PowerShell: Windows System Discovery – Deprecated

<# windows-localhost-discovery-v0.11.ps1
Purpose: scan the local or remote Windows machine for general system resources, security settings, and users information
Copyright? GPLv3 by KimConnect.com
#>

$remoteComputer="REMOTESHERVER009"
$adminCredential=Get-Credential

<#
################################## Excuting Program as an Administrator ####################################
# Get the ID and security principal of the current user account
$myWindowsID=[System.Security.Principal.WindowsIdentity]::GetCurrent()
$myWindowsPrincipal=new-object System.Security.Principal.WindowsPrincipal($myWindowsID)
 
# Get the security principal for the Administrator role
$adminRole=[System.Security.Principal.WindowsBuiltInRole]::Administrator
 
# Check to see if we are currently running "as Administrator"
if ($myWindowsPrincipal.IsInRole($adminRole))
   {
   # We are running "as Administrator" - so change the title and background color to indicate this
   $Host.UI.RawUI.WindowTitle = $myInvocation.MyCommand.Definition + "(Elevated)"
   $Host.UI.RawUI.BackgroundColor = "Black"
   clear-host
   }
else
   {
   # We are not running "as Administrator" - so relaunch as administrator
   
   # Create a new process object that starts PowerShell
   $newProcess = new-object System.Diagnostics.ProcessStartInfo "PowerShell";
   
   # Specify the current script path and name as a parameter
   $newProcess.Arguments = $myInvocation.MyCommand.Definition;
   
   # Indicate that the process should be elevated
   $newProcess.Verb = "runas";
   
   # Start the new process
   [System.Diagnostics.Process]::Start($newProcess);
   
   # Exit from the current, unelevated, process
   exit
   }
 
Write-Host -NoNewLine "Running as Administrator..."
################################## Excuting Program as an Administrator ####################################
#>


function checkWindows{  
    param(
        [string]$computerName=$env:computername,
        $adminCredential
    )
    
    $domain=(net config workstation) -match 'Workstation domain\s+\S+$' -replace '.+?(\S+)$','$1';
    $defaultDomainAdmin="$domain\Administrator"    

    Function checkServiceAccount{
        param(
            [string]$searchForAccount=$defaultDomainAdmin
        )     
        
        $servicesMatch="";
        $taskFound = "";
        $scheduledTaskMatches=@();
                   
        # Use the legacy schtasks command from localhost to query local machine and format an output int CSV format              
        $tasksAsCSV = schtasks.exe /query /V /FO CSV

        # Process the CSV result into PowerShell. Filter entries that are not labeled as "TaskName" and by "Run as User" field matching the target account
        $tasksFound = $tasksAsCSV | ConvertFrom-Csv | Where { $_.TaskName -ne "TaskName" -and $_."Run As User" -eq $searchForAccount}
        if ($tasksFound){
            $matches+="Scheduled Tasks 'Run-As' account $searchForAccount found:`r`n---------------------------------------------------";
            $scheduledTaskMatches=foreach ($task in $tasksFound){"`r`nTaskName: $($task.TaskName)`r`n---Executable: $($task.'Task To Run')`r`n---Next Run: $($task.'Next Run Time')"}	
		$matches+=$scheduledTaskMatches
            }	
	
        #$servicesMatch=(Get-Wmiobject win32_service | where-object{$_.startname -like $searchForAccount}|select @{name="ServiceName";expression={$_.name}}).ServiceName|out-string
	$servicesMatch=Get-Wmiobject win32_service|?{$_.StartName -like $searchForAccount}|select Name,DisplayName,StartName,StartMode,Status|ft -AutoSize|Out-String

        if($servicesMatch){
            $matches+="Services 'Run-As' account $searchForAccount found:`n";
            $matches+="$servicesMatch";
            }
        return $matches;
    }

    function getHyperVHostname{
        param([string]$guestVMName=$env:computername)
        $hive = [Microsoft.Win32.RegistryHive]::LocalMachine;
        $keyPath = 'SOFTWARE\Microsoft\Virtual Machine\Guest\Parameters';
        $value = 'HostName';
        $reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey($hive, $guestVMName);
        $key = $reg.OpenSubKey($keyPath);
        return $key.GetValue($value) ;
    }

    # Function obtained from http://ajitgupta.net/2017/08/26/determine-windows-activation-status-with-powershell/
    # Author: AJIT GUPTA
    function Get-ActivationStatus {
    [CmdletBinding()]
        param(
            [Parameter(ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)]
            [string]$DNSHostName = $Env:COMPUTERNAME
        )
        process {
            try {
                $wpa = Get-WmiObject SoftwareLicensingProduct -ComputerName $DNSHostName `
                -Filter "ApplicationID = '55c92734-d682-4d71-983e-d6ec3f16059f'" `
                -Property LicenseStatus -ErrorAction Stop
            } catch {
                $status = New-Object ComponentModel.Win32Exception ($_.Exception.ErrorCode)
                $wpa = $null    
            }
            $out = New-Object psobject -Property @{
                ComputerName = $DNSHostName;
                Status = [string]::Empty;
            }
            if ($wpa) {
                :outer foreach($item in $wpa) {
                    switch ($item.LicenseStatus) {
                        0 {$out.Status = "Unlicensed"}
                        1 {$out.Status = "Licensed"; break outer}
                        2 {$out.Status = "Out-Of-Box Grace Period"; break outer}
                        3 {$out.Status = "Out-Of-Tolerance Grace Period"; break outer}
                        4 {$out.Status = "Non-Genuine Grace Period"; break outer}
                        5 {$out.Status = "Notification"; break outer}
                        6 {$out.Status = "Extended Grace"; break outer}
                        default {$out.Status = "Unknown value"}
                    }
                }
            } else {$out.Status = $status.Message}
            return $out.Status
        }
    }

    function retryScriptBlock {
            [CmdletBinding()]
            Param(
                [Parameter(Position=0, Mandatory=$true)]
                [scriptblock]$ScriptBlock,

                [Parameter(Position=1, Mandatory=$false)]
                [int]$Maximum = 5
            )

            Begin {
                $cnt = 0
            }

            Process {
                do {
                    $cnt++
                    try {
                        $ScriptBlock.Invoke()
                        return
                    } catch {
                        Write-Error $_.Exception.InnerException.Message -ErrorAction Continue
                    }
                } while ($cnt -lt $Maximum)

                # Throw an error after $Maximum unsuccessful invocations. Doesn't need
                # a condition, since the function returns upon successful invocation.
                throw 'Execution failed.'
            }
        }

    function getWinDefenderStatus{
        param(
            $remoteSherver="localhost"
        )    
        
