From 953a56c9c80e708a46dd9d0644b7e9f4de4ef919 Mon Sep 17 00:00:00 2001 From: minster586 <43217359+minster586@users.noreply.github.com> Date: Tue, 14 Oct 2025 23:32:11 -0400 Subject: [PATCH] master upload --- .../Get-SystemSecurityAndHardwareInfo.ps1 | 179 ++++++++++++++++++ System Info (ps1)/README.md | 75 ++++++++ System Info (ps1)/my_report.txt | 15 ++ 3 files changed, 269 insertions(+) create mode 100644 System Info (ps1)/Get-SystemSecurityAndHardwareInfo.ps1 create mode 100644 System Info (ps1)/README.md create mode 100644 System Info (ps1)/my_report.txt diff --git a/System Info (ps1)/Get-SystemSecurityAndHardwareInfo.ps1 b/System Info (ps1)/Get-SystemSecurityAndHardwareInfo.ps1 new file mode 100644 index 0000000..a21b38c --- /dev/null +++ b/System Info (ps1)/Get-SystemSecurityAndHardwareInfo.ps1 @@ -0,0 +1,179 @@ +<# +Get-SystemSecurityAndHardwareInfo.ps1 +Gather TPM, Secure Boot, RAM, CPU, drive info and optionally write to a text file. +#> +[CmdletBinding()] +param( + [Parameter(Mandatory=$false, HelpMessage="Path or filename to write output to as a .txt file. If a relative filename is provided it will be created in the script folder.")] + [string]$OutputFile +) + +function Get-TPMStatus { + # Try CIM first (Windows 10/11) + try { + $tpm = Get-CimInstance -Namespace "root\cimv2\security\microsofttpm" -ClassName Win32_Tpm -ErrorAction Stop + if ($tpm -and $tpm.IsEnabled_InitialValue -ne $null) { + return @{ Installed = $true; IsEnabled = ($tpm.IsActivated_InitialValue -eq $true) -or ($tpm.IsEnabled_InitialValue -eq $true); ManufacturerId = $tpm.ManufacturerID; SpecVersion = $tpm.SpecVersion } + } + } catch { + # fallback to registry check + } + + # Registry fallback (may require elevated privileges) + try { + $reg = Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\TPM' -ErrorAction Stop + return @{ Installed = $true; IsEnabled = $true; ManufacturerId = $null; SpecVersion = $null } + } catch { + return @{ Installed = $false; IsEnabled = $false; ManufacturerId = $null; SpecVersion = $null } + } +} + +function Get-SecureBootStatus { + # Use Confirm-SecureBootUEFI where available (PowerShell 5+) + try { + if (Get-Command -Name Confirm-SecureBootUEFI -ErrorAction SilentlyContinue) { + $sb = Confirm-SecureBootUEFI + return $sb + } + } catch { + # continue to WMI + } + + try { + $sbState = (Get-CimInstance -Namespace root\wmi -ClassName MSSmBios_RawSMBiosTables -ErrorAction Stop) + } catch { + # can't determine + } + + # If Confirm-SecureBootUEFI unavailable, try checking UEFI SecureBoot in registry (works on modern Windows) + try { + $val = Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot\State' -Name UEFISecureBootEnabled -ErrorAction Stop + return ($val.UEFISecureBootEnabled -eq 1) + } catch { + return $null + } +} + +function Get-RAMInfo { + $totalBytes = (Get-CimInstance -ClassName Win32_ComputerSystem).TotalPhysicalMemory + $gb = [math]::Round($totalBytes / 1GB, 2) + return @{ Bytes = [int64]$totalBytes; GB = $gb } +} + +function Get-CPUInfo { + $cpu = Get-CimInstance -ClassName Win32_Processor | Select-Object -First 1 -Property Name, Manufacturer, NumberOfCores, NumberOfLogicalProcessors, MaxClockSpeed + $instr = @() + + # Detect instruction