Obtain Reg_Binary Value for a list of servers using Powershell

Question

So coming back to this....

I have a list of servers (server.txt) I need to query this list for a Reg_Binary value...

I need to have the script cycle through the list - turn on remote registry if needed, obtain the value from the Reg_Binary (SignaturesLastUpdated) from the Key - "SOFTWARE\Microsoft\Microsoft Antimalware\Signature Updates"

Output the information in a date and time format next to the server name - ideally as a csv (but that isn't a main deal) - preferably appending a single file on each cycle.

Then I need it to return the remote reg service back to the state it found it.

I have taken no less than 20 runs at this and am reluctant to put any code up for modification - would humbly ask that someone with a greater skill level at Powershell return a response with the script needed.

I am doing all of this because it seems that Microsoft FEP doesn't update SCCM with live information so reporting isn't of value - if you know a way to fix that then that's ideal....

Sorry I know this is a lot to ask - but I'm tired of fighting this one, so please help.

Answer 1

Again this is a continuation of the answer from here. This is not a dup since the OP is looking to handle the state of services.

$servers = Get-Content "C:\Windows\System32\List3.txt"
$key="SOFTWARE\Microsoft\Microsoft Antimalware\Signature Updates"
$value = "SignatuesLastUpdated"

$servers | ForEach-Object{
    $server = $_
    Try{
        Get-RegBinary -ComputerName $server -Key $Key -Value $value -ErrorAction Stop
    } Catch [Microsoft.PowerShell.Commands.WriteErrorException]{
        # Couple of reasons for this exception
        If($_.Exception -match "network path was not found"){
            # This was triggered when the service was not running. Attempt to start it. 
            $remoteService = Get-Service -ComputerName $server -Name RemoteRegistry
            If($remoteService.Status -eq "Stopped"){$remoteService | Start-Service}

            # Try and get the key again.
            Try{
                Get-RegBinary -ComputerName $server -Key $Key -Value $value -ErrorAction Stop
            } Catch{
                [pscustomobject]@{
                    ComputerName = $server
                    Data = "Unable to get key after attempting to start service. Possibly does not exist"
                }
            }

            # Restore the service to a stopped state.
            $remoteService | Stop-Service

        } ElseIf($_.Exception -match "Cannot find value") {
            # If the key does not exist.
            [pscustomobject]@{
                ComputerName = $server
                Data = "Key/Value pair does not exist."
            }
        }
    }
    Catch{
        [pscustomobject]@{
            ComputerName = $server
            Data = "Unable to retrieve data"
        }
    }

} | Select ComputerName,@{Label=$value;Expression={If(!($_.Data -is [string])){[System.Text.Encoding]::Ascii.GetBytes($_.data)}Else{$_.Data}}} | Export-csv C:\temp\data.log -NoTypeInformation

Sample from 3 computers

1. c3935 had they key and remoteregistry service started
2. C4186 did not have the key or remoteregistry service started
3. C4094 had the key but the service was initially stopped.

"ComputerName","Test" "c3935","57 55 32 57 56 32 57 57 32 49 48 48 32 49 48 49" "C4186","Key/Value pair does not exist." "C4094","57 55 32 57 56 32 49 48 48 32 49 48 49"