        $regexGetVersion='(<[^>]+>|[:\s]+|Version)';
        $regexGetReleaseDate='(<[^>]+>|^\s|\s+$|Released:)';
        $latestRelease=retryScriptBlock -scriptBlock {(Invoke-WebRequest –Uri "https://www.microsoft.com/en-us/wdsi/definitions" -Method Get -UseBasicParsing).tostring() -split "[`r`n]"};
        $latestVersion=($latestRelease | select-string "Version:") -replace $regexGetVersion;
        $latestReleaseDate=($latestRelease | select-string "Released:") -replace $regexGetReleaseDate -replace "  ";
        $result="";
            try{                   
                $mpStatus=Get-MpComputerStatus
                $actualVersion=$mpStatus.AntivirusSignatureVersion -replace $regexGetVersion
                $lastUpdated=$mpStatus.AntispywareSignatureLastUpdated                
                $releaseDateLocalTime=[System.TimeZoneInfo]::ConvertTimeFromUtc($latestReleaseDate,[System.TimeZoneInfo]::FindSystemTimeZoneById((Get-WmiObject win32_timezone).StandardName))
                $timeDifference = New-TimeSpan -Start $lastUpdated -End $latestReleaseDate
                $daysDifference=$timeDifference.Days
                
                "It has been $daysDifference day(s) between Last Update: $lastUpdated and New Release: $latestReleaseDate";
                if ($actualVersion -ne $latestVersion){
                    $result+="Malware Antivirus Signature version $actualVersion on this system does not match the Latest version of $latestVersion";
                    #Update-MPSignature;
                    }
                else{
                    $result+= "Excellent! Malware Antivirus Definition $actualVersion on this computer matches the Microsoft release.";                    
                }       
            }
            catch{
                $result+="Windows Defender is NOT enabled on this system.";
            }      
        return $result;
    }

    function checkRDP{
        $rdpAuth=(Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -Filter "TerminalName='RDP-tcp'").UserAuthenticationRequired
        $encryptionLevel=(Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -Filter "TerminalName='RDP-tcp'").MinEncryptionLevel
        switch ($encryptionLevel){
            1 {$compliant="Low";}
            2 {$compliant="Client Compatible";}
            3 {$compliant="High";}
            4 {$compliant="FIPS Compliant";}
        }
        if($rdpAuth){return "RDP Network Authentication Requirement: passed!`nRDP Encryption Level: $compliant";}else{return "RDP Network Authentication Requirement: Fail";}
    }
    
    function checkSpectreVulnerability{
        $regexOctets="([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)"
	    $patchedVersion="10.0.14393.2842"
	    $actualVersion=(Get-Item C:\Windows\system32\mcupdate_genuineintel.dll | select VersionInfo).VersionInfo.ProductVersion

        $temp=$actualVersion -match $regexOctets;
        [string]$a1=$matches[1].PadLeft(3,'0');
        [string]$a2=$matches[2].PadLeft(8,'0');
        [string]$a3=$matches[3].PadLeft(8,'0');
        [string]$a4=$matches[4].PadLeft(8,'0');        
        [single]$a=$a1+$a2+$a3+$a4

        $temp=$patchedVersion -match $regexOctets;
        [string]$p1=$matches[1].PadLeft(3,'0');
        [string]$p2=$matches[2].PadLeft(8,'0');
        [string]$p3=$matches[3].PadLeft(8,'0');
        [string]$p4=$matches[4].PadLeft(8,'0');
        [single]$p=$p1+$p2+$p3+$p4

        "System version: $actualVersion VS minimum version required: $patchedVersion"

        if($a -ge $p){return "Spectre meltdown vulnerabilities: Pass";}else{return "Spectre meltdown vulnerabilities: Fail";}  
        }

    function checkOtherVulnerabilities{
        $result="";

        # Checking IE
        $ieKeys=@(
            @("CVE-2017-8529 FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX (32-Bit)","HKLM:SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX"),
            @("CVE-2017-8529 FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX (64-bit)","HKLM:SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX"),
            @("MS15-124-Critical ASLR Hardening Setting for IE (32-Bit)","HKLM:SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING"),
            @("MS15-124-Critical ASLR Hardening Setting for IE (64-Bit)","HKLM:SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING")
        )    
        $result+="Internet Explorer Overall: "
        foreach ($ieKey in $ieKeys){
                try{
                    $value=(Get-ItemProperty -Path $ieKey[1] -Name "iexplore.exe" -ErrorAction SilentlyContinue).'iexplore.exe';
                }
                catch{
                    $value=0;
                    continue;
                }
                $ieResult=if($value){"Pass"}else{"Fail";}
                $ieKey[0] + ": " + $ieResult
            }
        $result+="$ieResult";
        
        # Checking Memory Management
        $memKeys=@(
            @("CVE-2017-5715 FeatureSettingsOverride","HKLM:SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management","FeatureSettingsOverride","0"),
            @("CVE-2017-5715 FeatureSettingsOverrideMask","HKLM:SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management","FeatureSettingsOverrideMask","3"),
            @("CVE-2017-5753-54 MinVmVersionForCpuBasedMitigations","HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization","MinVmVersionForCpuBasedMitigations","1.0")
        )
        $result+="`nMemory Management Registry Keys: "
        foreach ($memKey in $memKeys){
            $value=(Get-ItemProperty -Path $memKey[1] -Name $memKey[2] -ErrorAction SilentlyContinue).[string]($memKey[2])
            $memResult=if($value -eq $memKey[3]){"Pass"}else{"Fail";}
            $memKey[0]+ ": " + $memResult;
        }
        $result+="$memResult";

        # Checking Remote Code Execution
        $minVersion=14
        $vcVersions=(Get-ItemProperty Registry::HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*  -ErrorAction SilentlyContinue| where {$_.displayname -like "Microsoft Visual C++*"} | Select-Object DisplayVersion)
        foreach ($version in $vcVersions){
            if($version.DisplayVersion -ge $minVersion){
                $safeFlag=$True;
            }
        }
        if ($safeFlag){
            $result+="`nMS11-025 (MFC Remote Code Execution): Pass"
        }
        else{$result+="`nMS11-025 (MFC Remote Code Execution): Fail"}
        
        # Checking unquoted service path enumeration        
        $unquotedServicePathItems=(wmic service get name","displayname","pathname","startmode |findstr /i "auto" |findstr /i /v "c:\windows\\" |findstr /i /v "''").Trim()
        if ($unquotedServicePathItems){$result+="`nUnquoted Service Path Enumeration Vulnerabilities: Fail."}else{$result+="`nUnquoted Service Path Enumeration Vulnerabilities: Passed."}
        
        # Checking LAPS
        # (reg query HKLM\SOFTWARE\Classes /s /f Admpwd.dll)
        if((Get-ChildItem 'C:\Program Files\LAPS\CSE\Admpwd.dll' -ErrorAction SilentlyContinue) -OR (Get-ChildItem 'C:\Windows\Admpwd.dll' -ErrorAction SilentlyContinue)){$result+="`nLAPS is installed."}else{$result+="`nLAPS is not installed.";}
        
        # Checking SNMP
            try{
                $permittedManagers=Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\services\SNMP\Parameters\PermittedManagers" -ErrorAction SilentlyContinue;
                $validCommunities=Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\services\SNMP\Parameters\ValidCommunities" -ErrorAction SilentlyContinue;
            }
            finally{
            if (($permittedManagers) -and ($validCommunities)){
                $result+="`nSNMP: permittedManagers and validCommunities values are detected.";
                    }else{
                        $result+="`nSNMP: permittedManagers and validCommunities values are NOT detected.";
                        }
        }
        
