PowerShell - Extract All SRW/TK/TDA Logs and Windows System Info

PowerShell - Extract All Logs and System Info

Written by Ines

Last published at: September 23rd, 2024


Script Events  
 

  1. Check if SRW, ThinKiosk, or TDA paths are available
  2. Once SRW, ThinKiosk, or TDA is detected, gather all files with .log and .log_old extensions
  3. Create a new Folder on the user's desktop named "TS Logs".
  4. Query the system for the following info: OS, Net framework, CPU, Windows Events (Application and System) and save them in the TS Logs as .csv files
  5. Copy the .log files from the SRW, TDA, or ThinKiosk install directories to the TS Logs directory
  6. Compress the folder into an archive named Logs_<computername>.zip on the desktop
  7. Remove the TS Logs folder.


 

 

 


 

 

 

 

 

Click to Zoom

Script

Note!

This script requires Powershell 7 to be run!

 

 

 

# Specify the folder path and file path for the transcript
$folderPath = "C:\TST_Logs\Script"
$transcriptPath = "$folderPath\Transcript.txt"

# Create the folder if it doesn't exist 
if (-not (Test-Path -Path $folderPath)) {
    New-Item -Path $folderPath -ItemType Directory -Force
}

# Start the transcript
Start-Transcript -Path $transcriptPath


# Check if PowerShell 7 is installed
$installed = Get-WmiObject -Class Win32_Product | Where-Object { $_.Name -like 'PowerShell 7*' }

if ($null -eq $installed) {
    Write-Host "PowerShell 7 installation not detected. Please install the latest PowerShell 7 version to run this script." -ForegroundColor Red
    exit
} else {
    Write-Host "PowerShell 7 installation detected. Version: $($installed.Version)" -ForegroundColor Green
}



$processName = (Get-Process -Id $PID).Name

if ($processName -eq "pwsh") {
    Write-Host "Running in pwsh.exe (PowerShell Core). Proceeding..." -ForegroundColor DarkGreen
} elseif ($processName -eq "powershell_ISE" -or $processName -eq "powershell") {
    Write-Host "Running in powershell.exe or powershell_ISE.exe (Windows PowerShell)." -ForegroundColor Red
    Write-Host "This script must be run in pwsh.exe (PowerShell Core). Switching to pwsh..." -ForegroundColor DarkGray


        $file = $psise.CurrentFile.FullPath
        Write-Host "Starting pwsh.exe..." -ForegroundColor Yellow
            Start-Process pwsh -ArgumentList '-File', $file -Wait 
           
            Exit
    
}

# Parameters
$folderSRW = 'C:\Program Files (x86)\SRW'
$folderTK = 'C:\Program Files (x86)\ThinKiosk'
$folderTDA = 'C:\ProgramData\TDA\Logs'
$destination = "$env:HOMEPATH\Desktop\TSLogs"

# Start script
Write-Host "Collecting data..." -ForegroundColor Cyan

# SRW section
$testSRWp = Test-Path $folderSRW
if (-not $testSRWp) {
    Write-Host "SRW: False" -ForegroundColor DarkGray
} else {
    Write-Host "SRW: True" -ForegroundColor DarkGreen
    $LogsAll = Get-ChildItem $folderSRW
    $Logs = $LogsAll | Where-Object { $_.Name -like "*.log" -or $_.Name -like "*.log_old" }

    if (-not (Test-Path $destination)) {
       $newFolder = New-Item -Path "$env:HOMEPATH\Desktop" -Name TSLogs -ItemType Directory -Force -Confirm:$False
    }

    $OS = Get-CimInstance -ClassName Win32_OperatingSystem
    $NET = Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\*" | Select-Object Version, Release
    $CPU = Get-CimInstance -ClassName Win32_Processor
    $Date = (Get-Date).AddDays(-3)
   
    $AppEvents = Get-EventLog -LogName Application -After $Date -EntryType Error, Warning | Select-Object TimeWritten, Source, MachineName, EntryType, Message
    $SysEvents = Get-EventLog -LogName System -After $Date -EntryType Error, Warning | Select-Object TimeWritten, Source, MachineName, EntryType, Message
    
    $OS | Out-File "$destination\PCdetails.txt"
    $NET | Format-List | Out-File "$destination\NETframework.txt"
    $CPU | Format-List | Out-File "$destination\CPU.txt"
    