sets using built-in .NET intrinsics when available (PowerShell 7+ / .NET Core+). + # This avoids any third-party/native helpers and uses only system-provided types. + try { + # x86/x64 intrinsics + if ([Type]::GetType("System.Runtime.Intrinsics.X86.Sse") -ne $null) { + if ([System.Runtime.Intrinsics.X86.Sse]::IsSupported) { $instr += 'SSE' } + if ([System.Runtime.Intrinsics.X86.Sse2]::IsSupported) { $instr += 'SSE2' } + if ([System.Runtime.Intrinsics.X86.Sse3]::IsSupported) { $instr += 'SSE3' } + if ([System.Runtime.Intrinsics.X86.Sse41]::IsSupported) { $instr += 'SSE4.1' } + if ([System.Runtime.Intrinsics.X86.Sse42]::IsSupported) { $instr += 'SSE4.2' } + if ([System.Runtime.Intrinsics.X86.Popcnt]::IsSupported) { $instr += 'POPCNT' } + if ([System.Runtime.Intrinsics.X86.Avx]::IsSupported) { $instr += 'AVX' } + if ([System.Runtime.Intrinsics.X86.Avx2]::IsSupported) { $instr += 'AVX2' } + if ([Type]::GetType("System.Runtime.Intrinsics.X86.Bmi1") -ne $null -and [System.Runtime.Intrinsics.X86.Bmi1]::IsSupported) { $instr += 'BMI1' } + if ([Type]::GetType("System.Runtime.Intrinsics.X86.Bmi2") -ne $null -and [System.Runtime.Intrinsics.X86.Bmi2]::IsSupported) { $instr += 'BMI2' } + } + + # ARM intrinsics (if running on ARM/ARM64) + if ([Type]::GetType("System.Runtime.Intrinsics.Arm.ArmBase") -ne $null) { + if ([System.Runtime.Intrinsics.Arm.ArmBase]::IsSupported) { $instr += 'ARM_BASE' } + if ([Type]::GetType("System.Runtime.Intrinsics.Arm.AdvSimd") -ne $null -and [System.Runtime.Intrinsics.Arm.AdvSimd]::IsSupported) { $instr += 'AdvSimd' } + if ([Type]::GetType("System.Runtime.Intrinsics.Arm.Crc32") -ne $null -and [System.Runtime.Intrinsics.Arm.Crc32]::IsSupported) { $instr += 'CRC32' } + if ([Type]::GetType("System.Runtime.Intrinsics.Arm.Sha1") -ne $null -and [System.Runtime.Intrinsics.Arm.Sha1]::IsSupported) { $instr += 'SHA1' } + if ([Type]::GetType("System.Runtime.Intrinsics.Arm.Sha256") -ne $null -and [System.Runtime.Intrinsics.Arm.Sha256]::IsSupported) { $instr += 'SHA256' } + } + } catch { + # If intrinsics types are not present (e.g., Windows PowerShell / .NET Framework), fall back to leaving the list empty. + } + + return @{ Name = $cpu.Name; Manufacturer = $cpu.Manufacturer; Cores = $cpu.NumberOfCores; LogicalProcessors = $cpu.NumberOfLogicalProcessors; MaxClockMHz = $cpu.MaxClockSpeed; InstructionSets = $instr } +} + +function Get-MainDriveInfo { + # Determine system drive (where Windows is installed). $env:SystemDrive is like 'C:' so keep it as-is. + $winDrive = $env:SystemDrive + try { + # Use the drive string directly (e.g. 'C:') in the WMI filter. Avoid trailing colon after the variable to prevent parser errors. + $disk = Get-CimInstance -ClassName Win32_LogicalDisk -Filter "DeviceID='$winDrive'" | Select-Object DeviceID, Size, FreeSpace + if (-not $disk) { + # fallback to C: if above fails + $disk = Get-CimInstance -ClassName Win32_LogicalDisk -Filter "DeviceID='C:'" | Select-Object DeviceID, Size, FreeSpace + } + if ($disk) { + $sizeGB = [math]::Round($disk.Size / 1GB, 2) + return @{ DeviceID = $disk.DeviceID; SizeBytes = [int64]$disk.Size; SizeGB = $sizeGB; FreeBytes = [int64]$disk.FreeSpace } + } + } catch { } + return $null +} + +# Build