simplified

patch-software.ps1 → patching.ps1

@@ -1,36 +1,60 @@
+# Ensure the script runs as Administrator
+Write-Output "=== Checking for Administrator Privileges ==="
+if (-not ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {
+    Write-Host "This script must be run as Administrator!" -ForegroundColor Red
+    Exit
+}
+
+# Ensure PSWindowsUpdate module is installed
+Write-Output "=== Ensuring PSWindowsUpdate Module is Installed ==="
+if (-not (Get-Module -ListAvailable -Name PSWindowsUpdate)) {
+    Write-Output "Installing PSWindowsUpdate module..."
+    Install-Module -Name PSWindowsUpdate -Force -ErrorAction SilentlyContinue
+}
+Import-Module PSWindowsUpdate
+
+# Perform Windows Updates
+Write-Output "=== Performing Windows Updates ==="
+try {
+    Get-WindowsUpdate -AcceptAll -Install -AutoReboot
+    Write-Host "Windows Updates completed successfully." -ForegroundColor Green
+}
+catch {
+    Write-Host "Error during Windows Updates: $_" -ForegroundColor Red
+}
+
 # Ensure Winget is available
+Write-Output "=== Checking for Winget Availability ==="
 if (-not (Get-Command winget -ErrorAction SilentlyContinue)) {
     Write-Host "Winget is not available. Please install it manually from https://aka.ms/winget" -ForegroundColor Red
     Exit
 }
 
-# Track failed and skipped updates
+# Update all Winget-managed packages
+Write-Output "=== Updating Winget-Managed Packages ==="
 $failedPackages = @()
 $skippedPackages = @()
 
-# List of end-of-life packages to skip
-$excludedPackages = @(
-    "Microsoft.549981C3F5F10",
-    "Microsoft.Getstarted"
-)
-
-# Update all Winget-managed packages
-Write-Host "Updating all Winget-managed packages..." -ForegroundColor Cyan
 try {
     winget upgrade --all --accept-source-agreements --accept-package-agreements
     if ($LASTEXITCODE -ne 0) {
         Write-Host "One or more Winget updates may have failed." -ForegroundColor Yellow
     }
-} catch {
-    Write-Host "Error during Winget update process." -ForegroundColor Red
+    else {
+        Write-Host "All Winget-managed packages updated successfully." -ForegroundColor Green
+    }
+}
+catch {
+    Write-Host "Error during Winget updates: $_" -ForegroundColor Red
     $failedPackages += "Winget packages"
 }
 
-# List all apps that can be updated via the Microsoft Store
-Write-Host "Checking for Microsoft Store app updates..." -ForegroundColor Cyan
+# Microsoft Store App Updates
+Write-Output "=== Checking for Microsoft Store App Updates ==="
+$excludedPackages = @("Microsoft.549981C3F5F10", "Microsoft.Getstarted")  # List of end-of-life packages to skip
+
 try {
     $updates = Get-AppxPackage -AllUsers | Where-Object { $_.PackageUserInformation.InstallState -eq 'Staged' }
-
     if ($updates.Count -gt 0) {
         foreach ($app in $updates) {
             if ($excludedPackages -contains $app.Name) {
@@ -42,38 +66,48 @@ try {
                 Write-Host "Updating Microsoft Store app: $($app.Name)" -ForegroundColor Cyan
                 Add-AppxPackage -Register "$($app.InstallLocation)\AppxManifest.xml" -DisableDevelopmentMode
                 Write-Host "Updated: $($app.Name)" -ForegroundColor Green
-            } catch {
+            }
+            catch {
                 if ($_ -match "A higher version of this package is already installed") {
                     Write-Host "Skipped: $($app.Name) (higher version already installed)" -ForegroundColor Yellow
                     $skippedPackages += $app.Name
-                } elseif ($_ -match "end of life and can no longer be installed") {
+                }
+                elseif ($_ -match "end of life and can no longer be installed") {
                     Write-Host "Skipped: $($app.Name) (end of life)" -ForegroundColor Yellow
                     $skippedPackages += $app.Name
-                } elseif ($_ -match "apps need to be closed") {
+                }
+                elseif ($_ -match "apps need to be closed") {
                     Write-Host "Skipped: $($app.Name) (resource in use)" -ForegroundColor Yellow
                     $skippedPackages += $app.Name
-                } else {
+                }
+                else {
                     Write-Host "Failed to update: $($app.Name)" -ForegroundColor Red
                     $failedPackages += $app.Name
                 }
             }
         }
-    } else {
+    }
+    else {
         Write-Host "No updates available for Microsoft Store apps." -ForegroundColor Yellow
     }
-} catch {
+}
+catch {
     Write-Host "Error while checking for Microsoft Store updates." -ForegroundColor Red
     $failedPackages += "Microsoft Store apps"
 }
 
