Windows Information

Contents

Windows Information

Description

Provide information that is useful for troubleshooting common Windows issues and gaining better insight into the health of your devices.

Platforms

  • Get Windows Information: Windows 7 and 10
  • Get Startup Impact: Windows 10
  • Copy Windows Small Memory Dump Files, Get Device Boot duration, Get Gpo Startup Impact, Get Folder Size: Windows 7 and 10

License modules

  • Nexthink Act.

Compatibility

  • Nexthink V6.14 and later.

Script Copy Windows Small Memory Dump Files

  • Version 1.0.0.0 - Initial release

Script Description

During execution, script copies collected Windows small memory dump files to the network shared folder provided as an input parameter. The script is designed for Windows 10 and 7.

Execution context and suggested scheduling

Run the script manually as local system.

Parameters

ID Label Description
1 NetworkPath Absolute path to the network shared folder where memory dumps should be copied. It have to consist of fully qualified domain server name and shared folder (e.g. \\Server\SharedFolderName)
2 MaximumDelayInSeconds Maximum random delay set to avoid server overload. Provide number of seconds less than 600

Outputs

ID Label Type Description
1 NumberOfSmallDumps Int Number of copied Windows small memory dump files
2 OutputNetworkPath String Output folder created in network shared folder provided as an input parameter

Further Information

Due to the fact that script is run as local system account, this account should have write access to the provided network shared folder. Small memory dump can be enabled by setting value of registry key HKLM\SYSTEM\CurrentControlSet\Control\CrashControl\CrashDumpEnabled to 3.

Restrictions

  • The script should not be concurrently executed on many devices copying files to the same server.
  • The script collects and copies Windows memory dumps only from devices with small memory dumps creation enabled.
  • The script is designed to collect memory dumps only from default location %SystemRoot%\Minidump.

Script Get Device Boot Duration

  • Version 1.0.0.0 - Initial release

Script Description

Collects a wide range of information about device boot - total boot number, average boot time, boot times of various Windows components and most recent boot date. The script is designed for Windows 7 and 10.

Execution context and suggested scheduling

Run the script manually as local system.

Parameters

None.

Outputs

ID Label Type Description
1 LastBootDate DateTime The most recent boot date
2 OldestRecordedBoot DateTime The oldest boot date
3 NumberOfBoots Int Total number of boots
4 LastBootTime Millisecond Duration time of the most recent boot
5 LastMainPathBootTime Millisecond Duration time from Windows Logo first appearing on screen and until desktop is presented. Measured for the most recent boot
6 LastPostBootTime Millisecond Duration time from desktop showing up until system has reached 80% idle during a 10-second idle time. Measured for the most recent boot
7 LastKernelInitBootTime Millisecond Duration time of kernel boot. Measured for the most recent boot
8 LastDriverInitBootTime Millisecond Duration time of device drivers load. Measured for the most recent boot
9 LastDeviceInitBootTime Millisecond Duration time of device hardware initialization. Measured for the most recent boot
10 AverageBootTime Millisecond Average duration time of all boots
11 AverageMainPathBootTime Millisecond Average time from desktop showing up until system has reached 80% idle during a 10-second idle time
12 AveragePostBootTime Millisecond Average time from Windows Logo first appearing on screen and until desktop is presented


Script Get Folder Size

  • Version 1.0.0.0 - Initial release

Script Description

Script provides total size, total number of detected subdirectories and files in provided path.

Execution context and suggested scheduling

Run the script manually as local system.

Parameters

ID Label Description
1 InputPath Path to investigate
2 MaximumDelayInSeconds Maximum random delay set to avoid overloading server hosting virtual machines. Provide number of seconds less than 600

Outputs

ID Label Type Description
1 TotalDirectories Int Total number of directories and subdirectories in provided path
2 TotalFiles Int Total number of files in provided path
3 TotalSize Size Total size of objects in provided path

Further Information

Depending on the input path, this script can have a significant performance impact. Use on small folder structures only! Parameter 'MaximumDelayInSeconds' can be used to add random script execution delay. It should be used in virtualized environments to spread over time number of I/O requests on server hosting virtual machines. Script uses all available CPU on Windows 7 and approximately 15% CPU on Windows 10.

Restrictions

  • Path cannot be UNC.
  • Path cannot contain illegal characters.
  • Root folder c:\ (or c:) cannot be used as input path due to Finder parsing.

Script Get Gpo Startup Impact

  • Version 1.0.0.0 - Initial release

Script Description

Obtains from Windows Event Log a wide range of information about user/machine GPOs applied during user logon/device startup. The script is designed for Windows 7 and 10.

Execution context and suggested scheduling

Run the script manually as local system.

Parameters

None.

