I decided to create a hosts file scanner, but I forgot that one already exists. Mine handles a few issues the current one doesn't, such as multiple hostnames on 1 line. It also has a feature where it can show disabled lines (valid lines that start with #).

I would like to add my scanner to the repository, but I'm torn on whether I should replace the existing scanner, or give mine a new name like "Hosts File 2". What do you think?

Here's my script. I'll change my PSCustomObject property names to match the existing ones if the replace option is chosen.

[CmdletBinding()]
param (
    [Switch]$ShowDisabled
)

# Read the hosts file, remove whitespace from each end, and discard empty lines.
$FileContents = (Get-Content "$env:SystemRoot\System32\drivers\etc\hosts").Trim() | Where-Object { $_ }

$Count = 0
Foreach ( $Line in $FileContents ) {

    $OriginalLine = $Line
    $Status = 'Enabled'
    $Count ++
    
    # Determine if the entire line is a comment (or disabled).
    if ( $Line.StartsWith('#') ) {

        if ( $ShowDisabled ) {

            $Status = 'Disabled'
            
            # Remove the leading #, and any whitespace.
            $Line = $Line.TrimStart('# ')

        } else {
            
            Write-Verbose "Line #$Count is a comment and ShowDisabled is not active."
            Continue

        }

    }

    # Check for a comment at the end of the line.
    $Line, $Comment = ($Line -split '#', 2).Trim()

    # Sometimes lines are just an empty comment.
    if ( -not $Line ) {
        
        Write-Verbose "Line #$Count is an empty comment."
        Continue

    }

    # Split the line (a string) into an object.
    $ParsedLine = $Line | ConvertFrom-String
    
    # ConvertFrom-String can return $null if the input can't be split, such as an empty string or a single word.
    if ( -not $ParsedLine ) {

        if ( $Status -eq 'Enabled' ) {
            
            # You should only see this if the line contains an IP address without any hostnames.
            Write-Error "Malformed line: '$OriginalLine'"

        }
        
        Write-Verbose "Line #$Count could not be split."
        Continue

    }

    # Determine if the first property is an IP address.
    Try {

        $null = [ipaddress]$ParsedLine.P1

    } Catch {

        Write-Verbose "Line #$Count does not start with an IP address."
        Continue
        
    }

    # Determine the number of properties.
    $PropertyCount = ([Array]$ParsedLine.PsObject.Properties.Name).Count

    # Output an object for each hostname.
    Foreach ( $PropertyNumber in 2..$PropertyCount ) {

        [PSCustomObject]@{
            "Hostname"   = $ParsedLine."P$PropertyNumber"
            "IP Address" = $ParsedLine.P1
            "Status"     = $Status
            "Comment"    = $Comment
        }

    }

}

At some point the scan profile was moved from Get BitLocker Information to just BitLocker Information. The ScanProfile.xml still references the old location, so it cannot find the BitLocker Information.ps file.

<FileName>C:\PowerShell-Scanners\PowerShell Scanners\Get BitLocker Information\BitLocker Information.ps1</FileName>

Needs to change to
<FileName>C:\PowerShell-Scanners\PowerShell Scanners\BitLocker Information\BitLocker Information.ps1</FileName>

I've been noticing that a lot (about 80%) of our computers do not have a last logged on user even though the scan is completing every time it runs.

So I began to do some testing on these computers that were scanning successfully but returning no data.

At first I thought that it was because of the "-newest 200" flag in the Get-EventLog cmdlet.
So I changed it to "-newest 2000" without any change in results.
Then I removed the "-newest" flag altogether to get all the events possible, but still no results.

I then moved my attention to the if statement below looking at the $LogonType variable.
This turned out to be the issue. There were no types matching "2", "10" or "11".
All we were getting were "3" and "5" types, and none of those were for the logged on user.
They were for the computer account, SYSTEM, and my remote PSSessions.

In a last-ditch effort to try and figure out a way to get some more data out of this scanner I turned to the currently logged in user.
I modified the script to check for the currently logged in user and if that was different that any of the users that were collected by the for loop above in the $UserArray variable. If there is a currently logged in user and it is not in that array then add it to the PSCustomObject to be returned with a logon type of "Current User" and the current timestamp for the last logon field.

