0

We have swapped over to a new virus protection and I'm trying to track down all the machines with our old McAfee software on it. We are in a domain group, and all the PC's are listed in active directory.

$list = Get-ADComputer -Filter *

foreach($PC in $list){
    $data = Get-WmiObject -ComputerName $PC -Class Win32_Product | sort-object Name | 
    Select-Object Name | Where-Object { $_.Name -like "*McAfee*"}
    if($data){
        Write-Output "$PC has $($data.name) installed" |
        out-file C:\Users\username\Desktop -Append
    }
}

I'm a bit amateur when it comes to powershell.

Im getting this error over and over again

Get-WmiObject : The RPC server is unavailable.
At line:4 char:13
+     $data = Get-WmiObject -ComputerName $PC -Class Win32_Product | so ...
+             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [Get-WmiObject], COMException
    + FullyQualifiedErrorId : GetWMICOMException,Microsoft.PowerShell.Commands.GetWmiObjectCommand

I've read it's likely a firewall setting in the group policy. Before I try and get that changed is this the most effective way to do this? I'm avoiding using a list of computer names for simplicity, but I can do if necessary.

Brenen Hatch
  • 3
  • 6
  • IMO, the best solution is an inventory or configuration management software. Shouldn't your McAfee software talk to a back end system with reporting capabilities? Connecting remotely to every single domain machine will take a long time unless your domain is tiny. – AdminOfThings Sep 09 '20 at 15:49
  • Does this answer your question? [Get-WmiObject : The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)](https://stackoverflow.com/questions/11330874/get-wmiobject-the-rpc-server-is-unavailable-exception-from-hresult-0x800706) – codaamok Sep 09 '20 at 20:13

1 Answers1

0

You are right, there is a firewall setting blocking the Powershell remote access. It seems like a very common security setting in a lot of places since it's easier to turn it all off than to try to tune it to just allow specific people to use.

If you don't have access to SCCM or any other inventory/configuration management software like AdminOfThings commented, then this is a reasonable way to get the information you're looking for. I used a similar method to track RAM and CPU usages on some of our computers, but I had to modify each computer with the code at the link codaamok posted. It was an opt-in program so that method worked for me.

It's probably going to depend on how your Group Policy Admins want to handle it, if they want to allow this sort of remote access or not.

catherinemohan
  • 361
  • 1
  • 7