Thursday, 8 June 2017

PowerShell script to export disk usage report of multiple computers

Or, Disk usage report PowerShell script
Or, PowerShell script for disk usage report with .txt file input
Or, Export disk usage report to CSV for multiple windows computers

Descriptions: Disk usage report for storage optimization or to keep track of disk usage trends is one of the important routine task for every administrator. In this article, we would be exploring the PowerShell script to get disk usage report of multiple windows machines in to excel or CSV file.

In this article, we will prepare the scenario and logical environment, lastly we will run the PowerShell script to get the CSV report in desired folder location.

What has been covered in this script?
This script is designed for getting disk usage report of windows machines listed in ServersList.txt text file. It will keep only last 30 days report in the folder DiskUsageReports.

1. Administrative privilege to run the script
2. List of servers/computers name or IP in a text file
3. Basic knowledge of PowerShell commands

Prepare the environment – Get Ready

Create a root folder and three child folders like:
1. Root folder name: DiskUsage
2. Child folders name: DiskUsageReports, DiskUsageReportScript, and ServersList

A reference screenshot is given below:

Prepare a text file with Name ServersList.txt and place it in ServersList folder. This text file should contain the list of windows machines you wish to export disk usage report.

You can use name or IP as shown in below screenshot:

Finally, create the PowerShell script with following commands.

Simply copy and paste the given commands in PowerShell ISE windows and save it as .ps1 file under DiskUsageScript folder with name DiskUsageReport.ps1


$OldReports = (Get-Date).AddDays(-30)
Get-ChildItem D:\DiskUsage\DiskUsageReports\*.* | `
Where-Object { $_.LastWriteTime -le $OldReports} | `
Remove-Item -Recurse -Force -ErrorAction SilentlyContinue 
$LogDate = get-date -f yyyyMMddhhmm
$File = Get-Content -Path D:\DiskUsage\ServersList\ServersList.txt
$DiskReport = ForEach ($Servernames in ($File))

{Get-WmiObject win32_logicaldisk <#-Credential $RunAccount#> `
-ComputerName $Servernames -Filter "Drivetype=3" `
-ErrorAction SilentlyContinue

$DiskReport |

Select-Object @{Label = "Server Name";Expression = {$_.SystemName}},
@{Label = "Drive Letter";Expression = {$_.DeviceID}},
@{Label = "Total Capacity (GB)";Expression = {"{0:N1}" -f( $_.Size / 1gb)}},
@{Label = "Free Space (GB)";Expression = {"{0:N1}" -f( $_.Freespace / 1gb ) }},
@{Label = 'Free Space (%)'; Expression = {"{0:P0}" -f ($_.freespace/$_.size)}} |

Export-Csv -path "D:\DiskUsage\DiskUsageReports\DiskReport_$logDate.csv" –NoTypeInformation


It should look like the below one:

Now you are done friends, just run the PowerShell script and get the report you need...

Steps: Run the prepared PowerShell Script

Right Click on the .ps1 script file and Click on Run with PowerShell

Now go to DiskUsageReport folder, you should have your CSV report ready there..

Cheers, Please write me back if you have any query or feedback.

Wednesday, 7 June 2017

How to fix unquoted service path vulnerabilities?

Or, Unquoted service path vulnerability
Or, Mitigate unquoted service path vulnerabilities

Descriptions: Unquoted service path vulnerabilities are rated as highly critical vulnerability in windows. Don’t worry it is really very easy to fix.

If you have the vulnerability scan report with you, the report contains following information about this reported vulnerability:

Vulnerability Name: Microsoft Windows Unquoted Service Path Enumeration

Vulnerability Synopsis: The remote Windows host has at least one service installed that uses an unquoted service path.

Vulnerability Description: The remote Windows host has at least one service installed that uses an unquoted service path, which contains at least one whitespace. A local attacker can gain elevated privileges by inserting an executable file in the path of the affected service.  Note that this is a generic test that will flag any application affected by the described vulnerability.

Vulnerability Solution: Ensure that any services that contain a space in the path enclose the path in quotes.

IMP Note: There are two stages to fix this vulnerabilities, 1. finding the unquoted path on the affected server and 2. Fixing the unquoted paths.

Steps-1: How to find the unquoted service paths
Login to affected server with administrative privileges > run CMD as Administrator > run the following command:

wmic service get name,displayname,pathname,startmode |findstr /i "auto" |findstr /i /v "c:\windows\\" |findstr /i /v """

Once the command is executed successfully, you will be able to see one or more unquoted service paths. Result may look like the below reference screenshot:

Copy all the result to a text or excel file and move to the step-2.

Steps-2: Fixing unquoted service path vulnerabilities 
Search for the unquoted registry entry of the affected service under HKLM\System\CurrentControlSet\Services registry path > Double Click the Image Path key > fix comma like “servicepath” at the beginning and end of the path

Unquoted service path: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
Quoted service path: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"

The correct quoted service path image reference:

Cheers, Please write me back if you have any query or feedback..