Windows Information Collection Script

@echo off
REM---------------------------------------------
REM Host information gathering Script (Windows Edition)
REM written by Hash <[email protected]>
REM---------------------------------------------
REM version:0.3
REM last modified:2014.06.03
REM---------------------------------------------
REM Simple Windows batch file to gather system
REM information for use during a host Config
REM review, or as an aid to Incident Response.
REM all output goes into a folder which named
REM Whatever the%computername% variable is set to.
REM---------------------------------------------
REM Depends on the PsLogList tool from SysInternals
REM (now Microsoft). It ' s part of the PSTools suite
REM http://technet.microsoft.com/en-us/sysinternals/bb896649.aspx
REM---------------------------------------------
REM tested on the following platforms:
REM Server:
REM Windows 2003 SP2
REM Windows Server 2012
REM Desktop:
REM Windows 7 Professional (+ bit)
REM Windows 7 Professional (+ bit)
REM Windows XP SP3
REM Windows XP SP2
REM---------------------------------------------
REM Todo:update this to check for PowerShell
REM and use so-perform more robust
REM checks. Also needs to be updated badly
REM to utilize the newer features of IIS
REM---------------------------------------------
REM This program was free software:you can redistribute it and/or modify
REM it under the terms of the GNU general public License as published by
REM the free software Foundation, either version 3 of the License, or
REM (at your option) any later version.
Rem
REM This program was distributed in the hope that it'll be useful,
REM but without any WARRANTY; Without even the implied warranty of
REM merchantability or FITNESS for A particular PURPOSE. See the
REM GNU general public License for more details.
Rem
REM you should has received a copy of the GNU general public License
REM along with this program. If not, see REM---------------------------------------------
REM Copyright 2010-2014 Jason Ross <algorythm/at/gmail/dot/com>
REM---------------------------------------------
MD%computername%
CD%computername%

Echo =================
Echo gathering basic information
Echo =================
Echo Host Configuration Tool >> basic-info.txt
Echo Output Created on%date% at%time% >> basic-info.txt
Echo ================= >> Basic-info.txt
Echo Domain:%userdomain% >> basic-info.txt
Echo this host:%computername% >> Basic-info.txt
Echo This script running as:%USERNAME% >> basic-info.txt
Echo ================= >> Basic-info.txt
Echo Environment Variables: >> basic-info.txt
Set >> basic-info.txt
Echo ======== ========= >> basic-info.txt
Echo System info: >> basic-info.txt
SystemInfo >> basic-info.txt
Echo done!
Echo.

Echo =================
echo Detecting installed Software
Echo =================
Reg Export HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall Reg.txt
Find "DisplayName" Reg.txt |find/v "Parentdisplayname" > Tmplist.txt
for/f "tokens=2,3 delims=="%%a in (tmplist.txt) do (echo%%a >> software.txt)
Echo done!
Echo.

Echo =================
echo Detecting installed Hotfixes
Echo =================
WMIC QFE List >hotfixes.txt
Echo done!
Echo.

Echo =================
echo Creating List of registered services
Echo =================
sc query state= all >> services.txt
Echo done!
Echo.

Echo Enumerating network servers visible to this host
echo ================= > Net-view.txt
NET view >> Net-view.txt
Echo done!
Echo.

Echo =================
Echo gathering local user and group information
Echo =================
net localgroup >> localgroups.txt
NET user >> Localusers.txt
net localgroup Administrators >> localadminusers.txt
Echo done!
Echo.

Echo =================
Echo Gathering shared folder information
Echo =================
NET view/a \%computername% >> shares.txt
Echo done!
Echo.

Echo =================
echo Gathering IP Configuration
Echo =================
Ipconfig/all >> Ipconfig.txt
Echo done!
Echo.

Echo =================
echo Detecting Open ports
Echo =================
Netstat-ban >> Netstat.txt
Echo done!
Echo.

Echo =================
Echo Checking Scheduled jobs
Echo =================
At >> At.txt
Echo done!
Echo.

Echo =================
echo Checking IIS Sites
Echo =================
%windir%\system32\inetsrv\appcmd.exe List Site > iis_sites.txt
Echo done!
Echo.

Echo =================
Echo Dumping the Registry
Echo =================
Reg Export HKLM Hklm.reg
Reg Export HKCU Hkcu.reg
Reg Export HKCU Hkcr.reg
Reg Export HKCU Hku.reg
Reg Export HKCU Hkcc.reg
Echo done!
Echo.

Echo =================
echo collecting logs, this could take a bit ...
Echo =================
.. \psloglist-x System > System.log
.. \psloglist-x Security > Security.log
.. \psloglist-x Application > Application.log
Echo done!
Echo.

Echo =================
echo Cleaning up temporary files
Echo =================
Del Reg.txt Tmplist.txt
Echo done!
Echo.

Echo =================
echo Host information gathering Script finished.
Echo =================
Echo.

Windows Information Collection Script