/Monitor-OldComputers.ps1 @@ -0,0 +1,19 @@ +# Monitors Active directory Computers that have not been logged into for a given amount of days. + +$threashold = -180 # Negative Integer, the age threshold of accounts that any older will be disabled. + +$age = (Get-Date).AddDays($threashold) + +$DomainCheck = Get-CimInstance -ClassName Win32_OperatingSystem +if ($DomainCheck.ProductType -ne "2") { Write-Host "Not a domain controller. Soft exiting." ; exit 0 } + +$OldComputers = Get-ADComputer -Filter * -properties Name,DNSHostName,SamAccountName,Enabled,WhenCreated,LastLogonDate,operatingsystem,isCriticalSystemObject | Select-Object Name,DNSHostName,SamAccountName,Enabled,WhenCreated,LastLogonDate,operatingsystem,isCriticalSystemObject | Where-Object {$_.LastLogonDate -lt $age} | Where-Object { $_.Enabled -eq $True} | Where-Object {$_.operatingsystem -notlike "*server*"} | Where-Object {$_.isCriticalSystemObject -eq $false} | Where-Object { $_.WhenCreated -lt ((Get-Date).AddDays(-14))} + +if (!$OldComputers) {Write-Host "Healthy"; exit 0} +else { + Write-Host "Not Healthy - Computer accounts found that have not logged on for 180 days" + if ($Host.Version.Major -gt 4){foreach ($message in $OldComputers){Write-Host $message}} + elseif ($Host.Version.Major -lt 5){foreach ($message in $OldComputers){$message}} + else {foreach ($message in $OldComputers){Write-Host $message}} + exit 1 +} diff --git a/Monitor-OldUsers.ps1 b/Monitor-OldUsers.ps1 new file mode 100644 index 0000000..543a243 --- /dev/null +++ b/Monitor-OldUsers.ps1 @@ -0,0 +1,23 @@ +# Monitors Active directory Users that have not been logged into for a given amount of days. + +$threashold = -180 # Negative Integer, the age threshold of accounts that any older will be disabled. + +$age = (Get-Date).AddDays($threashold) + +$DomainCheck = Get-CimInstance -ClassName Win32_OperatingSystem +if ($DomainCheck.ProductType -ne "2") { Write-Host "Not a domain controller. Soft exiting." ; exit 0 } + +$blacklistU = @( +"Administrator" +) + +$OldUsers = Get-ADuser -Filter * -properties Name, UserPrincipalName, SamAccountName, Enabled, WhenCreated, LastLogonDate, msDS-LastSuccessfulInteractiveLogonTime | Select-Object Name, UserPrincipalName, SamAccountName, Enabled, WhenCreated, LastLogonDate, msDS-LastSuccessfulInteractiveLogonTime | Where-Object { $_.LastLogonDate -lt $age } | Where-Object { $_.Enabled -eq $True}| Where-Object { $_.UserPrincipalName -ne $null} | Where-Object { $_.Name -notin $blacklistU} | Where-Object { $_.SamAccountName -notin $blacklistU} | Where-Object { $_.WhenCreated -lt ((Get-Date).AddDays(-14))} + +if (!$OldUsers) {Write-Host "Healthy"; exit 0} +else { + Write-Host "Not Healthy - User accounts found that have not logged on for 180 days:" + if ($Host.Version.Major -gt 4){foreach ($message in $OldUsers){Write-Host $message}} + elseif ($Host.Version.Major -lt 5){foreach ($message in $OldUsers){$message}} + else {foreach ($message in $OldUsers){Write-Host $message}} + exit 1 +} diff --git a/Monitor-OrthotracBackup.ps1 b/Monitor-OrthotracBackup.ps1 new file mode 100644 index 0000000..5cc9fc6 --- /dev/null +++ b/Monitor-OrthotracBackup.ps1 @@ -0,0 +1,35 @@ +# Monitors whether an Orthotrac backup has run in the last day. + +$oldAge = -1 +$oldDate = (Get-Date).AddDays($oldAge) + +Function Get-BackupDir +{ + $Disks = (get-volume).driveletter | Where-Object {$_ -ne $null} + + $BackupDisk = ForEach ($Disk in $Disks) + { + $Drive = "$Disk"+":\" + $Search = Get-ChildItem "$Drive" | Where-Object {$_.PSIsContainer -eq $true -and $_.Name -match "Orthotrac"} + if ($Search -ne $null){echo $Disk} + } + + $BackupDir = "$BackupDisk"+":\Orthotrac\OMS\Backup\Most_Recent" + echo $BackupDir +} + +Function Get-BackupDate +{ + $BackupDir = Get-BackupDir + + $Files = ForEach ($File in (Get-ChildItem -Path $BackupDir)){echo $File} + + $EarliestFile = $Files | Sort-Object LastWriteTime | Select-Object -First 1 + + echo $EarliestFile.LastWriteTime +} + +$BackupDate = Get-BackupDate + +if ($BackupDate -lt $oldDate){echo "Backup not ran today"} +else {echo "backup ran today"}