Originally I was doing this check with a Get-CIMInstance cmdlet but it seemed to be failing for RDP and VDI users.
I then tried a few other options (WMI, owner of the explorer.exe process, etc) but they also did not work consistently.
Eventually I landed on the quser command and parsing the output of that which seems to be working well for me.

Here is my modified script:

# This script requires that Audit Logon events are enabled in Group Policy and those events are kept for the amount of history preferred

[CmdletBinding()]
param (
    [Switch]$Lowercase
)

$UserArray = New-Object System.Collections.ArrayList
# Query all logon events with id 4624 
Get-EventLog -LogName "Security" -Newest 200 -InstanceId 4624 -ErrorAction "SilentlyContinue" | ForEach-Object {
    $EventMessage = $_
    $AccountName = $EventMessage.ReplacementStrings[5]
    $LogonType = $EventMessage.ReplacementStrings[8]
    if ( $Lowercase ) {
        # Make all usernames lowercase so they group properly in Inventory
        $AccountName = $AccountName.ToLower()
    }
    # Look for events that contain local or remote logon events, while ignoring Windows service accounts
    if ( ( $LogonType -in "2", "10", "11" ) -and ( $AccountName -notmatch "^(DWM|UMFD)-\d" -and ($AccountName -ne "") ) ) {
        # Skip duplicate names
        if ( $UserArray -notcontains $AccountName ) {
            $null = $UserArray.Add($AccountName)            
            # Translate the Logon Type
            if ( $LogonType -eq "2" ) {
                $LogonTypeName = "Local"
            }
            elseif ( $LogonType -eq "10" ) {
                $LogonTypeName = "Remote"
            }
            elseif ( $LogonType -eq "11" ) {                
                $LogonTypeName = "Cached"
            }
			$time = [DateTime]$EventMessage.TimeGenerated.ToString("yyyy-MM-dd HH:mm:ss")
            # Build an object containing the Username, Logon Type, and Last Logon time
            [PSCustomObject]@{
                Username  = $AccountName
                LogonType = $LogonTypeName
                LastLogon = $time
            }
        }
    }    
}
# Get the current logged in user in case nothing is returned by the above
#$userName = (Get-CimInstance -ClassName Win32_ComputerSystem | Select-Object -ExpandProperty UserName).Split('\')[1]
$queryUser = quser
$userName = $null
if ($queryUser) {
    $userName = $queryUser -match ' (\S+)\s+\d+ '
    if ($matches) {
        $userName = $matches[1]
    }
}
# Return if no username found via quser
if ( $null -eq $userName ) {
	return
}
$userName = $userName.Substring(1)
$userName = $userName.Split(" ")[0]
if ( $Lowercase ) {
    # Make all usernames lowercase so they group properly in Inventory
    $userName = $userName.ToLower()
}
if ($null -ne $userName -and $UserArray -notcontains $userName) {
    [PSCustomObject]@{
        Username  = $userName
        LogonType = "Current User"
        LastLogon = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
    }
}

When a client (Windows 10 and Server 2016) has no available updates, the scanner ends with the error: Cannot bind argument to parameter 'Command' because it is null.
At line:38 char:72

This can be solved by checking if $_.Size is empty or not, directly after the ForEach-Object step. If it's empty, it will be set to $null. If it has a value, it wil we converted to Uint64.

`$GWU | ForEach-Object {

If ($_.Size) {
	# Convert to bytes so it will display properly in Inventory
	$Size = [UInt64](Invoke-Expression $_.Size)
}
Else {
	$Size = $null
}`

When no mapped drives are found, the result from the previous scan where mapped were found is retained in PDQ Inventory.
When I create a mapped drive and run the scan, the result is overwritten.
When I delete the mapping, the result with the deleted mapped drive is retained.

It has been reported that the Hosts File scanner does not update data in Inventory if the Hosts file is blank. Testing will need to be done to verify, if confirmed scanner will need to be modified to account for empty Hosts files.

https://github.com/pdq/PowerShell-Scanners/tree/master/PowerShell%20Scanners/Hosts%20File

In testing I have found that this works amazingly well, thought I must confess, I would like to see a filter to only search plugins for a %username% if run as the logged in user. (Not the whole history of users I mean)
If this is already a thing, I apologize.

