Required Files: None
This script is helpful to run after an application crash or a bluescreen. It will download lastactivityview from Nirsoft and then dump all recent activities on the PC to a csv then upload it to the asset.
#Import Syncro Function so we can create an RMM alert if out of date Import-Module $env:SyncroModule $subdomain = "EDITTHIS" Function GetNirsoftLastActivityViewer { <# .CREATED BY: Steven Grabowski .CREATED ON: 3/4/2018 .Synopsis Downloads Nirsoft Task Schedule Viewer - If it is not already downloaded to c:\.$subdomain Should be scheduled to run on a bluescreen or app crash .FUNCTIONALITY PowerShell v2 #> # Define 'maintenance' directory - if it doesn't exist, create it $TARGETDIR = "c:\temp\3rdparty" $filelocation = "c:\temp\3rdparty\lastactivityview.zip" if(!(Test-Path -Path $TARGETDIR )){ New-Item -ItemType directory -Path $TARGETDIR write-output "Folder didnt' exist, created folder" # Hide Folder $h=get-item "c:\temp" -Force $h.attributes="Hidden" } # Check for executable - if it doesn't exist, download it from Nirsoft and then extract it if(!(Test-Path "c:\temp\3rdParty\LastActivityView.exe")){ write-output "File doesn't exist yet, downloading file now" # Download the file from Nirsoft $url = "https://www.nirsoft.net/utils/lastactivityview.zip" $thisfile = "c:\temp\3rdparty\lastactivityview.zip" (new-object System.Net.WebClient).DownloadFile($url,$thisfile) #Extract Files Expand-ZIPFile $thisfile -destination "c:\temp\3rdparty" #Remove unneeded files remove-item "c:\temp\3rdparty\*.txt" remove-item "c:\temp\3rdparty\*.chm" remove-item "c:\temp\3rdparty\*.zip" } } Function Expand-ZIPFile($file, $destination) { # This function Unzips files # Usage: Expand-ZIPFile <zipped file> -destination <destination path> $shell = new-object -com shell.application $zip = $shell.NameSpace($file) foreach($item in $zip.items()) { $shell.Namespace($destination).copyhere($item) } } GetNirsoftLastActivityViewer Start-Sleep -s 5 $logs = "c:\temp\activities.csv" start-process -filepath "c:\temp\3rdparty\LastActivityView.exe" -ArgumentList "/sort 0 /scomma $logs" # Wait for collection of activities Start-Sleep -s 20 Upload-File -Subdomain $subdomain -FilePath $logs # Clean up data Remove-Item $logs |