Skip to content

Commit

Permalink
Merge pull request #617 from TheJumpCloud/SUP-1465
Browse files Browse the repository at this point in the history 
Added PS ver Check, added files, fixed the broke.
  • Loading branch information
@ecourtneyjc
ecourtneyjc authored Nov 7, 2024
2 parents a61bb8f + 709a0a1 commit 41c3589
Showing 1 changed file with 59 additions and 11 deletions.
70 changes: 59 additions & 11 deletions scripts/windows/log_collection.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,24 @@ if (-not (Test-Administrator)) {
exit
}

# Function to get PowerShell Version
function Check-PowerShellVersion {
$requiredVersion = 5
$currentVersion = $PSVersionTable.PSVersion.Major

if ($currentVersion -lt $requiredVersion) {
Write-Warning "This script requires PowerShell version 5.0 or higher. Current version: $currentVersion. Exiting..."
exit
} else {
Write-Host "PowerShell version $currentVersion detected. Proceeding..."
}
}

# Call the function to check the version
Check-PowerShellVersion



# Function to Gather Logs Based on User Selection
function Gather-Logs {
[CmdletBinding()]
Expand Down Expand Up @@ -49,6 +67,14 @@ function Gather-Logs {
# Create the Temp Directory
New-Item -ItemType Directory -Path $tempDir > $null

# Gather Windows Version Information
$winVersion = (Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion").ProductName
$winVersion += " - Version " + (Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion").ReleaseId
$winVersionFile = Join-Path $tempDir "WinVersion.txt"
$winVersion | Out-File -FilePath $winVersionFile -ErrorAction SilentlyContinue



# List of Log Files and Event Logs to Gather
$fileList = @{
"AgentLogs" = @(
Expand Down Expand Up @@ -132,6 +158,30 @@ function Gather-Logs {
"Agent Logs" {
$files += $fileList["AgentLogs"]
$eventLogs += $eventLogList["EssentialEvents"]
# Handle jc-user-agent.log and jcupdate.log
$allUsers = Get-LocalUser
foreach ($user in $allUsers) {
if ( Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\$($user.SID)" -Name "ProfileImagePath" -ErrorAction SilentlyContinue) {
$profilePath = Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\$($user.SID)" -Name "ProfileImagePath"
$profileImagePath = $profilePath.ProfileImagePath
}

# Define paths to jc-user-agent.log and jcupdate.log
$jcUserAgentLog = "$profileImagePath\AppData\Local\Temp\jc-user-agent.log"
$jcUpdateLog = "$profileImagePath\AppData\Local\Temp\jcupdate.log"

# Check and copy jc-user-agent.log if it exists
if (Test-Path -Path $jcUserAgentLog) {
$destinationPath = "$tempDir\$($user.Name).jc-user-agent.log"
Copy-Item -Path $jcUserAgentLog -Destination $destinationPath -ErrorAction SilentlyContinue
}

# Check and copy jcupdate.log if it exists
if (Test-Path -Path $jcUpdateLog) {
$destinationPath = "$tempDir\$($user.Name).jcupdate.log"
Copy-Item -Path $jcUpdateLog -Destination $destinationPath -ErrorAction SilentlyContinue
}
}
}
"Remote Assist logs" {
$files += $fileList["RemoteAssistLogs"]
Expand Down Expand Up @@ -176,23 +226,23 @@ function Gather-Logs {

# Generate RSOP Output
$rsopOutputPath = Join-Path $tempDir "RSOP.html"
$rsopCmd = "gpresult /H $rsopOutputPath"
$rsopCmd = "gpresult /SCOPE COMPUTER /H $rsopOutputPath"
Invoke-Expression $rsopCmd
}
"Active Directory Logs" {
$files += $fileList["ADLogs"]
# Export AD Integration Registry Keys
# test for import agent files
if ( Get-ItemProperty -Path "HKLM:\SOFTWARE\JumpCloud\AD Integration Import Agent" -ErrorAction SilentlyContinue ) {
reg export "HKLM:\SOFTWARE\JumpCloud\AD Integration Import Agent" "$tempDir\AD_Integration_Import_Agent.reg" -ErrorAction SilentlyContinue
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\JumpCloud\AD Integration Import Agent" "$tempDir\ADIntegrationImportAgent.reg" /y
} else {
Write-Warning "No AD Import Agent Logs exist"
Write-Warning "No AD Import Agent Keys exist"
}
# test for sync agent files
if ( Get-ItemProperty -Path "HKLM:\SOFTWARE\AD Integration Sync Agent" -ErrorAction SilentlyContinue ) {
reg export "HKLM:\SOFTWARE\JumpCloud\AD Integration Sync Agent" "$tempDir\AD_Integration_Sync_Agent.reg" -ErrorAction SilentlyContinue
if ( Get-ItemProperty -Path "HKLM:\SOFTWARE\Jumpcloud\AD Integration Sync Agent" -ErrorAction SilentlyContinue ) {
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\JumpCloud\AD Integration Sync Agent" "$tempDir\ADIntegrationSyncAgent.reg" /y
} else {
Write-Warning "No AD Sync Agent Logs exist"
Write-Warning "No AD Sync Agent Keys exist"
}
# Output DistinguishedName to a Text File
if (Get-Module -Name ActiveDirectory) {
Expand Down Expand Up @@ -242,8 +292,8 @@ function Gather-Logs {
}
end {

# Create a Log File of All Copied Files
$logFilePath = Join-Path (Get-Location) "CopiedFiles.log"
# Create a Log File of All Copied Files and include it in the ZIP
$logFilePath = Join-Path $tempDir "CopiedFiles.log"
$files | Out-File -FilePath $logFilePath -ErrorAction SilentlyContinue

# Create the Zip File
Expand All @@ -259,7 +309,6 @@ function Gather-Logs {
Write-Host "Logs have been gathered and compressed into $zipFilePath"

# Open the Folder Containing the Zip File
#explorer.exe /select, $zipFilePath
Start-Process "explorer.exe" -ArgumentList "/select,`"$zipFilepath`""

# Cleanup Temporary Directory
Expand Down Expand Up @@ -303,5 +352,4 @@ if ($automate) {
$selectedSections = $selectedIndexes | ForEach-Object { $sections[$_] } -ErrorAction SilentlyContinue
Gather-Logs -selections $selectedSections
}
}

}

0 comments on commit 41c3589

Please sign in to comment.