    $AppEvents | Export-Csv "$destination\AppEvents.csv" -NoTypeInformation
    $SysEvents | Export-Csv "$destination\SysEvents.csv" -NoTypeInformation
    
    Copy-Item -Path $Logs.FullName -Destination $destination -Force -Confirm:$False
}

# TK section
$testTKp = Test-Path $folderTK
if (-not $testTKp) {
    Write-Host "TK: False" -ForegroundColor DarkGray
} else {
    Write-Host "TK: True" -ForegroundColor DarkGreen
    $LogsAll = Get-ChildItem $folderTK
    $Logs = $LogsAll | Where-Object { $_.Name -like "*.log" -or $_.Name -like "*.log_old" }

    if (-not (Test-Path $destination)) {
         $newFolder = New-Item -Path "$env:HOMEPATH\Desktop" -Name TSLogs -ItemType Directory -Force -Confirm:$False
    }

    $OS = Get-CimInstance -ClassName Win32_OperatingSystem
    $NET = Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\*" | Select-Object Version, Release
    $CPU = Get-CimInstance -ClassName Win32_Processor
    $Date = (Get-Date).AddDays(-3)
   
    $AppEvents = Get-EventLog -LogName Application -After $Date -EntryType Error, Warning | Select-Object TimeWritten, Source, MachineName, EntryType, Message
    $SysEvents = Get-EventLog -LogName System -After $Date -EntryType Error, Warning | Select-Object TimeWritten, Source, MachineName, EntryType, Message
    
    $OS | Out-File "$destination\PCdetails.txt"
    $NET | Format-List | Out-File "$destination\NETframework.txt"
    $CPU | Format-List | Out-File "$destination\CPU.txt"
    
    $AppEvents | Export-Csv "$destination\AppEvents.csv" -NoTypeInformation
    $SysEvents | Export-Csv "$destination\SysEvents.csv" -NoTypeInformation
    
    Copy-Item -Path $Logs.FullName -Destination $destination -Force -Confirm:$False
}

# TDA section
$testTDAp = Test-Path $folderTDA
if (-not $testTDAp) {
    Write-Host "TDA: False" -ForegroundColor DarkGray
} else {
    Write-Host "TDA: True" -ForegroundColor DarkGreen
    $LogsAll = Get-ChildItem $folderTDA
    $Logs = $LogsAll | Where-Object { $_.Name -like "*.log" -or $_.Name -like "*.log_old" }

    if (-not (Test-Path $destination)) {
         $newFolder = New-Item -Path "$env:HOMEPATH\Desktop" -Name TSLogs -ItemType Directory -Force -Confirm:$False
    }

    $OS = Get-CimInstance -ClassName Win32_OperatingSystem
    $NET = Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\*" | Select-Object Version, Release
    $CPU = Get-CimInstance -ClassName Win32_Processor
    $Date = (Get-Date).AddDays(-3)
   
    $AppEvents = Get-EventLog -LogName Application -After $Date -EntryType Error, Warning | Select-Object TimeWritten, Source, MachineName, EntryType, Message
    $SysEvents = Get-EventLog -LogName System -After $Date -EntryType Error, Warning | Select-Object TimeWritten, Source, MachineName, EntryType, Message
    
    $OS | Out-File "$destination\PCdetails.txt"
    $NET | Format-List | Out-File "$destination\NETframework.txt"
    $CPU | Format-List | Out-File "$destination\CPU.txt"
    
    $AppEvents | Export-Csv "$destination\AppEvents.csv" -NoTypeInformation
    $SysEvents | Export-Csv "$destination\SysEvents.csv" -NoTypeInformation
    
    Copy-Item -Path $Logs.FullName -Destination $destination -Force -Confirm:$False
}

# Compress logs
$zipDestination = "$env:HOMEPATH\Desktop\Logs_$env:COMPUTERNAME.zip"
Compress-Archive -Path $destination -DestinationPath $zipDestination -Force -Confirm:$False

# Clean up
Remove-Item -Path $destination -Recurse -Force -Confirm:$False

Write-Host "Log collection complete. Logs archived at $zipDestination" -ForegroundColor Cyan

Stop-transcript

 

Get-TSTMGMTLogs.ps1