        # Checking IISCrypto
        $iisServer=Get-Service -Name 'IISADMIN' -ErrorAction SilentlyContinue | Select -ExpandProperty Status
        if($iisServer){
            $result+="`nIIS is detected on this system with status $iisServer"
            $regHiveSSL30="Registry::HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server"
            $regHiveTLS10="Registry::HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server"
            $regHiveTLS11="Registry::HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server" 
            $regHiveTLS12="Registry::HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server"
            $isSSL30Enabled = Get-ItemProperty -Path $regHiveSSL30 -Name "Enabled" -ErrorAction SilentlyContinue
            $isTLS10Enabled = Get-ItemProperty -Path $regHiveTLS10 -Name "Enabled" -ErrorAction SilentlyContinue
            $isTLS11Enabled = Get-ItemProperty -Path $regHiveTLS11 -Name "Enabled" -ErrorAction SilentlyContinue
            $isTLS12Enabled = Get-ItemProperty -Path $regHiveTLS12 -Name "Enabled" -ErrorAction SilentlyContinue
            If ($isSSL30Enabled) {$result+="`nSSL 3.0 is Enabled.";} ElseIf ($isSSL30Enabled -eq 0){$result+="`nSSL 3.0 is Disabled.";} else {$result+="`nSSL 3.0 SCHANNEL is not detected.";}
            If ($isTLS10Enabled) {$result+="`nTLS 1.0 is Enabled.";} ElseIf ($isTLS10Enabled -eq 0){$result+="`nTLS 1.0 is Disabled.";} else {$result+="`nTLS 1.0 SCHANNEL is not detected.";}
            If ($isTLS11Enabled) {$result+="`nTLS 1.1 is Enabled.";} ElseIf ($isTLS11Enabled -eq 0){$result+="`nTLS 1.1 is Disabled.";} else {$result+="`nTLS 1.2 SCHANNEL is not detected.";}
            If ($isTLS12Enabled) {$result+="`nTLS 1.2 is Enabled.";} ElseIf ($isTLS12Enabled -eq 0){$result+="`nTLS 1.2 is Disabled.";} else {$result+="`nTLS 1.2 SCHANNEL is not detected.";}
            #If([System.IO.File]::Exists("C:\Windows\IISCryptoCli.exe")){$result+="`nIISCryptoCli is available."}else{$result+="`nIISCryptoCli is not available at C:\Windows.";}
            if((Get-Command IISCryptoCli.exe -ErrorAction SilentlyContinue) -or (Get-Command IISCrypto.exe -ErrorAction SilentlyContinue)){$result+="`nIIS Crypto is available on this system."}else{$result+="`nIIS Crypto is not available on this system.";}
        }
        
        return $result;        
    }

    function getAntivirusName {  
        $wmiQuery = "SELECT * FROM AntiVirusProduct"                  
        $antivirus = Get-WmiObject -Namespace "root\SecurityCenter2" -Query $wmiQuery  @psboundparameters -ErrorVariable myError -ErrorAction 'SilentlyContinue'             

        if($antivirus){
            return $antivirus.displayName            
            }else{
                $alternateAntivirusQuery=WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct GET displayName /Format:List|?{$_.trim() -ne ""}|%{$_ -replace "displayName=",""}
                if ($alternateAntivirusQuery){                    
                    return $alternateAntivirusQuery
                    }else{
                        write-host "No antivirus software were detected. Hence, namespace querying errors."
                        $rawSearch=((get-wmiobject -class "Win32_Process" -namespace "root\cimv2" | where-object {$_.Name.ToLower() -match "antivirus|endpoint|protection|security|defender|msmpeng"}).Name | Out-String).Trim();
                        if($rawSearch){
                            return $rawSearch
                            }else{
                                return "No antivirus detected."
                                }
                        }
                
                } 
        }
    
    function removeBlankLines{
        param($inputObject)
        return $inputObject|Out-String|?{$_.Trim("\s") -ne ""}
    }    

    <#
    Purpose: to measure IOPS of local volumes or UNC paths
    - This function must be ran with Administrator privileges, especially when triggered for the first time on a local system
    - Two utilities will be required and installed on the system: chocolatey (DevOps Tool) and diskspd.exe (Microsoft's disk benchmark app, similar to SQLIO)
    - Call the function with a valid path to test disk speed, such as:
      getDiskSpeed C:\
      getDiskSpeed \\FILESHERVER01\TESTDIR1
      getDiskSpeed D
    #>
    function getDiskSpeed{

        param(
            [string]$driveLetter="c:",
            [int]$sampleSize=5
            )
                
        if($driveLetter.Length -eq 1){$driveLetter+=":";}
        write-host "Obtaining disk speed of $driveLetter"        

        function isPathWritable{
                param($testPath)
                # Create random test file name
                $tempFolder=$testPath+"\getDiskSpeed\"
	            $filename = "diskSpeedTest-"+[guid]::NewGuid()
	            $tempFilename = (Join-Path $tempFolder $filename)
                New-Item -ItemType Directory -Path $tempFolder -Force -EA SilentlyContinue|Out-Null
	
	            Try { 
		            # Try to add a new file
                    # New-Item -ItemType Directory -Path $tempFolder -Force -EA SilentlyContinue
		            [io.file]::OpenWrite($tempFilename).close()
		            #Write-Host -ForegroundColor Green "$testPath is writable."         
		
		            # Delete test file after done
		            # Remove-Item $tempFilename -Force -ErrorAction SilentlyContinue 
                    
                    # Set return value
                    $feasible=$true;
	                }
	            Catch {
                    # Return 'false' if there are errors
                    $feasible=$false;
	                }

                return $feasible;
                }

        # Check if input is a valid drive letter
        function validatePath{
            param([string]$path=$driveLetter)
            if (Test-Path $path -EA SilentlyContinue){    
                $regexValidDriveLetters="^[A-Za-z]\:{0,1}$"
                $validLocalPath=$path.SubString(0,2) -match $regexValidDriveLetters
                if ($validLocalPath){
                $GLOBAL:localPath=$true;
                write-Host "Validating path... Local directory detected."
                
                $volumeName=if($driveLetter.Length -le 2){$driveLetter+"\"}else{$driveLetter.Substring(0,3)}
                $GLOBAL:clusterSize=(Get-WmiObject -Class Win32_Volume | Where-Object {$_.Name -eq $volumeName}).BlockSize;
                write-host "Cluster size detected as $clusterSize."
                       