Outputs

ID Label Type Description
1 UserGpoSuccessfullyApplied Bool Status of last user GPOs applied during user logon
2 DcConnectionTime Millisecond Duration time necessary for the device to connect to Domain Controller during user logon
3 DcInformation String Domain Controller DNS name and IP used during user logon
4 TotalUserGpoAppliedTime Millisecond Duration time necessary for the device to apply all user policies
5 UserGpoCategories String List of all user GPOs categories applied on the device
6 UserTotalGpoProcessingTime Millisecond Duration time necessary for the device to connect to the domain controller, download user policies and apply them
7 ComputerGpoSuccessfullyApplied Bool Status of last computer GPOs applied during device startup
8 TotalComputerGpoAppliedTime Millisecond Duration time necessary for device to apply all computer policies
9 ComputerGpoCategories String List of all device GPOs categories applied on the device
10 ComputerTotalGpoProcessingTime Millisecond Duration time device needed to connect to the domain controller, download computer policies, apply them and run startup scripts

Further Information

Useful for troubleshooting Active Directory issues on the domain joined devices.

Script Get Startup Impact

  • Version 2.0.0.0 - Script returns UserSID instead of UserName
  • Version 1.1.0.0 - Refactoring and performance improvements
  • Version 1.0.0.0 - Initial release

Script Description

Retrieves information similar to the information in the Startup tab in Windows Task Manager.

Execution context and suggested scheduling

Run the script manually as local system.

Parameters

None.

Outputs

ID Label Type Description
1 UserSID String User SID (Security Identifier) to whom the XML file containing the stats belongs
2 LastStartUpAnalysisDate DateTime Last time the startup information was updated on the device
3 HighImpactCount Int Number of applications with a high startup impact
4 HighImpactApplications StringList Details (CPU time in ms, Disk I/O in MB) of programs with a high startup impact
5 MediumImpactCount Int Number of applications with a medium startup impact
6 MediumImpactApplications StringList Details (CPU time in ms, Disk I/O in MB) of programs with a medium startup impact
7 LowImpactCount Int Number of applications with a low startup impact
8 LowImpactApplications StringList Details (CPU time in ms, Disk I/O in MB) of programs with a low startup impact
9 NotMeasuredImpactApplications StringList Applications that were started but whose startup impacts were not measured by Windows


Script Get Windows Information

  • Version 4.0.0.0 - Major refactoring and added PowerShell version output
  • Version 3.0.0.0 - Renamed two output fields and fixed description
  • Version 2.0.0.0 - Added boot mode and secure boot status
  • Version 1.0.0.0 - Initial release

Script Description

Returns several pieces of information concerning the Windows O/S, such as the build and install date, the display language, the user accounts defined on the local computer, the PowerShell version and execution policies in place, and the status of the BitLocker Drive Encryption. It also returns the startup machine mode (BIOS, UEFI) and checks if secure boot is enabled. Useful for managing migration projects, to identify unused accounts to be deleted, to assess the policy restrictions and to assess the compliance status of the endpoints.

Execution context and suggested scheduling

Run the script manually as local system.

Parameters

ID Label Description
1 DiskDrive Volume for which the Bitlocker information should be returned (e.g. C)

Outputs

ID Label Type Description
1 WindowsBuild String Windows build name
2 WindowsInstallDate DateTime Date on which Windows has been installed
3 WindowsDisplayLanguage String Display language currently set in Windows
4 WindowsLocalAccounts StringList List of the user accounts defined on the local computer
5 PSVersion String PowerShell version (Major.Minor)
6 PSPolicyProcess String Execution policy affecting the remote actions executed by the current Windows PowerShell session. It is set within a PowerShell session via a variable
7 PSMachinePolicy String Execution policy set through the machine GPO
8 PSUserPolicy String Execution policy set through the user GPO
9 PSPolicyCurrentUser String Execution policy affecting only the current user. It is set for the current user on a machine through a registry key
10 PSPolicyLocalMachine String Execution policy affecting all users of the computer. It is set for the local machine through a registry key
11 BitLockerProtectionStatus String Indicates whether the volume and its encryption key (if any) are secured
12 BitLockerConversionStatus String The status of the encryption or decryption on the volume
13 BitLockerPercentageEncrypted Float The percentage of volume that is currently encrypted
14 BitLockerEncryptionMethod String The encryption algorithm and key size used on the volume
15 BitLockerKeyProtectors StringList Lists of protectors used to secure the volume's encryption key
16 LastReboot DateTime Date and time of last reboot. It also considers reboots performed while the device was offline (no connection between the Nexthink Collector and the Engine)
17 NumberOfDaysSinceLastReboot Int Number of days since the last time the machine was rebooted. It also considers reboots performed while the device was offline (no connection between the Nexthink Collector and the Engine)
18 StartupMode String Name of machine startup mode: 'UEFI' or 'BIOS'
19 SecureBootEnabled String Status of Secure Boot feature: 'Yes', 'No', 'Not available'

Further Information

SecureBoot functionality only available for Windows 10.