output +$result = [ordered]@{} +$result.TPM = Get-TPMStatus +$result.SecureBoot = Get-SecureBootStatus +$result.RAM = Get-RAMInfo +$result.CPU = Get-CPUInfo +$result.MainDrive = Get-MainDriveInfo + +function Format-ResultText($res) { + $lines = @() + $lines += "System Hardware & Security Report - $(Get-Date -Format 'u')" + $lines += "" + $lines += "TPM Installed: $($res.TPM.Installed)" + $lines += "TPM Enabled/Activated: $($res.TPM.IsEnabled)" + if ($res.TPM.ManufacturerId) { $lines += "TPM ManufacturerId: $($res.TPM.ManufacturerId)" } + if ($res.TPM.SpecVersion) { $lines += "TPM SpecVersion: $($res.TPM.SpecVersion)" } + $lines += "" + $sb = $res.SecureBoot + if ($sb -eq $null) { $lines += "Secure Boot: Unknown (insufficient privileges or unsupported)" } else { $lines += "Secure Boot Enabled: $sb" } + $lines += "" + $lines += "Installed RAM: $($res.RAM.GB) GB ($([string]::Format('{0:N0}', $res.RAM.Bytes)) bytes)" + $lines += "" + $lines += "CPU: $($res.CPU.Name)" + $lines += "CPU Manufacturer: $($res.CPU.Manufacturer)" + $lines += "CPU Cores: $($res.CPU.Cores) Logical Processors: $($res.CPU.LogicalProcessors) MaxClockMHz: $($res.CPU.MaxClockMHz)" + if ($res.CPU.InstructionSets.Count -gt 0) { $lines += "CPU Instruction Sets: $($res.CPU.InstructionSets -join ', ')" } + $lines += "" + if ($res.MainDrive) { + $lines += "Main Drive ($($res.MainDrive.DeviceID)) Size: $($res.MainDrive.SizeGB) GB ($([string]::Format('{0:N0}', $res.MainDrive.SizeBytes)) bytes) Free: $([math]::Round($res.MainDrive.FreeBytes/1GB,2)) GB" + } else { + $lines += "Main Drive: Unknown" + } + return $lines -join "`n" +} + +$outText = Format-ResultText -res $result + +# Output to console +Write-Host $outText + +# Output to file if requested via -OutputFile +if ($OutputFile) { + try { + $scriptDir = Split-Path -Parent $PSCommandPath + + # If the provided path is rooted, use it; otherwise combine with script directory. + if ([System.IO.Path]::IsPathRooted($OutputFile)) { + $outPath = [System.IO.Path]::GetFullPath($OutputFile) + } else { + $outPath = [System.IO.Path]::GetFullPath((Join-Path $scriptDir $OutputFile)) + } + + # Ensure .txt extension is present + if ([System.IO.Path]::GetExtension($outPath) -eq '') { + $outPath = "$outPath.txt" + } + + $outText | Out-File -FilePath $outPath -Encoding UTF8 -Force + Write-Host "Report written to: $outPath" + } catch { + Write-Warning "Failed to write to file: $_" + } +} diff --git a/System Info (ps1)/README.md b/System Info (ps1)/README.md new file mode 100644 index 0000000..d6af1b2 --- /dev/null +++ b/System Info (ps1)/README.md @@ -0,0 +1,75 @@ +# Get-SystemSecurityAndHardwareInfo.ps1 + +This PowerShell script gathers several system security and hardware details on Windows: + +- TPM installed and enabled/activated status +- Secure Boot enabled status +- Installed RAM (GB and bytes) +- CPU model, manufacturer, core/logical counts, max clock +- Main drive (system drive) size and free space + +Features +- Prints results to the console. +- Optional: write results to a timestamped text file in the script folder with `-OutFile` or provide `-FilePath`. + +Requirements +- Windows 10/11 (modern Windows builds). Some checks may require administrative