                $driveLettersOnThisComputer=ls function:[A-Z]: -n|?{test-path $_}
                if (!($driveLettersOnThisComputer -contains $path.SubString(0,2))){
                    Write-Host "The provided local path's first 2 characters do not match any volumes in this system.";
                    return $false;
                    }
                return $(isPathWritable $path)
                }else{
                        $regexUncPath="^\\(?:\\[^<>:`"/\\|?*]+)+$"
                                    if ($path -match $regexUncPath){
                        $GLOBAL:localPath=$False;
                        write-Host "UNC directory detected."
                        return $(isPathWritable $path)
                        }else{Write-Host "The provided path does not match a UNC pattern nor a local drive.";return $false;}
                        }
                }else{
                    Write-Host "The path $path currently does NOT exist";
                    Return $false;
                    }
            }
        
        if (validatePath){
            # Set variables
            $tempDirectory="$driveLetter`\getDiskSpeed"
            # New-Item -ItemType Directory -Force -Path $tempDirectory|Out-Null
            $testFile="$tempDirectory`\testfile.dat"
            $processors=(Get-CimInstance Win32_ComputerSystem).NumberOfLogicalProcessors
               
            # Ensure that diskspd.exe is available in the system
            $diskSpeedUtilityAvailable=get-command diskspd.exe -ea SilentlyContinue
            if (!($diskSpeedUtilityAvailable)){
                if (!(Get-Command choco.exe -ErrorAction SilentlyContinue)) {
                    Set-ExecutionPolicy Bypass -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
                    }    
                choco install diskspd -y;
                refreshenv;
            }  

        function getIops{
            # Sometimes, the test result throws this error "diskspd Error opening file:" if no switches were used
            # The work around is to specify more parameters
            # Other variations:
            # $testResult=diskspd.exe-d1 -o4 -t4 -b8k -r -L -w50 -c1G $testFile
            # $testResult=diskspd.exe -b4K -t1 -r -w50 -o32 -d10 -c8192 $testFile
            # Note: remove the -c option to avoid this error when running with unprivileged accounts
            # diskspd.exe : WARNING: Error adjusting token privileges for SeManageVolumePrivilege (error code: 1300)
            
            try{
                if ($localPath){
                    #$expression="diskspd.exe -b8k -d1 -o$processors -t$processors -r -L -w25 -c1G $testfile";
                    $expression="Diskspd.exe -b$clusterSize -d1 -h -L -o$processors -t1 -r -w30 -c1G $testfile  2>&1";
                    }else{
                        $expression="Diskspd.exe -b8K -d1 -h -L -o$processors -t1 -r -w30 -c1G $testfile 2>&1";
                        }
                #write-host $expression
                $testResult=invoke-expression $expression;
                <# diskspd.exe -b8k -d1 -o4 -t4 -r -L -w25 -c1G $testfile
                8K block size; 1 second random I/O test;4 threads; 4 outstanding I/O operations;
                25% write (implicitly makes read 75% ratio); 
                #>
                }
                catch{                    
                    $errorMessage = $_.Exception.Message
                    $failedItem = $_.Exception.ItemName
                    Write-Host "$errorMessage $failedItem";
                    continue;
                    }
            $x=$testResult|select-string -Pattern "total*" -CaseSensitive|select-object -First 1|out-String
            $iops=$x.split("|")[-3].Trim()
            #$mebibytesPerSecond=$x.split("|")[-4].Trim()            
            return $iops
        }
        
        function selectHighIops{
            $testArray=@();            
            for($i=1;$i -le $sampleSize;$i++){
                try{
                    $iops=getIops;
                    write-host "$i of $sampleSize`: $iops IOPS";
                    $testArray+=$iops;
                    }
                    catch{
                        $errorMessage = $_.Exception.Message
                        $failedItem = $_.Exception.ItemName
                        Write-Host "$errorMessage $failedItem";
                        break;
                    }
                }
            $highestResult=($testArray|measure -Maximum).Maximum
            return $highestResult
        } 
        
        # Trigger several tests and select the highest value
        $selectedIops=selectHighIops

        # Cleanup
        # cmd /c rd $tempDirectory
        function isFileLocked{
            param($file=$(New-Object System.IO.FileInfo $testFile))
            if (Test-Path $testFile){
                try {
                    $fileHandle = $file.Open([System.IO.FileMode]::Open, [System.IO.FileAccess]::ReadWrite, [System.IO.FileShare]::None)
                    if ($fileHandle){
                        # File handle is open, which means file is not locked
                        $fileHandle.Close()
                        }
                    return $false
                    }
                catch{
                    # file is locked
                    return $true
                    }
                }else{return $false}
            }
        
        do {
            sleep 1;
            isFileLocked|out-null;
            }until(!(isFileLocked))
        Remove-Item -Recurse -Force $tempDirectory
        
        $mebibytesPerSecond=[math]::round($(([int]$selectedIops)/128),2)
        return "Highest: $selectedIops IOPS ($mebibytesPerSecond MiB/s)";
        }else{return "Cannot get disk speed"}
    }

    function internetSpeedTest{
        $10MbFile="http://ipv4.download.thinkbroadband.com/10MB.zip"
        $time=Measure-Command {[void](Invoke-WebRequest $10MbFile –UseBasicParsing|out-Null) }
        # Used switch -UseBasicParsing to overcome this potential error:
        # Invoke-WebRequest : The response content cannot be parsed because the Internet Explorer engine is not available, 
        # or Internet Explorers first-launch configuration is not complete. Specify the UseBasicParsing parameter and try again
        $speed=10/$time.TotalSeconds;
        $mbps=$speed*8.38861
        return "$([math]::Round($speed,2)) Mebibytes/sec ($([math]::Round($mbps,2)) Megabits/sec)"
    }

    function getContainer{
        param(
            $domainAdminCred
            )   
        if ((gwmi win32_computersystem).partofdomain -eq $true){            
                if (!(Get-Module ActiveDirectory)){
                    try {
                        $voidOutput=[void](Import-Module ServerManager -ErrorAction SilentlyContinue)
                        $voidOutput=[void](Add-WindowsFeature RSAT-AD-PowerShell -Confirm:$false);
                
                        ######## Error ######
                        #Error on some systems
                        #Add-WindowsFeature : The target of the specified cmdlet cannot be a Windows client-based operating system.
                        #At line:1 char:1
                        #+ Add-WindowsFeature RSAT-AD-PowerShell -Confirm:$false
                        #+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                        #    + CategoryInfo          : DeviceError: (localhost:String) [Install-WindowsFeature], Exception
                        #    + FullyQualifiedErrorId : WindowsClient_NotSupported,Microsoft.Windows.ServerManager.Commands.AddWindowsFeatureCommand
                        #
                        #Get-ADComputer : Unable to contact the server. This may be because this server does not exist, it is currently down,
                        #or it does not have the Active Directory Web Services running.
                        #At line:1 char:1
                        #+ Get-ADComputer $env:computername
                        #+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                        #    + CategoryInfo          : ResourceUnavailable: (SHERVER007:ADComputer) [Get-ADComputer], ADServerDownException
                        #    + FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirectory.Management.Commands.GetADComputer
                        #
                        # 
                        # Resolution:
                        # Get-ADComputer $env:computername -Server $DomainController -Credential (get-credential)
                        ######################

                        $voidOutput=[void](Import-Module ActiveDirectory -ErrorAction SilentlyContinue)
                        }catch{Continue;}

                    ##### Error when executing remotely ###
                    #WARNING: Error initializing default drive: 'Unable to contact the server. This may be because this server does not exist,
                    #it is currently down, or it does not have the Active Directory Web Services running.'.