There is a typo in TLSv1.1 Path variable (line 121 + 125), in Cipher suite detection script.
The path is set with $TLSv1_1ServerEnabled.
Change it to $TLSv1_1Server and it works.

Actually. Referring to Cipher suite detection is wrong.
This script detects Transport Layer protocol.

Collecting cipher suites can be done with a very simple one liner;
(Get-TlsCipherSuite).Name

https://help.pdq.com/hc/en-us/community/posts/360077508291

Windows 7 does not appear to have this property. However, there's a .NET method that allows you to look up the SID of a username. I will submit a PR shortly.

Observed on Server 2016. The registry value "Enabled" does not exist under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client, causing the script to return an error. Instead, the value under this key is "DisabledByDefault"

Returning size in Bytes is good for reporting, but hard to do a quick glance and parse. Should output size in bytes, as well as a friendlier size.

Add switch to allow scanner to work with WSUS

This scanner name (User AD Groups) does not match the name of the scan profile (User Group Info).
When doing a git pull and comparing what was added, it makes it easier to compare when the scanner and scan profile names are the same.

This was done in the past with #30

I believe the Shared Script is missing " -ErrorAction Stop" in the Try portion.

It should read
Try {

$null = Get-InstalledModule $ModuleName -ErrorAction Stop

} Catch {

This will kill the action, triggering the catch statement. Without it, the script skips the catch step and moves on to attempting to import a missing module.

When there are no mapped drives found, PDQ Inventory isn't updated and the values of the previous scan will remain visible.

This scanner name (Get Bitlocker Information) does not match the name of the scan profile (Bitlocker Information).
When doing a git pull and comparing what was added, it makes it easier to compare when the scanner and scan profile names are the same.

Possibly update https://github.com/pdq/PowerShell-Scanners/blob/master/Policies/Contributing.md to reflect this?

Edit: I realize now it says minimum version 19, and we're on 18.2.12.0. When creating a new scanner, I don't see Script as an option. Perhaps that was introduced into 19?

I checked the .xml file, and adjusted the path. When importing, it throws an exception.

