Select Page

Required Files: None


This script is helpful to run after an application crash or a bluescreen. It will download lastactivityview from Nirsoft and then dump all recent activities on the PC to a csv then upload it to the asset.


 

#Import Syncro Function so we can create an RMM alert if out of date
Import-Module $env:SyncroModule
$subdomain = "EDITTHIS"
Function GetNirsoftLastActivityViewer {
<#
.CREATED BY:
    Steven Grabowski
.CREATED ON:
    3/4/2018
.Synopsis
    Downloads Nirsoft Task Schedule Viewer - If it is not already downloaded to c:\.$subdomain
    Should be scheduled to run on a bluescreen or app crash
.FUNCTIONALITY
   PowerShell v2
#>
 
 
# Define 'maintenance' directory - if it doesn't exist, create it
$TARGETDIR = "c:\temp\3rdparty"
$filelocation = "c:\temp\3rdparty\lastactivityview.zip"
if(!(Test-Path -Path $TARGETDIR )){
    New-Item -ItemType directory -Path $TARGETDIR
    write-output "Folder didnt' exist, created folder"
     # Hide Folder
     $h=get-item "c:\temp" -Force
     $h.attributes="Hidden"
} 
# Check for executable - if it doesn't exist, download it from Nirsoft and then extract it
if(!(Test-Path "c:\temp\3rdParty\LastActivityView.exe")){
        write-output "File doesn't exist yet, downloading file now"
        # Download the file from Nirsoft
        $url = "https://www.nirsoft.net/utils/lastactivityview.zip"
        $thisfile = "c:\temp\3rdparty\lastactivityview.zip"
        (new-object System.Net.WebClient).DownloadFile($url,$thisfile)
        #Extract Files
        Expand-ZIPFile $thisfile -destination "c:\temp\3rdparty"
        #Remove unneeded files
        remove-item "c:\temp\3rdparty\*.txt"
        remove-item "c:\temp\3rdparty\*.chm"
        remove-item "c:\temp\3rdparty\*.zip"
    }
 
}
 
Function Expand-ZIPFile($file, $destination) {
# This function Unzips files
# Usage:  Expand-ZIPFile <zipped file> -destination <destination path>
$shell = new-object -com shell.application
$zip = $shell.NameSpace($file)
foreach($item in $zip.items())
{
$shell.Namespace($destination).copyhere($item)
}
}
 
GetNirsoftLastActivityViewer
Start-Sleep -s 5
$logs = "c:\temp\activities.csv"
start-process -filepath "c:\temp\3rdparty\LastActivityView.exe" -ArgumentList "/sort 0 /scomma $logs"
# Wait for collection of activities
Start-Sleep -s 20
Upload-File -Subdomain $subdomain -FilePath $logs
# Clean up data
Remove-Item $logs