                    }
                [string]$nearestDc=(Get-ADDomainController -Discover).HostName
                $result=[string](Get-ADComputer $env:computername -Server $nearestDc -Credential $domainAdminCred).DistinguishedName -Replace "^CN=[^,]+,",'' 
                }else{
                    $result="This computer is not domain joined."
                    }
                return $result
        }

    # Initialize variables
    $computerObject=New-Object PSObject
    $ips="Unknown";
    $machineType="Unknown";
    $machineModel="Unknown";
    $serial="Unknown";
    $os="Unknown";
    $cpu=$cpuLoad="Unknown";
    $memory="Unknown";
    $volumes="Unknown";
    $lastUpdate="Unknown";
    $antivirusName="Unknown";
    $activationStatus="Unknown";
    $cpuObject=@();
    $servicesWithDefaultAdministrator="";
    $winDefenderStatus="";
    $rdpSecurity="";
    $spectreVulnerability="";
    $otherVulnerabilities="";
    $localAdministrators="";
    $lastLogonUsers=@();
    $currentlyLogonUsers="";
    $topProcesses="";
    $memoryUsagePerUser="";    
    $container="";
    $certs="";
    $installedApps="";
    $autoStartServices="";
    $smbShares="";
    $kbs="";
    $gateway="";
    $publicIP="";
    $dns="";
    $pageFiles="";
    $currentSendReceive=@();
    $internetDownloadSpeed=0;
    $osArchitecture="";

    try{
        $ips=([System.Net.Dns]::GetHostAddresses($env:computername)|?{$_.AddressFamily -eq "InterNetwork"}|%{$_.IPAddressToString;}|out-string).Trim();
        $gateway=(Get-WmiObject -Class Win32_IP4RouteTable|where{ $_.destination -eq '0.0.0.0' -and $_.mask -eq '0.0.0.0'}).nexthop
        $dns=Get-DnsClientServerAddress | Select-Object –ExpandProperty ServerAddresses|sort-object -Unique
        $publicIP=(Invoke-WebRequest -URI ("ifconfig.me/ip")).Content
        # $publicIP=(Invoke-RestMethod http://ipinfo.io/json -ea SilentlyContinue| Select -exp ip).Trim()
        # ipinfo.io is currently being blocked by many web filters
        <# Error
        System error 1312 has occurred.
        + CategoryInfo          : NotSpecified: (System error 1312 has occurred.:String) [], RemoteException
        + FullyQualifiedErrorId : NativeCommandError
        + PSComputerName        : SERVER01
 
        A specified logon session does not exist. It may already have been terminated.
        at <ScriptBlock>, <No file>: line 535
        at <ScriptBlock>, <No file>: line 3
        #>
        $internetDownloadSpeed=internetSpeedTest
        write-host $internetDownloadSpeed;
        $machineModel=(Get-WmiObject -Class Win32_ComputerSystem -ea stop).Model
        write-host $machineModel
        $serial=(Get-WMIObject -Class Win32_BIOS).SerialNumber
        write-host $serial
        $cpuObject = Get-WmiObject win32_processor -ea stop |select Name,NumberOfCores,LoadPercentage
        $cpu=($cpuObject|select Name,NumberOfCores|ft -AutoSize|Out-String).Trim()
        write-host $cpu
        $cpuLoad = ($cpuObject|  Measure-Object -property LoadPercentage -Average | Select @{Name="CurrentLoad";Expression={"{0:N2} %" -f ($_.Average)}}).CurrentLoad
        write-host $cpuLoad
        #$osArchitecture=(wmic os get osarchitecture)[2] # shows: 32-bit or 64-bit
        $osArchitecture=$ENV:PROCESSOR_ARCHITECTURE # shows: x86 or AMD64
        write-host $osArchitecture
        $osAndMemory = gwmi -Class win32_operatingsystem -ea stop| select @{Name="os";Expression={$_.Caption}},@{Name="Memory";Expression={"{0:N2} GB" -f ($_.TotalVisibleMemorySize / 1048576)}},@{Name = "Utilization"; Expression = {"{0:N2} %" -f ((($_.TotalVisibleMemorySize - $_.FreePhysicalMemory)*100)/ $_.TotalVisibleMemorySize) }}
        if($osAndMemory){
            $os=$osAndMemory.os;
            $memory=$osAndMemory.Memory;
            $memoryUtilization=$osAndMemory.Utilization;
            }
        write-host "$os`r`n$memory`r`n$memoryUtilization"
        $volumes = (gwmi -Class win32_volume -Filter "DriveType!=5" -ea stop| ?{$_.DriveLetter -ne $null}|`
                    Select-object @{Name="Letter";Expression={$_.DriveLetter}},`
                    @{Name="Label";Expression={$_.Label}},`
                    @{Name="Capacity";Expression={"{0:N2} GiB" -f ($_.Capacity/1073741824)}},`
                    @{Name = "Available"; Expression = {"{0:N2} GiB" -f ($_.FreeSpace/1073741824)}},`
                    @{Name = "Utilization"; Expression = {"{0:N2} %" -f  ((($_.Capacity-$_.FreeSpace) / $_.Capacity)*100)}},`
                    @{Name = "diskBrand"; Expression = {(($_).getrelated().getrelated('Win32_DiskDrive')).caption}},`
                    # List disks brand and models
                    #((gwmi -Class Win32_logicaldisk).getrelated('Win32_DiskPartition').getrelated('Win32_DiskDrive')).caption.replace("USB Device","")
                    @{Name = "diskSpeed"; Expression = {getDiskSpeed $_.DriveLetter}}`
                    | ft -autosize | Out-String).Trim()
        write-host $volumes

        $pageFiles=Get-CimInstance -Class Win32_PageFileUsage|%{"$($_.Name) Allocated: $($_.AllocatedBaseSize) MB CurrentUsage: $($_.CurrentUsage) MB PeakUsage: $($_.PeakUsage) MB"}
        write-host $pageFiles
        $activationStatus=Get-ActivationStatus
        write-host $activationStatus
        #[string]$lastUpdate=gwmi win32_quickfixengineering |select HotFixID,InstalledOn|Select-Object -first 1
        $lastUpdate=(Get-HotFix | Measure-Object InstalledOn -Maximum).Maximum.ToString().Trim()
        write-host $lastUpdate
        $kbs=get-hotfix|select InstalledOn,HotFixID,InstalledBy|sort-object -Property InstalledOn -Desc|ft -AutoSize #|Select-Object -first 10 
        write-host $kbs
        $antivirusName=getAntivirusName
        write-host $antivirusName
        
