Computer Report IV: Time server
Posted by: Richard Siddaway
Operating System, PowerShell v2, WMI
The batch file uses
net time /querysntp
which displays the name of the Network Time Protocol (NTP) server currently configured for the local computer or the one specified in ComputerName.
Unfortunately /querysntp has been deprecated in later versions of Windows.
In a domain we normally configure client and server machines to use the domain time synchronisation hierarchy rather than an external time source (the exception to this is the PDC emulator FSMO role holder in the root domain which is the top of hierarchy and synchronises externally)
Our test then should be to see if we are using a domain time synchronisation source or external. This information is held in the registry.
We need to look in HKLM:\SYSTEM\CurrentControlSet\Services\W32Time\parameters.
The Type property tells us if we are using domain synchronisation (NT5DS) or and external server (NTP). The server( s ) are held in the NTPserver property.
We can amend our basic data function to read these registry keys
function get-basicdata{ [CmdletBinding()] param ( [string]$computer="localhost" ) BEGIN{}#begin PROCESS{ Write-Verbose "Get Operating System" $os = Get-WmiObject -Class Win32_OperatingSystem -ComputerName $computer Write-Verbose "Get Computer System" $comp = Get-WmiObject -Class Win32_ComputerSystem -ComputerName $computer Write-Verbose "Get IP Address" $ip = Test-Connection -ComputerName $computer -Count 1 Write-Verbose "Read registry entry" $HKLM = 2147483650 #HKEY_LOCAL_MACHINE $reg = [wmiclass]"\\$computer\root\default:StdRegprov" $key = "SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\rdp-tcp" $value = "MinEncryptionLevel" $minlvl = $reg.GetDwordValue($HKLM, $key, $value) ## REG_DWORD Write-Verbose "Create Object" $obj = New-Object -TypeName PSObject $obj | Add-Member -MemberType NoteProperty -Name OperatingSystem -Value $($os.Caption) -PassThru | Add-Member -MemberType NoteProperty -Name ServicePack -Value $($os.CSDVersion) -PassThru | Add-Member -MemberType NoteProperty -Name Version -Value $($os.Version) -PassThru | Add-Member -MemberType NoteProperty -Name Domain -Value $($comp.Domain) -PassThru | Add-Member -MemberType NoteProperty -Name Name -Value $($comp.Name) -PassThru | Add-Member -MemberType NoteProperty -Name IPv4Address -Value $($ip.IPV4Address.IPAddressToString) -PassThru | Add-Member -MemberType NoteProperty -Name MinEncrypt -Value $($minlvl.uValue) Write-Verbose "Read registry time entry" $key = "SYSTEM\CurrentControlSet\Services\W32Time\Parameters" $value = "Type" $type = $reg.GetStringValue($HKLM, $key, $value) ## REG_SZ $value1 = "NtpServer" $NTPserver = $reg.GetStringValue($HKLM, $key, $value1) ## REG_SZ switch ($type.svalue){ "NTP" { $obj | Add-Member -MemberType NoteProperty -Name TimeType -Value "External Server" -PassThru | Add-Member -MemberType NoteProperty -Name TimeServer -Value $($NTPServer.svalue) } "NT5DS" { $obj | Add-Member -MemberType NoteProperty -Name TimeType -Value "Domain" -PassThru | Add-Member -MemberType NoteProperty -Name TimeServer -Value "" } } $obj }#process END{}#end }
A switch statement is used to test the value of Type and the appropriate data is add to the object.
As before use
get-basicdata
to generate output to screen or something like this
get-basicdata | out-file basicdata.txt
to create an output file
Comment
RSS Feed
Email a friend