Unknown ScannerType type: PowerShell
System.InvalidOperationException
HResult: 0x80131509 Code:5385 Facility:19 Warning
------- INNER EXCEPTIONS -------
Unknown ScannerType type: PowerShell
System.InvalidOperationException
HResult: 0x80131509 Code:5385 Facility:19 Warning
at AdminArsenal.PDQInventory.ScannerTypeManager.Get(String typeName)
at AdminArsenal.PDQInventory.Scanner.Import(Transfer input)
at System.Linq.Enumerable.WhereSelectListIterator2.MoveNext() at System.Collections.Generic.List1..ctor(IEnumerable1 collection) at System.Linq.Enumerable.ToList[TSource](IEnumerable1 source)
at AdminArsenal.Containers.NotifyList1.ResetWith(IEnumerable1 items)
at AdminArsenal.PDQInventory.ScanProfile..ctor(Transfer input)
at AdminArsenal.PDQInventory.Importer.ImportScanProfile(Transfer input, List1 result) at AdminArsenal.PDQInventory.Importer.Import(TransferMap transfer, IEnumerable1 objectTypes, Object parent, Object context)
at AdminArsenal.PDQInventory.Importer.Import(XElement element, IEnumerable1 objectTypes, Object parent, Object context) at AdminArsenal.PDQInventory.ImporterServer.<>c__DisplayClass6_0.<BeginImportInternal>b__0(ProtocolTaskContext task) at AdminArsenal.Protocol.ProtocolTask1.<.ctor>b__0_0(ProtocolTaskContext cancel)
at AdminArsenal.Protocol.ProtocolTask.Execute()
at System.Threading.Tasks.Task.Execute()
------- OUTER EXCEPTION -------
Unknown ScannerType type: PowerShell
System.InvalidOperationException
HResult: 0x80131509 Code:5385 Facility:19 Warning
at AdminArsenal.ExceptionExtensions.Rethrow(Exception ex)
at AdminArsenal.Protocol.ProtocolError.Throw()
at System.Threading.Tasks.Task.Execute()
------- OUTER EXCEPTION -------
One or more errors occurred.
System.AggregateException
System.Object:
at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
at System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken)
at AdminArsenal.Protocol.ProtocolTask.Wait()
at AdminArsenal.Protocol.ProtocolTask1.get_Result() at AdminArsenal.PDQInventory.ImporterProtocol.Import(IEnumerable1 fileNames, Object parent, Object context, String[] objectTypes)
at AdminArsenal.PDQInventory.Scanners.ScanProfilesWindow.Import_Executed(Object sender, ExecutedRoutedEventArgs e)
at System.Windows.Input.CommandBinding.OnExecuted(Object sender, ExecutedRoutedEventArgs e)
at System.Windows.Input.CommandManager.ExecuteCommandBinding(Object sender, ExecutedRoutedEventArgs e, CommandBinding commandBinding)
at System.Windows.Input.CommandManager.FindCommandBinding(CommandBindingCollection commandBindings, Object sender, RoutedEventArgs e, ICommand command, Boolean execute)
at System.Windows.Input.CommandManager.FindCommandBinding(Object sender, RoutedEventArgs e, ICommand command, Boolean execute)
at System.Windows.Input.CommandManager.OnExecuted(Object sender, ExecutedRoutedEventArgs e)
at System.Windows.RoutedEventArgs.InvokeHandler(Delegate handler, Object target)
at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs routedEventArgs)
at System.Windows.EventRoute.InvokeHandlersImpl(Object source, RoutedEventArgs args, Boolean reRaised)
at System.Windows.UIElement.RaiseEventImpl(DependencyObject sender, RoutedEventArgs args)
at System.Windows.Input.RoutedCommand.ExecuteImpl(Object parameter, IInputElement target, Boolean userInitiated)
at MS.Internal.Commands.CommandHelpers.CriticalExecuteCommandSource(ICommandSource commandSource, Boolean userInitiated)
at System.Windows.Controls.Primitives.ButtonBase.OnClick()
at System.Windows.Controls.Button.OnClick()
at System.Windows.Controls.Primitives.ButtonBase.OnMouseLeftButtonUp(MouseButtonEventArgs e)
at System.Windows.RoutedEventArgs.InvokeHandler(Delegate handler, Object target)
at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs routedEventArgs)
at System.Windows.EventRoute.InvokeHandlersImpl(Object source, RoutedEventArgs args, Boolean reRaised)
at System.Windows.UIElement.ReRaiseEventAs(DependencyObject sender, RoutedEventArgs args, RoutedEvent newEvent)
at System.Windows.UIElement.OnMouseUpThunk(Object sender, MouseButtonEventArgs e)
at System.Windows.RoutedEventArgs.InvokeHandler(Delegate handler, Object target)
at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs routedEventArgs)
at System.Windows.EventRoute.InvokeHandlersImpl(Object source, RoutedEventArgs args, Boolean reRaised)
at System.Windows.UIElement.RaiseEventImpl(DependencyObject sender, RoutedEventArgs args)
at System.Windows.UIElement.RaiseTrustedEvent(RoutedEventArgs args)
at System.Windows.Input.InputManager.ProcessStagingArea()
at System.Windows.Input.InputManager.ProcessInput(InputEventArgs input)
at System.Windows.Input.InputProviderSite.ReportInput(InputReport inputReport)
at System.Windows.Interop.HwndMouseInputProvider.ReportInput(IntPtr hwnd, InputMode mode, Int32 timestamp, RawMouseActions actions, Int32 x, Int32 y, Int32 wheel)
at System.Windows.Interop.HwndMouseInputProvider.FilterMessage(IntPtr hwnd, WindowMessage msg, IntPtr wParam, IntPtr lParam, Boolean& handled)
at System.Windows.Interop.HwndSource.InputFilterMessage(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)
at MS.Win32.HwndWrapper.WndProc(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(Object o)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Int32 numArgs)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object source, Delegate callback, Object args, Int32 numArgs, Delegate catchHandler)

This scanner keeps failing with "attempting to divide by 0". It would be nice to either throw a string that says the battery is bad or at least have 0 as the value

This one's weird because the scanner works fine on most of the 2012 R2 machines we have in the PDQ.com lab. Only a few of them throw Method invocation failed because [System.Web.Script.Serialization.JavaScriptSerializer] does not contain a method named 'New'. I haven't been able to find the difference between the broken and working machines yet.