        $servicesWithDefaultAdministrator=if((gwmi win32_computersystem).partofdomain -eq $true){
                                                checkServiceAccount $defaultDomainAdmin|Out-String|%{$_.Trim()} 
                                                }else{
                                                    checkServiceAccount 'Administrator'|Out-String|%{$_.Trim()}
                                                    }
        write-host $servicesWithDefaultAdministrator
        $localAdministrators=(net localgroup administrators | where {$_ -AND $_ -notmatch "command completed successfully"}|select -skip 4|Out-String).Trim()         
        write-host $localAdministrators
        $winDefenderStatus=(getWinDefenderStatus|Out-String).Trim();
        write-host $winDefenderStatus
        $rdpSecurity=(checkRDP|Out-String).Trim();
        write-host $rdpSecurity
        $spectreVulnerability=(checkSpectreVulnerability|Out-String).Trim();
        write-host $spectreVulnerability
        $otherVulnerabilities=(checkOtherVulnerabilities|Out-String).Trim();                
        write-host $otherVulnerabilities
        $lastLogonEvents=Get-WmiObject -Class Win32_UserProfile | Sort-Object -Property LastUseTime -Descending |?{$_.SID -notmatch "(S-1-5-18|S-1-5-19|S-1-5-20)"} | Select-Object -First 10
        if ($lastLogonEvents){
            $usersCount=$lastLogonEvents.Length;
            $lastLogonUsers=@();
            for ($i=0;$i -lt $usersCount; $i++){
                
                try{
                    $user=(New-Object System.Security.Principal.SecurityIdentifier($lastLogonEvents[$i].SID)).Translate([System.Security.Principal.NTAccount]).Value
                    }
                catch{
                    $user=$lastLogonEvents[$i].SID
                    }                    
                <# Try-Catch had worked around this error
                Exception calling "Translate" with "1" argument(s): "Some or all identity references could not be translated."
                At line:2 char:17
                +                 $userObject.Translate([System.Security.Principal.NTAccount]).Val ...
                +                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
                    + FullyQualifiedErrorId : IdentityNotMappedException
                #>               

                $count=$i+1;                 
                #$logonTime=([WMI]'').ConvertToDateTime($lastLogonEvents[$i].LastUseTime)
                $logonTime=$lastLogonEvents[$i].LastUseTime
                $lastLogonUsers+=@("$count`: $user $logonTime");

                }
            }        
        write-host $lastLogonUsers
        $currentlyLogonUsers=query user|Out-String
        write-host $currentlyLogonUsers
        #$topProcesses=(get-process|Group-Object -Property ProcessName | Select-Object -First 10 |Select Name, @{N='Memory (MB)';E={[math]::Round((($_.Group|Measure-Object WorkingSet -Sum).Sum / 1MB),2)}} | Sort-Object -Property "Memory (MB)" -Descending|ft -AutoSize| Out-String).Trim();
        $topProcesses=(get-process|Group-Object -Property ProcessName | Select Name, @{N='Memory (MB)';E={[math]::Round((($_.Group|Measure-Object WorkingSet -Sum).Sum / 1MB),2)}} | Sort-Object -Property "Memory (MB)" -Descending|Select-Object -First 10 |ft -AutoSize| Out-String).Trim();
        write-host $topProcesses
        $memoryUsagePerUser=(get-wmiobject win32_process|select @{N='User';E={$_.getowner().user}}, WorkingSetSize  | group user|select Name, @{N='Memory (MB)';E={[math]::Round(($_.Group.WorkingSetSize  | Measure-Object -Sum).Sum / 1Mb,2)  }}|sort-object -property "Memory (MB)" -Descending|ft -AutoSize| Out-String).Trim();
        write-host $memoryUsagePerUser 
        $container=getContainer -domainAdminCred $adminCredential             
        write-host $container
        $certObjects=Get-ChildItem -Path cert:\LocalMachine\My
        foreach ($cert in $certObjects){$certs+="$($cert.Thumbprint) $($cert.Subject)"}
        write-host $certs
        $smbShares=get-smbshare|ft -AutoSize
        write-host $smbShares
        $autoStartServices=(Get-WmiObject -ClassName Win32_Service -Filter "StartMode='Auto'"|Format-Table Name,StartName,State -AutoSize|out-String).Trim()
        write-host $autoStartServices
        $installedApps=Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object InstallDate,DisplayName, DisplayVersion, Publisher | Sort-Object -Property InstallDate -Descending |?{$_.DisplayName.length -gt 1 }|ft -AutoSize;
        write-host $installedApps
        #$regexOU=".+?(?=,),(.*)\."            
        #[string]$disabledComputersOu=(Get-ADOrganizationalUnit -Filter 'Name -like "Disabled Computers"'|select DistinguishedName).DistinguishedName
        #$container=Get-ADComputer $env:computername | Move-ADObject -TargetPath $disabledComputersOu -WhatIf -PassThru | Out-String   
        }
    catch{
        Write-Host $_.ScriptStackTrace;
        continue;
        }
    finally{
        if(!($machineModel)){$machineModel="Unknown"};
        if(!($machineType)){$machineType="Unknown"};
        if(!($osAndMemory)){$os=$memory=$memoryUtilization="Unknown";}
        if(!($ips)){$ips="Unknown";}
        if(!($cpuObject)){$cpu=$cpuLoad="Unknown";}
        if(!($volumes)){$volumes="Unknown";}
        if(!($serial)){$serial="Unknown"}
        if(!($certs)){$certs="None"}
        if(!($servicesWithDefaultAdministrator)){$servicesWithDefaultAdministrator="None"}