 # Cleanup logs
-Write-Host "Cleaning up deployment logs..." -ForegroundColor Cyan
-Remove-Item -Path "C:\ProgramData\Microsoft\Windows\AppRepository\*.rslc" -Force -ErrorAction SilentlyContinue
+Write-Output "=== Cleaning Up Deployment Logs ==="
+try {
+    Remove-Item -Path "C:\ProgramData\Microsoft\Windows\AppRepository\*.rslc" -Force -ErrorAction SilentlyContinue
+    Write-Host "Deployment logs cleaned up successfully." -ForegroundColor Green
+}
+catch {
+    Write-Host "Failed to clean up deployment logs: $_" -ForegroundColor Red
+}
 
 # Output results
-Write-Host "-----------------------------" -ForegroundColor Cyan
-Write-Host "Update Summary:" -ForegroundColor Cyan
-
+Write-Output "=== Update Summary ==="
 if ($skippedPackages.Count -gt 0) {
     Write-Host "The following packages were skipped:" -ForegroundColor Yellow
     $skippedPackages | ForEach-Object { Write-Host "- $_" }
@@ -82,6 +116,7 @@ if ($skippedPackages.Count -gt 0) {
 if ($failedPackages.Count -gt 0) {
     Write-Host "The following packages failed to update and may need manual intervention:" -ForegroundColor Red
     $failedPackages | ForEach-Object { Write-Host "- $_" }
-} else {
+}
+else {
     Write-Host "All updates completed successfully!" -ForegroundColor Green
 }

security.ps1

@@ -0,0 +1,70 @@
+# Update Defender signatures
+Write-Output "=== Updating Windows Defender Signatures ==="
+Update-MpSignature
+
+# Perform a quick scan
+Write-Output "=== Performing Windows Defender Quick Scan ==="
+Start-MpScan -ScanType QuickScan
+
+# Check firewall status and active rules
+Write-Output "=== Firewall Status and Active Rules ==="
+Get-NetFirewallProfile | Format-Table Name, Enabled, DefaultInboundAction, DefaultOutboundAction
+
+# List administrative user accounts
+Write-Output "=== Administrative User Accounts ==="
+Get-LocalUser | Where-Object { $_.Enabled -eq $true -and $_.Description -like "*Administrator*" } | 
+Select-Object Name, Enabled, LastLogon | Format-Table
+
+# Check for open ports and associated processes
+Write-Output "=== Open Ports and Associated Processes ==="
+Get-NetTCPConnection | Where-Object { $_.State -eq 'Listen' } | 
+Select-Object LocalAddress, LocalPort, OwningProcess | 
+Format-Table
+
+# Public IP Address
+Write-Output "=== Public IP Address ==="
+try {
+    $publicIP = Invoke-RestMethod -Uri "https://api64.ipify.org?format=json"
+    $machineName = $env:COMPUTERNAME
+    Write-Host "Public IP address for machine '$machineName' is: $($publicIP.ip)" -ForegroundColor Green
+}
+catch {
+    Write-Host "Failed to retrieve public IP address for machine '$env:COMPUTERNAME'." -ForegroundColor Red
+}
+
+
+# List installed software and versions
+Write-Output "=== Installed Software and Versions ==="
+Get-WmiObject -Class Win32_Product | Select-Object Name, Version | Sort-Object Name | Format-Table
+
+# Check for failed login attempts
+Write-Output "=== Failed Login Attempts ==="
+try {
+    $failedLogins = Get-WinEvent -LogName Security -FilterHashtable @{Id = 4625 } -MaxEvents 10
+    if ($failedLogins) {
+        $failedLogins | Select-Object TimeCreated, Message | Format-Table
+    }
+    else {
+        Write-Output "No failed login attempts found in the Security log."
+    }
+}
+catch {
+    Write-Output "Error retrieving failed login attempts: $_"
+}
+
+# Scan for missing Windows updates
+Write-Output "=== Scanning for Missing Windows Updates ==="
+if (-not (Get-Module -ListAvailable -Name PSWindowsUpdate)) {
+    Write-Output "PSWindowsUpdate module not found. Installing..."
+    Install-Module -Name PSWindowsUpdate -Force -ErrorAction SilentlyContinue
+}
+Import-Module PSWindowsUpdate
+Get-WindowsUpdate | Select-Object KBArticle, Title | Format-Table
+
+# Check system file integrity
+Write-Output "=== Checking System File Integrity ==="
+sfc /scannow
+
+# Generate summary report
+Write-Output "=== Security Check Completed ==="
+Write-Output "Please review the output above for potential issues or irregularities."