This has been seen in the wild too: #23 (comment)

Am I doing something wrong?

Thanks

AppDomain : PDQInventoryConsole.exe
CLR Version : 4.0.30319.42000
Comments :
Current AppDomain : PDQInventoryConsole.exe
Database : C:\ProgramData\Admin Arsenal\PDQ Inventory\Database.db
Date : 2020-04-27T21:32:46.5423359Z
Email : ___________
Entry : C:\Program Files (x86)\Admin Arsenal\PDQ Inventory\PDQInventoryConsole.exe
Error : One or more errors occurred.
Error Type : System.InvalidOperationException
License Mode : Enterprise Mode
Manufacturer : Dell Inc. (Precision Tower 3620)
Memory : 16 GB (9 GB free)
PID : 9816
Process : PDQInventoryConsole
Product : PDQ Inventory
SentryEnabled : True
Service Mode : Local
Subject : One or more errors occurred.
System.Object :
Version : 18.4.0.0
Windows : Microsoft Windows 10 Pro (10.0.18363)

Unknown ScannerType type: PowerShell
System.InvalidOperationException
HResult: 0x80131509 Code:5385 Facility:19 Warning
------- INNER EXCEPTIONS -------
Unknown ScannerType type: PowerShell
System.InvalidOperationException
HResult: 0x80131509 Code:5385 Facility:19 Warning
at AdminArsenal.PDQInventory.ScannerTypeManager.Get(String typeName)
at AdminArsenal.PDQInventory.Scanner.Import(Transfer input)
at System.Linq.Enumerable.WhereSelectListIterator2.MoveNext() at System.Collections.Generic.List1..ctor(IEnumerable1 collection) at System.Linq.Enumerable.ToList[TSource](IEnumerable1 source)
at AdminArsenal.Containers.NotifyList1.ResetWith(IEnumerable1 items)
at AdminArsenal.PDQInventory.ScanProfile..ctor(Transfer input)
at AdminArsenal.PDQInventory.Importer.ImportScanProfile(Transfer input, List1 result) at AdminArsenal.PDQInventory.Importer.Import(TransferMap transfer, IEnumerable1 objectTypes, Object parent, Object context)
at AdminArsenal.PDQInventory.Importer.Import(XElement element, IEnumerable1 objectTypes, Object parent, Object context) at AdminArsenal.PDQInventory.ImporterServer.<>c__DisplayClass6_0.<BeginImportInternal>b__0(ProtocolTaskContext task) at AdminArsenal.Protocol.ProtocolTask1.<.ctor>b__0_0(ProtocolTaskContext cancel)
at AdminArsenal.Protocol.ProtocolTask.Execute()
at System.Threading.Tasks.Task.Execute()
------- OUTER EXCEPTION -------
Unknown ScannerType type: PowerShell
System.InvalidOperationException
HResult: 0x80131509 Code:5385 Facility:19 Warning
at AdminArsenal.ExceptionExtensions.Rethrow(Exception ex)
at AdminArsenal.Protocol.ProtocolError.Throw()
at System.Threading.Tasks.Task.Execute()
------- OUTER EXCEPTION -------
One or more errors occurred.
System.AggregateException
System.Object:
at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
at System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken)
at AdminArsenal.Protocol.ProtocolTask.Wait()
at AdminArsenal.Protocol.ProtocolTask1.get_Result() at AdminArsenal.PDQInventory.ImporterProtocol.Import(IEnumerable1 fileNames, Object parent, Object context, String[] objectTypes)
at AdminArsenal.PDQInventory.Scanners.ScanProfilesWindow.Import_Executed(Object sender, ExecutedRoutedEventArgs e)
at System.Windows.Input.CommandBinding.OnExecuted(Object sender, ExecutedRoutedEventArgs e)
at System.Windows.Input.CommandManager.ExecuteCommandBinding(Object sender, ExecutedRoutedEventArgs e, CommandBinding commandBinding)
at System.Windows.Input.CommandManager.FindCommandBinding(CommandBindingCollection commandBindings, Object sender, RoutedEventArgs e, ICommand command, Boolean execute)
at System.Windows.Input.CommandManager.FindCommandBinding(Object sender, RoutedEventArgs e, ICommand command, Boolean execute)
