This worklet takes advantage of output from netsh wlan show interfaces. The idea is to start a scheduled task and run that command every 30 minutes for 48 hours. The results are all stored in a CSV file on the drive for review later.
#remediation code
#Params
$TaskName = 'Wi-Fi Analysis 48-Hours'
$csv = 'Wi-Fi_Analysis.csv'
$workdir = 'C:\ProgramData\company\'
$file = $workdir + $csv
$repeatmin = 30 #minutes
$duration = 48 #hours
#cleanup before starting
IF(Test-Path $file){Remove-Item $file -Force}
$task = schtasks /query /tn "$TaskName"
IF($task){schtasks /Delete /TN "$TaskName"}
function Build-Scripts{
# Build script that will send message
$vbs = @"
command = "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -windowstyle hidden -File $workdir`Get-wlanInterface.ps1 -Force"
set shell = CreateObject("WScript.Shell")
shell.Run command,0
"@
New-Item -Path "$workdir" -Name "RunPowerShellScript.vbs" -ItemType "file" -Value $vbs -force | Out-Null
$powershell = @"
`$interfaces = netsh wlan show interfaces
`$wlan = [pscustomobject] @{
Name = `$interfaces | Select-String -Pattern "Name" | % {((`$_ -split ":").Trim())[1]}
Description = `$interfaces | Select-String -Pattern "Description" | % {((`$_ -split ":").Trim())[1]}
GUID = `$interfaces | Select-String -Pattern "GUID" | % {((`$_ -split ":").Trim())[1]}
'Physical address' = (`$interfaces | Select-String -Pattern "Physical address" | % {((`$_ -split ":").Trim())[1..6]}) -Join ":"
State = `$interfaces | Select-String -Pattern "State" | % {((`$_ -split ":").Trim())[1]}
SSID = (`$interfaces | Select-String -Pattern "SSID")[0] | % {((`$_ -split ":").Trim())[1]}
BSSID = (`$interfaces | Select-String -Pattern "BSSID" | % {((`$_ -split ":").Trim())[1..6]}) -Join ":"
'Network type' = `$interfaces | Select-String -Pattern "Network type" | % {((`$_ -split ":").Trim())[1]}
'Radio type' = `$interfaces | Select-String -Pattern "Radio type" | % {((`$_ -split ":").Trim())[1]}
'Authentication' = `$interfaces | Select-String -Pattern "Authentication" | % {((`$_ -split ":").Trim())[1]}
Cipher = `$interfaces | Select-String -Pattern "Cipher" | % {((`$_ -split ":").Trim())[1]}
'Connection mode' = `$interfaces | Select-String -Pattern "Connection mode" | % {((`$_ -split ":").Trim())[1]}
Channel = `$interfaces | Select-String -Pattern "Channel" | % {((`$_ -split ":").Trim())[1]}
'Receive rate (Mbps)' = `$interfaces | Select-String -Pattern "Receive rate" | % {((`$_ -split ":").Trim())[1]}
'Transmit rate (Mbps)' = `$interfaces | Select-String -Pattern "Transmit rate" | % {((`$_ -split ":").Trim())[1]}
Signal = `$interfaces | Select-String -Pattern "Signal" | % {((`$_ -split ":").Trim())[1]}
Profile = `$interfaces | Select-String -Pattern "Profile" | % {((`$_ -split ":").Trim())[1]}
}
`$wlan | Export-Csv '$file' -Notypeinformation -Append
"@
New-Item -Path "$workdir" -Name "Get-wlanInterface.ps1" -ItemType "file" -Value $powershell -force | Out-Null
}
Build-Scripts
# Setup Scheduled Task
$action = New-ScheduledTaskAction -Execute "cscript" -Argument "$workdir\RunPowerShellScript.vbs"
$trigger = New-ScheduledTaskTrigger -Once -At (Get-Date) -RepetitionInterval (New-TimeSpan -Minutes $repeatmin) -RepetitionDuration (New-TimeSpan -Hours $duration)
$desc = "Writes output of netsh wlan show interfaces to $output"
$task = Register-ScheduledTask -TaskName $TaskName -Action $action -Trigger $trigger -Description $desc -User "NT AUTHORITY\SYSTEM"
Start-ScheduledTask -TaskName $TaskName