privileges. +- PowerShell 5.1 or PowerShell 7+. `Confirm-SecureBootUEFI` is available only on UEFI systems and may require admin. + - PowerShell 5.1 or PowerShell 7+. For detailed CPU instruction-set detection the script uses built-in .NET intrinsics (System.Runtime.Intrinsics) which are available when running under PowerShell 7+ (PowerShell Core). No third-party tools or native helpers are required. + +Usage + +Open PowerShell (recommended: run as Administrator for more reliable TPM/Secure Boot detection). + +Examples: + +Run and show results in console only: + +```powershell +pwsh.exe -File .\Get-SystemSecurityAndHardwareInfo.ps1 +``` + +Run and write to a timestamped file in the script folder: + +```powershell +pwsh.exe -File .\Get-SystemSecurityAndHardwareInfo.ps1 -OutputFile report.txt +``` + +Run and write to a specific file: + +```powershell +pwsh.exe -File .\Get-SystemSecurityAndHardwareInfo.ps1 -OutputFile C:\temp\myreport.txt +``` + +Notes +- CPU instruction set detection is limited in this script; it reports CPU name and counts reliably. For detailed CPUID flags, additional native tooling or modules would be needed. +- If output shows Unknown for Secure Boot or TPM, try running PowerShell as Administrator. + +License +- Public domain / use as you like. + +## Quick copy-paste examples + +The following are ready-to-copy PowerShell one-liners. Only use the remote download-and-run example if you trust the source. Running code directly from the internet (the `iwr | iex` pattern) executes whatever is fetched. + +- Run the script locally (recommended): + +```powershell +# From the folder that contains the script +pwsh.exe -File .\Get-SystemSecurityAndHardwareInfo.ps1 -OutputFile report.txt +``` + +- Download and run directly from a raw GitHub URL (only if you trust the URL): + +```powershell +# Example using the iwr | iex pattern you provided (replace URL with this repo's raw file URL when publishing): +iwr -UseBasicParsing https://raw.githubusercontent.com///main/Get-SystemSecurityAndHardwareInfo.ps1 | iex +``` + +Security note: `iwr | iex` downloads and immediately executes code from the given URL. Only run such commands for sources you fully trust. A safer approach is to download the file, inspect it, then execute it locally: + +```powershell +iwr -OutFile .\Get-SystemSecurityAndHardwareInfo.ps1 https://raw.githubusercontent.com///main/Get-SystemSecurityAndHardwareInfo.ps1 +# Inspect the file, then run: +pwsh.exe -File .\Get-SystemSecurityAndHardwareInfo.ps1 -OutputFile my_report.txt +``` diff --git a/System Info (ps1)/my_report.txt b/System Info (ps1)/my_report.txt new file mode 100644 index 0000000..3437e3a --- /dev/null +++ b/System Info (ps1)/my_report.txt @@ -0,0 +1,15 @@ +System Hardware & Security Report - 2025-10-14 23:24:30Z + +TPM Installed: True +TPM Enabled/Activated: True + +Secure Boot Enabled: False + +Installed RAM: 31.83 GB (34,176,880,640 bytes) + +CPU: Intel(R) Core(TM) i5-10600K CPU @ 4.10GHz +CPU Manufacturer: GenuineIntel +CPU Cores: 6 Logical Processors: 12 MaxClockMHz: 4104 +CPU Instruction Sets: SSE, SSE2, SSE3, SSE4.1, SSE4.2, POPCNT, AVX, AVX2, BMI1, BMI2 + +Main Drive (C:) Size: 476.03 GB (511,128,338,432 bytes) Free: 87.17 GB