at System.Windows.Input.CommandManager.OnExecuted(Object sender, ExecutedRoutedEventArgs e)
at System.Windows.RoutedEventArgs.InvokeHandler(Delegate handler, Object target)
at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs routedEventArgs)
at System.Windows.EventRoute.InvokeHandlersImpl(Object source, RoutedEventArgs args, Boolean reRaised)
at System.Windows.UIElement.RaiseEventImpl(DependencyObject sender, RoutedEventArgs args)
at System.Windows.Input.RoutedCommand.ExecuteImpl(Object parameter, IInputElement target, Boolean userInitiated)
at MS.Internal.Commands.CommandHelpers.CriticalExecuteCommandSource(ICommandSource commandSource, Boolean userInitiated)
at System.Windows.Controls.Primitives.ButtonBase.OnClick()
at System.Windows.Controls.Button.OnClick()
at System.Windows.Controls.Primitives.ButtonBase.OnMouseLeftButtonUp(MouseButtonEventArgs e)
at System.Windows.RoutedEventArgs.InvokeHandler(Delegate handler, Object target)
at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs routedEventArgs)
at System.Windows.EventRoute.InvokeHandlersImpl(Object source, RoutedEventArgs args, Boolean reRaised)
at System.Windows.UIElement.ReRaiseEventAs(DependencyObject sender, RoutedEventArgs args, RoutedEvent newEvent)
at System.Windows.UIElement.OnMouseUpThunk(Object sender, MouseButtonEventArgs e)
at System.Windows.RoutedEventArgs.InvokeHandler(Delegate handler, Object target)
at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs routedEventArgs)
at System.Windows.EventRoute.InvokeHandlersImpl(Object source, RoutedEventArgs args, Boolean reRaised)
at System.Windows.UIElement.RaiseEventImpl(DependencyObject sender, RoutedEventArgs args)
at System.Windows.UIElement.RaiseTrustedEvent(RoutedEventArgs args)
at System.Windows.Input.InputManager.ProcessStagingArea()
at System.Windows.Input.InputManager.ProcessInput(InputEventArgs input)
at System.Windows.Input.InputProviderSite.ReportInput(InputReport inputReport)
at System.Windows.Interop.HwndMouseInputProvider.ReportInput(IntPtr hwnd, InputMode mode, Int32 timestamp, RawMouseActions actions, Int32 x, Int32 y, Int32 wheel)
at System.Windows.Interop.HwndMouseInputProvider.FilterMessage(IntPtr hwnd, WindowMessage msg, IntPtr wParam, IntPtr lParam, Boolean& handled)
at System.Windows.Interop.HwndSource.InputFilterMessage(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)
at MS.Win32.HwndWrapper.WndProc(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(Object o)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Int32 numArgs)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object source, Delegate callback, Object args, Int32 numArgs, Delegate catchHandler)

Was able to get some scan results off of a system, but an error returned:

VERBOSE: Found --- C:\Users\aw***\AppData\Local\Google\Chrome\User Data\Default\Preferences
ERROR: Cannot convert the JSON string because a dictionary that was converted from the string contains the duplicated keys 'www.cdwg.com/accountcenter/LogOn' and 'www.cdwg.com/accountcenter/logon'.
At line:37 char:55

• $PreferencesJson = Get-Content $PreferencesFile | ConvertFrom-Json
  

VERBOSE: Found --- C:\Users\ef***\AppData\Local\Google\Chrome\User Data\Default\Preferences

Not able to pull results on 20H2 systems it appears. No error being returned from scan attempt, scan result fails to store within PDQ

This scanner name (RDP Last Logoff) does not match the name of the scan profile (Last Log off).
When doing a git pull and comparing what was added, it makes it easier to compare when the scanner and scan profile names are the same.

