In preparation of the Internet Explorer out of date ActiveX control blocking activities I wrote the below script that retrieves the content of the log stored under LOCALAPPDATA%\Microsoft\Internet Explorer\AuditMode\VersionAuditLog.csv
You can download the script from here
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 |
function Get-ActiveXControlLog { <# .Synopsis Get-ActiveXControlLog .DESCRIPTION Get-ActiveXControlLog retrieves the content of the Internet Explorer ActiveX control log stored locally. .EXAMPLE Get-ActiveXControlLog Shows all entries in the log file .EXAMPLE Get-ActiveXControlLog -Show Allowed Shows only entries with status "Allowed" .LINKS http://technet.microsoft.com/en-us/ie/dn798785.aspx .NOTES version 1.0 by Alex Verboon #> [CmdletBinding()] Param ( [Parameter(Mandatory=$false, Position=0)] [ValidateSet("All","Allowed","Blocked")] $Show="All" ) Begin { # the default location of the log file $VersionAuditLog = [Environment]::GetFolderPath('LocalApplicationData') + "\Microsoft\Internet Explorer\AuditMode\VersionAuditLog.csv" # check if the log file is present If (Test-Path $VersionAuditLog) { Write-output "ActiveX out of date blocking control log found" } Else { Write-Verbose "ActiveX out of date blocking control log not found" # let's check if the logging policy is enabled at all $lm = (Get-ItemProperty -Path "HKLM:Software\Microsoft\Windows\CurrentVersion\Policies\Ext" -Name "AuditModeEnabled" -ErrorAction SilentlyContinue).AuditModeEnabled $cu = (Get-ItemProperty -Path "HKCU:Software\Microsoft\Windows\CurrentVersion\Policies\Ext" -Name "AuditModeEnabled" -ErrorAction SilentlyContinue).AuditModeEnabled If ($lm -le 0) { write-output "ActiveX control logging policy is not enabled at the computer level" } Else { Write-Output "Active control logging policy is enabled at the computer level, but there's no log: $VersionAuditLog" } If ($cu -le 0) { write-output "ActiveX control logging policy is not enabled at the User level" } Else { Write-Output "Active control logging policy is enabled at the user level, but there's no log: $VersionAuditLog" } Throw } } Process { # Get the content of the log file $axlog = Import-csv -Delimiter "," -Path $VersionAuditLog -Header URL, Path, ProductVersion, FileVersion, Action, Reason, EPMCompat $axlogdata = @() ForEach ($entry in $axlog) { $object = New-Object -TypeName PSObject $object | Add-Member -MemberType NoteProperty -Name URL -Value $entry.URL $object | Add-Member -MemberType NoteProperty -Name Path -Value $entry.Path $object | Add-Member -MemberType NoteProperty -Name ProductVersion -Value $entry.ProductVersion $object | Add-Member -MemberType NoteProperty -Name FileVersion -Value $entry.FileVersion $object | Add-Member -MemberType NoteProperty -Name Result -Value $entry.Action $object | Add-Member -MemberType NoteProperty -Name Reason -Value $entry.Reason $object | Add-Member -MemberType NoteProperty -Name EPMCompatible -Value $entry.EPMCompat $axlogdata += $object } } End { If ($Show -eq "All") { $axlogdata } Else { $axlogdata | Where-Object {$_.Result -eq "$Show"} } } } |