Windows Server Audit PS Befehle - IT-Troubleshooting.DE

Kurze Info	Befehl (Direkt)	Befehl (Export)	Beschreibung
Installierte Features und Rollen	`Get-WindowsFeature	Where-Object { $_.Installed -eq $true }`	`Get-WindowsFeature
Systeminformationen (CMD)	systeminfo	systeminfo > C:\Audit\SystemInfo.txt	Erfasst umfangreiche Systeminformationen (OS-Version, Patches, Hardware etc.) direkt in der Konsole oder in einer Textdatei.
Event-Log Übersicht	Get-EventLog -LogName System -Newest 100	`Get-EventLog -LogName System -Newest 1000	Export-Csv -Path „C:\Audit\SystemLog.csv“ -NoTypeInformation`
Netzwerkkonfiguration	Get-NetIPConfiguration	`Get-NetIPConfiguration	Export-Csv -Path „C:\Audit\NetIPConfig.csv“ -NoTypeInformation`
Aktive Netzwerkverbindungen (CMD)	netstat -an	netstat -an > C:\Audit\Netstat.txt	Zeigt alle aktiven Netzwerkverbindungen (Ports, IP-Adressen) an – für eine schnelle Überprüfung oder für die weitere Analyse.
CPU-Informationen	Get-CimInstance -ClassName Win32_Processor	`Get-CimInstance -ClassName Win32_Processor	Export-Csv -Path „C:\Audit\CPUInfo.csv“ -NoTypeInformation`
Volume-Informationen	Get-Volume	`Get-Volume	Export-Csv -Path „C:\Audit\Volumes.csv“ -NoTypeInformation`
Active Directory Domain Services (AD DS)	Get-WindowsFeature AD-Domain-Services	`Get-WindowsFeature AD-Domain-Services	Export-Csv -Path „C:\Audit\AD_DomainServices.csv“ -NoTypeInformation`
Active Directory Certificate Services (AD CS – CA)	Get-WindowsFeature ADCS-Cert-Authority	`Get-WindowsFeature ADCS-Cert-Authority	Export-Csv -Path „C:\Audit\AD_CS_CertAuthority.csv“ -NoTypeInformation`
Active Directory Federation Services (AD FS)	Get-WindowsFeature ADFS-Federation	`Get-WindowsFeature ADFS-Federation	Export-Csv -Path „C:\Audit\ADFS.csv“ -NoTypeInformation`
Active Directory Lightweight Directory Services (AD LDS)	Get-WindowsFeature ADLDS	`Get-WindowsFeature ADLDS	Export-Csv -Path „C:\Audit\ADLDS.csv“ -NoTypeInformation`
DHCP Server	Get-WindowsFeature DHCP	`Get-WindowsFeature DHCP	Export-Csv -Path „C:\Audit\DHCP.csv“ -NoTypeInformation`
DNS Server	Get-WindowsFeature DNS	`Get-WindowsFeature DNS	Export-Csv -Path „C:\Audit\DNS.csv“ -NoTypeInformation`
File and Storage Services (File Server)	Get-WindowsFeature FS-FileServer	`Get-WindowsFeature FS-FileServer	Export-Csv -Path „C:\Audit\FileServer.csv“ -NoTypeInformation`
Hyper-V (Virtualisierung)	Get-WindowsFeature Hyper-V	`Get-WindowsFeature Hyper-V	Export-Csv -Path „C:\Audit\HyperV.csv“ -NoTypeInformation`
Print Services	Get-WindowsFeature Print-Services	`Get-WindowsFeature Print-Services	Export-Csv -Path „C:\Audit\PrintServices.csv“ -NoTypeInformation`
Remote Desktop Services (RDS – Session Host)	Get-WindowsFeature RDS-RD-Server	`Get-WindowsFeature RDS-RD-Server	Export-Csv -Path „C:\Audit\RDS_RDServer.csv“ -NoTypeInformation`
Terminal Services – aktive Sitzungen (CMD)	qwinsta	qwinsta > C:\Audit\TS_Sessions.txt	Listet alle aktiven Remote Desktop/Terminal Services Sitzungen im Konsolenfenster bzw. speichert diese in einer Textdatei.
Remote Desktop Services – Benutzer-Sessions (PowerShell)	Get-RDUserSession (bei installiertem RemoteDesktop-Modul)	`Get-RDUserSession	Export-Csv -Path „C:\Audit\RDS_UserSessions.csv“ -NoTypeInformation`
Windows Deployment Services (WDS)	Get-WindowsFeature WDS	Zwei Varianten: `Get-WindowsFeature WDS	Export-Csv -Path „C:\Audit\WDS.csv“ -NoTypeInformation<br>WDSUTIL /get-server /show:All > C:\Audit\WDS_Config.txt`
Windows Server Update Services (WSUS)	Get-WindowsFeature UpdateServices	`Get-WindowsFeature UpdateServices	Export-Csv -Path „C:\Audit\WSUS.csv“ -NoTypeInformation`
Web Server (IIS)	Get-WindowsFeature Web-Server	Zwei Varianten: `Get-WindowsFeature Web-Server	Export-Csv -Path „C:\Audit\IIS.csv“ -NoTypeInformation<br>appcmd list sites > C:\Audit\IIS_Sites.txt`
Network Policy and Access Services (NPAS)	Get-WindowsFeature NPAS	`Get-WindowsFeature NPAS	Export-Csv -Path „C:\Audit\NPAS.csv“ -NoTypeInformation`
Failover Cluster Services (optional)	Get-Cluster (bei entsprechender Umgebung)	`Get-Cluster	Export-Csv -Path „C:\Audit\ClusterInfo.csv“ -NoTypeInformation<br>Get-ClusterNode