SysAudit — Windows Security Audit Tool
I’ve been meaning to built a lightweight tool for offline audits of Windows systems for a while now. It’s a challenge doing manual checks on systems where there is little to no connectivity.
Normal audit and asset inventory tools usually work over the network. Also they require extra configurations to work which is an issue in environments where unnecessary config changes aren’t possible/desirable. There doesn’t even seem to be many commercial tools out there that can do this. There is a nice open source tool called SYDI but it’s a little dated now. Plus I’m better with Powershell than VBscript. In this case the best option was the simple approach, use the in built Windows tools and scripts and generate the report for later analysis. Nothing too fancy, just quick, functional, agile and easy to work with.
This is where SysAudit comes in.
It’s built using standard Powershell cmdlets and also leverages some other Windows tools. It has been compiled as an .exe so you don’t even need to mess around with Powershell. No installation or configuration needed, run it from a USB stick and after a few minutes, you’ll have an HTML report containing the audit information plus other useful configuration files and logs. It does require an administrator account since it exports various system configs so bear this in mind.
- Load it up on a USB stick or have it available over a file share
2. Run the SysAudit.exe executable
3. Analyze the data later
It’s available on GitHub at https://github.com/chrisrpetrie/SysAudit
Hopefully it is useful to someone!