	    switch -wildcard ($machineModel){
            "VMware*" {$machineType="VMWare Virtual Machine";$hostname="ESXi host has not been setup to pass the host's machine.id to guest. Hence, hostname cannot be retrieved from inside $env:computername";}
		    "Virtual Machine" {$machineType="Hyper-V Virtual Machine";$hostname=getHyperVHostname}
		    "*HVM*" {$machineType="AWS Virtual Machine";$hostname="N/A";}
            "*.*" {$machineType="AWS Virtual Machine";$hostname="N/A";}	        
            default {$machineType="Unknown";$hostname="Unknown";}
		}
    <#
    "Name: $name";"IPs: $ips";"Machine Type: $machineType";"Hostname: $hostname";"Model: $machineModel";"Serial: $serial";"OS: $os";
    "Activation Status: $activationStatus";"CPU: $cpu";"CPU Load: $cpuLoad";"Memory: $memory";"Memory Utilization: $memoryUtilization";
    "Top Processes: $topProcesses";"Memory Usage Per User: $memoryUsagePerUser";"Volumes: $volumes";"Container: $container";"Last Update: $lastUpdate";
    "Antivirus Name: $antivirusName";"Local Admins: $localAdministrators";"Services with default Domain Admin: $servicesWithDefaultAdministrator";
    "WinDefender Status: $winDefenderStatus";"RDP Security: $rdpSecurity";"Spectre Vulnerability: $spectreVulnerability"; "Other Vulnerabilities: $otherVulnerabilities";
    "Last Logon Users: $lastLogonUsers";"Last Logon Times: $lastLogonTimes";
    #>             
        $computerObject | Add-Member -MemberType NoteProperty -Name "Name" -Value $name
        $computerObject | Add-Member -MemberType NoteProperty -Name "ips" -Value $ips
        $computerObject | Add-Member -MemberType NoteProperty -Name "gateway" -Value $($gateway|Out-String).Trim()
        $computerObject | Add-Member -MemberType NoteProperty -Name "dns" -Value $($dns|Out-String).Trim()
        $computerObject | Add-Member -MemberType NoteProperty -Name "publicIP" -Value $publicIP
        $computerObject | Add-Member -MemberType NoteProperty -Name "internetDownloadSpeed" -Value $internetDownloadSpeed
        $computerObject | Add-Member -MemberType NoteProperty -Name "machineType" -Value $machineType
        $computerObject | Add-Member -MemberType NoteProperty -Name "hostname" $hostname
        $computerObject | Add-Member -MemberType NoteProperty -Name "machineModel" -Value $machineModel
        $computerObject | Add-Member -MemberType NoteProperty -Name "serial" -Value $serial
        $computerObject | Add-Member -MemberType NoteProperty -Name "os" -Value $os
        $computerObject | Add-Member -MemberType NoteProperty -Name "osArchitecture" -Value $osArchitecture
        $computerObject | Add-Member -MemberType NoteProperty -Name "activationStatus" -Value $activationStatus
        $computerObject | Add-Member -MemberType NoteProperty -Name "cpu" -Value $($cpu|out-string).Trim()
        $computerObject | Add-Member -MemberType NoteProperty -Name "cpuUtilization" -Value $cpuLoad
        $computerObject | Add-Member -MemberType NoteProperty -Name "memory" -Value $memory
        $computerObject | Add-Member -MemberType NoteProperty -Name "memoryUtilization" -Value $memoryUtilization
        $computerObject | Add-Member -MemberType NoteProperty -Name "topProcesses" -Value $($topProcesses|out-string).Trim()
        $computerObject | Add-Member -MemberType NoteProperty -Name "memoryUsagePerUser" -Value $($memoryUsagePerUser|out-string).Trim()         
        $computerObject | Add-Member -MemberType NoteProperty -Name "volumes" -Value $volumes
        $computerObject | Add-Member -MemberType NoteProperty -Name "pageFiles" -Value $pageFiles
        $computerObject | Add-Member -MemberType NoteProperty -Name "container" -Value $container
        $computerObject | Add-Member -MemberType NoteProperty -Name "antivirus" -Value $antivirusName
        $computerObject | Add-Member -MemberType NoteProperty -Name "localAdministrators" -Value $localAdministrators
        $computerObject | Add-Member -MemberType NoteProperty -Name "servicesWithDefaultAdministrator" -Value $servicesWithDefaultAdministrator
        $computerObject | Add-Member -MemberType NoteProperty -Name "winDefenderStatus" -Value $winDefenderStatus
        $computerObject | Add-Member -MemberType NoteProperty -Name "rdpSecurity" -Value $rdpSecurity
        $computerObject | Add-Member -MemberType NoteProperty -Name "spectreVulnerability" -Value $spectreVulnerability
        $computerObject | Add-Member -MemberType NoteProperty -Name "otherVulnerabilities" -Value $otherVulnerabilities
        $computerObject | Add-Member -MemberType NoteProperty -Name "lastLogonUsers" -Value $($lastLogonUsers|out-string).Trim();
        $computerObject | Add-Member -MemberType NoteProperty -Name "currentlyLogonUsers" -Value $currentlyLogonUsers.Trim()
        $computerObject | Add-Member -MemberType NoteProperty -Name "certs" -Value $certs
        $computerObject | Add-Member -MemberType NoteProperty -Name "smbShares" -Value $($smbShares|Out-String).Trim()
        $computerObject | Add-Member -MemberType NoteProperty -Name "autoStartServices" -Value $autoStartServices
        $computerObject | Add-Member -MemberType NoteProperty -Name "installedApps" -Value $($installedApps|Out-String).Trim();
        $computerObject | Add-Member -MemberType NoteProperty -Name "lastUpdate" -Value $lastUpdate
        $computerObject | Add-Member -MemberType NoteProperty -Name "kbs" -Value $($kbs|Out-String).Trim()       
        }
    return $computerObject;
    # $GLOBAL:computerObjects+=,$computerObject
}

