PoshCode Logo PowerShell Code Repository

Audit iPhone Users by psukus 30 months ago
View followups from Dan Dill | embed code: <script type="text/javascript" src="http://PoshCode.org/embed/1280"></script>download | new post

This script is intended to use IIS logs to audit OWA logs for syncing of mail from an iPhone. In our environment this is an unauthorized device and needs to be audited. This script is not perfect, nor the prettiest thing in the world but it works. IIS logging must be on for this to work. email the results to yourself in $To varible. Have Fun!

  1. #Created by P. Sukus
  2. #Name: iPhone users syncing through OWA audit
  3. #set the timeframe to audit in days
  4. $Daysold = 1
  5. $Date = (get-date).adddays(-$daysold)
  6. $servers = "server1", "server2", "server3"
  7. foreach ($s in $servers)
  8.     {
  9.     Write-host -ForegroundColor Blue "Checking server $s for files from the last $daysold day(s)"
  10.     $logfiles += gci -path \\$s\c$\windows\system32\logfiles\W3SVC1 | where {$_.LastWriteTime -gt $date}
  11.     }
  12. Foreach ($l in $logfiles)
  13.     {
  14.     Write-host "Processing "$l.fullname
  15.     Copy-item $l.fullname -Destination $pwd.path
  16.     $listousers += gc $l.name | where {$_ -match "DeviceType="}
  17.     Remove-Item $l.name
  18.     }
  19. $user = @()
  20. foreach ($l in $listousers | where {$_ -ne $null})
  21.     {
  22.     $u = $l.split(" ")[8]
  23.     if ($user -notcontains $u)
  24.         {
  25.         $user += "$u"
  26.         }
  27.     $u = $null
  28.     }
  29. $body = "<!DOCTYPE html PUBLIC `"-//W3C//DTD XHTML 1.0 Strict//EN`"  `"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd`">"
  30. $body += "<html xmlns=`"http://www.w3.org/1999/xhtml`">"
  31. $body += "<head>"
  32. $body += "<title>iPhone Users</title>"
  33. $body += "</head><body>"
  34. $body += "<table border=1>"
  35. $body += "<colgroup>"
  36. $body += "<col/>"
  37. $body += "</colgroup>"
  38. $body += "<tr><td><b>iPhone Users</b></td></tr>"
  39. foreach ($y in $user)
  40.     {
  41.     $body += "<tr><td>$y</td></tr>"
  42.     }
  43. $body += "</table>"
  44. $body += "</body></html>"
  45.  
  46. $smtpServer = "your.SMTPserver.here"
  47. $mailer = new-object Net.Mail.SMTPclient($smtpserver)  
  48. $From = "iphoneusersync@company.internal"
  49. $To = "admin@company.internal"
  50. $subject = "iPhone users syncing through OWA in the last $daysold day(s)"
  51. $msg = new-object Net.Mail.MailMessage($from,$to,$subject,$body)       
  52. $msg.IsBodyHTML = $true
  53. $mailer.send($msg)

Submit a correction or amendment below (click here to make a fresh posting)
After submitting an amendment, you'll be able to view the differences between the old and new posts easily.

Syntax highlighting:


Remember me