This was done in the past with #30

I receive an error "cannot index into null array" for some machines. These machines have an $account.LastLoggedOnUserSID of S-1-5-21-####-####-####-500

I get the error Cannot index into a null array. on line 13, which is $groups = $ds.FindOne().Properties['memberof']

I think that we need to only access the 'MemberOf' property only if $ds.findone() has results.

https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/security-identifiers-in-windows

Evan reached out and reports:

I noticed that the rules applied via Group Policy were not showing.

Lines 25 and 29 need to be changed to include Group Policy applied rules:

Line 25:
Get-NetFirewallRule -PolicyStore ActiveStore -PolicyStoreSourceType GroupPolicy,Local -Enabled True | Select-Object $Properties

Line 29:
Get-NetFirewallRule -PolicyStore ActiveStore -PolicyStoreSourceType GroupPolicy,Local | Select-Object $Properties

Changing it to that will include GP rules and Local rules.

Hi, I have a problem with scanners, none of them want to work. I get the following message every time.

[14.04.2023 11:35:11] ERROR: The term '.\PSB40504B14A2356402B1BECCA5D62E278A245DFD1DB6EDA32F2317F9776F85EB0.ps1' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:19 I imported the scan according to the instructions

Scans are added according to the instructions, a screenshot of the scan settings is attached

I've deployed this scanner in our test environment which includes a WSUS server and endpoints setup to use WSUS for updates. It doesn’t appear that the scanner is taking WSUS into account. The results it’s return includes updates which are not approved in WSUS. Such as the VMware Display driver in the screenshot. I've setup the scanner with the -wsus parameter in place (see screenshot).

Hi,

i currently try the Dell BIOS Information Scanner.
If i run the script manually direct on the system:

There is a WakeOnLan

But in PDQ there is not WakeOnLan? Why?

Powershell code:

#Requires -Modules BitLocker
Get-BitLockerVolume

Output:

Return code: -37104

WARNING: The names of some imported commands from the module 'BitLocker' include unapproved verbs that might make them 
less discoverable. To find the commands with unapproved verbs, run the Import-Module command again with the Verbose 
parameter. For a list of approved verbs, type Get-Verb.
Get-BitLockerVolumeInternal : Device Id: \\?\Volume{06f17754-e9fb-448c-9d61-46b2169b00e7}\ does not have a 
corresponding volume.
At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psm1:697 char:89
+ ... iveLetter) {Get-BitLockerVolumeInternal -MountPoint $_.DriveLetter} e ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], COMException
    + FullyQualifiedErrorId : System.Runtime.InteropServices.COMException,Get-BitLockerVolumeInternal

PDQ Inventory version 19.3.254.0 in Enterprise Mode. Target machines are all Windows 10 x64 Education 2004 and 20H2.

Weird thing is, same image, and other computers are scanning just fine. The Device ID part is the same for 70 computers, while it works fine for the other 30.

Get-ItemProperty needs changed to Get-ItemPropertyValue in some lines to fix error in running the script.

I'm looking into getting this one pushed out and i was getting a "not recognized" cmdlet from it.

When looking up Get-WULastInstallationDate it shows the source as WindowsUpdateProvider not PSWindowsUpdate.

Can anyone else confirm this?

PSWindowsUpdate on PowerShell Gallery doesn't show Get-WULastInstallationDate as one of the cmdlets.

Looking at what PSWindowsUpdate has to offer:

& '.\Install and Import Module.ps1' -ModuleName "PSWindowsUpdate"

$Results = Get-WULastResults
$RebootStatus = Get-WURebootStatus -Silent

[PSCustomObject]@{
    LastInstallationDate = [DateTime]($results.LastInstallationSuccessDate)
    LastScanSuccessDate  = [DateTime]($results.LastSearchSuccessDate)
    IsPendingReboot      = [Bool]($RebootStatus.RebootRequired)
}

Had a customer report that the scanner wasn't working.

Upon further research Sid and I found that my laptop would not return anything, but the lap computers would.
Digging deeper, we found that the logon type 11 (cached logon) was not filtered out.

Where I am not on the physical network, by logons will almost always be cached logons.
LogonType 11 should be accounted for with the scanner.

Attached proposed fix
UserLastLoggedOn(Fixed).txt