function executeFunctionRemotely{
    param(
        $remoteComputer,
        $credential
        )
    
    do{
        $session = New-PSSession -ComputerName $remoteComputer
        "Connecting to remote computer $remoteComputer..."
        sleep -seconds 5
        if ($session){"Connected."}
        } until ($session.state -match "Opened")

    invoke-command -session $session -scriptblock{
                                                param($checkWindows,$cred)
                                                [ScriptBlock]::Create($checkWindows).invoke($env:computername,$cred);
                                                #invoke-command -Credential $Using:cred -ScriptBlock $checkWindows                                        
                                                } -args ${function:checkWindows},$credential
    Remove-PSSession -id $session.Id
    }

executeFunctionRemotely -remoteComputer $remoteComputer -credential $adminCredential

<# Sample output
Name                             : REMOTESHERVER009
ips                              : 192.168.1.10
                                   169.254.4.82
gateway                          : 192.168.1.1
dns                              : 192.168.1.1
                                   8.8.8.8
publicIP                         : 165.555.555.555
internetDownloadSpeed            : 3.49 Mebibytes/sec (29.27 Megabits/sec)
machineType                      : Unknown
hostname                         : Unknown
machineModel                     : UCSB-B200-M5
serial                           : LALALA
os                               : Microsoft Windows Server 2016 Datacenter
osArchitecture                   : AMD64
activationStatus                 : Licensed
cpu                              : Name                                     NumberOfCores
                                   ----                                     -------------
                                   Intel(R) Xeon(R) Gold 5120 CPU @ 2.20GHz            14
                                   Intel(R) Xeon(R) Gold 5120 CPU @ 2.20GHz            14
cpuUtilization                   : 1.00 %
memory                           : 574.66 GB
memoryUtilization                : 1.64 %
topProcesses                     : Name                     Memory (MB)
                                   ----                     -----------
                                   svchost                       706.11
                                   rhs                           234.64
                                   WmiPrvSE                      213.25
                                   wsmprovhost                    211.1
                                   MsMpEng                       196.69
                                   lsass                          54.36
                                   Nimble.ConnectionService        52.8
                                   nimble.hotfixmonitor            51.8
                                   clussvc                        48.55
                                   LogonUI                        42.39
memoryUsagePerUser               : Name            Memory (MB)
                                   ----            -----------
                                   SYSTEM              1163.13
                                   NETWORK SERVICE      443.85
                                   176233               211.29
                                   LOCAL SERVICE         140.9
                                   DWM-1                 30.68
                                                          0.14
volumes                          : Letter Label Capacity   Available  Utilization diskBrand                                                                                                                                       
                                                   diskSpeed          
                                   ------ ----- --------   ---------  ----------- ---------                                                                                                                                       
                                                   ---------          
                                   C:           445.55 GiB 382.59 GiB 14.13 %     {LSI UCSB-MRAID12G-HE SCSI Disk Device, Nimble Server  Multi-Path Disk Device, Nimble Server  Multi-Path Disk Device, Nimble Server  Multi-Path 
                                   Disk Device...} 1067.12 MiB/s (1...
pageFiles                        : C:\pagefile.sys Allocated: 43008 MB CurrentUsage: 0 MB PeakUsage: 0 MB
antivirus                        : MsMpEng.exe
localAdministrators              : Administrator
servicesWithDefaultAdministrator : None
winDefenderStatus                : It has been 0 day(s) between Last Update: 12/25/2019 14:28:20 and New Release: 12/26/2019 2:14:01 AM
                                   Excellent! Malware Antivirus Definition 1.307.1154.0 on this computer matches the Microsoft release.
rdpSecurity                      : RDP Network Authentication Requirement: passed!
                                   RDP Encryption Level: Client Compatible
spectreVulnerability             : System version: 10.0.14393.0 VS minimum version required: 10.0.14393.2842
                                   Spectre meltdown vulnerabilities: Pass
otherVulnerabilities             : CVE-2017-8529 FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX (32-Bit): Fail
                                   CVE-2017-8529 FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX (64-bit): Fail
                                   MS15-124-Critical ASLR Hardening Setting for IE (32-Bit): Fail
                                   MS15-124-Critical ASLR Hardening Setting for IE (64-Bit): Fail
                                   CVE-2017-5715 FeatureSettingsOverride: Fail
                                   CVE-2017-5715 FeatureSettingsOverrideMask: Fail
                                   CVE-2017-5753-54 MinVmVersionForCpuBasedMitigations: Fail
                                   Internet Explorer Overall: Fail
                                   Memory Management Registry Keys: Fail
                                   MS11-025 (MFC Remote Code Execution): Fail
                                   Unquoted Service Path Enumeration Vulnerabilities: Fail.
                                   LAPS is not installed.
                                   SNMP: permittedManagers and validCommunities values are NOT detected.
lastLogonUsers                   : 1: INTRANET\CUILO 20191226041129.721000+000
                                   2: INTRANET\NANG-ADMIN 20191011211258.684000+000
                                   3: INTRANET\DUDE555 20191006194507.747000+000
currentlyLogonUsers              : 
certs                            : None
smbShares                        : Name         ScopeName Path                                         Description  
                                   ----         --------- ----                                         -----------  
                                   A$           *         A:\                                          Default share
autoStartServices                : Name                      StartName                   State  
                                   ----                      ---------                   -----  
                                   BFE                       NT AUTHORITY\LocalService   Running
                                   BrokerInfrastructure      LocalSystem                 Running
                                   CDPSvc                    NT AUTHORITY\LocalService   Running
                                   ClusSvc                   LocalSystem                 Running
                                   CoreMessagingRegistrar    NT AUTHORITY\LocalService   Running
                                   CryptSvc                  NT Authority\NetworkService Running
                                   DcomLaunch                LocalSystem                 Running
                                   Dhcp                      NT Authority\LocalService   Running
                                   DiagTrack                 LocalSystem                 Running
                                   Dnscache                  NT AUTHORITY\NetworkService Running
                                   DPS                       NT AUTHORITY\LocalService   Running
                                   EventLog                  NT AUTHORITY\LocalService   Running
                                   EventSystem               NT AUTHORITY\LocalService   Running
                                   FontCache                 NT AUTHORITY\LocalService   Running
                                   gpsvc                     LocalSystem                 Running
                                   gupdate                   LocalSystem                 Stopped
                                   iphlpsvc                  LocalSystem                 Running
                                   LanmanServer              LocalSystem                 Running
                                   LanmanWorkstation         NT AUTHORITY\NetworkService Running
                                   LSM                       LocalSystem                 Running
                                   MapsBroker                NT AUTHORITY\NetworkService Stopped
                                   MpsSvc                    NT Authority\LocalService   Running
                                   MSDTC                     NT AUTHORITY\NetworkService Running
                                   MSiSCSI                   LocalSystem                 Running
                                   Netlogon                  LocalSystem                 Running
                                   Nimble Connection Service LocalSystem                 Running
                                   Nimble Hotfix Monitor     LocalSystem                 Running
                                   Nimble VSS Requestor      LocalSystem                 Running
                                   NlaSvc                    NT AUTHORITY\NetworkService Running
                                   nsi                       NT Authority\LocalService   Running
                                   PcaSvc                    LocalSystem                 Running
                                   Power                     LocalSystem                 Running
                                   ProfSvc                   LocalSystem                 Running
                                   RemoteRegistry            NT AUTHORITY\LocalService   Stopped
                                   RpcEptMapper              NT AUTHORITY\NetworkService Running
                                   RpcSs                     NT AUTHORITY\NetworkService Running
                                   SamSs                     LocalSystem                 Running
                                   Schedule                  LocalSystem                 Running
                                   SENS                      LocalSystem                 Running
                                   ShellHWDetection          LocalSystem                 Running
                                   Spooler                   LocalSystem                 Running
                                   sppsvc                    NT AUTHORITY\NetworkService Running
                                   SrmSvc                    LocalSystem                 Running
                                   SystemEventsBroker        LocalSystem                 Running
                                   Themes                    LocalSystem                 Running
                                   tiledatamodelsvc          LocalSystem                 Running
                                   TrkWks                    LocalSystem                 Running
                                   UALSVC                    LocalSystem                 Running
                                   UserManager               LocalSystem                 Running
                                   W32Time                   NT AUTHORITY\LocalService   Running
                                   WbioSrvc                  LocalSystem                 Stopped
                                   Wcmsvc                    NT Authority\LocalService   Running
                                   WinDefend                 LocalSystem                 Running
                                   Winmgmt                   localSystem                 Running
                                   WinRM                     NT AUTHORITY\NetworkService Running
                                   WpnService                LocalSystem                 Running
installedApps                    : InstallDate DisplayName                                                  DisplayVersion  Publisher            
                                   ----------- -----------                                                  --------------  ---------            
                                   20191218    Google Chrome                                                79.0.3945.88    Google LLC           
                                   20191213    Google Update Helper                                         1.3.35.421      Google LLC           
                                   20191011    TreeSize Free V4.3.1                                         4.3.1           JAM Software         
                                   20190821    Advanced IP Scanner 2.5                                      2.5.3850        Famatech             
                                               Intel(R) Chipset Device Software                             10.1.17903.8106 Intel(R) Corporation 
                                               HPE Nimble Windows Toolkit                                   7.0.0.31        HPE Nimble Storage   
                                               xplorer² lite 32 bit                                         4.2.0.1         Zabkat               
                                               Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 12.0.30501.0    Microsoft Corporation
lastUpdate                       : 12/13/2019 12:00:00 AM
kbs                              : InstalledOn            HotFixID  InstalledBy        
                                   -----------            --------  -----------        
                                   12/13/2019 12:00:00 AM KB4519998 NT AUTHORITY\SYSTEM
                                   10/13/2019 12:00:00 AM KB4521858 INTRANET\CUILO        
                                   10/3/2019 12:00:00 AM  KB4512574 INTRANET\CUILO        
                                   6/19/2019 12:00:00 AM  KB4503537 NT AUTHORITY\SYSTEM
                                   6/5/2019 12:00:00 AM   KB4498947 NT AUTHORITY\SYSTEM
                                   2/3/2018 12:00:00 AM   KB4049065 NT AUTHORITY\SYSTEM
PSComputerName                   : REMOTESHERVER009
RunspaceId                       : 7abf1c05-4641-4997-a521-b6e2f9db0973
#>

Leave a Reply

Your email address will not be published. Required fields are marked *