0

I am trying to get Domain pc's Antimalware status remotely, using powershell script. The following code works as expected, except I do not know how to pass the -computername parameter to the Get-MpComputerStatus command. It will return the Malware status of the local pc, that is running the script, but not the AD pc's. The rest of the variables, such as Location, Device Name, Serial Number are returned correctly:

    import-module ActiveDirectory

Get-ADComputer -filter "name -like '*'" |
Select -expandproperty name |

    ForEach {

 
  
   $results =  % { Get-ADComputer -Identity $_ -Properties Description }
   
   $cs = gwmi win32_bios -ComputerName $_ -ErrorAction SilentlyContinue

   $os = Get-Wmiobject -class Win32_operatingsystem  -computername $_  -ErrorAction SilentlyContinue  
         
   $bios = Get-WmiObject Win32_ComputerSystem -ComputerName $_ -ErrorAction SilentlyContinue 

 
      
   $rs =  Get-MpComputerStatus 

 #$rs = Get-WmiObject Win32_ComputerSystem -ComputerName $_ -ErrorAction SilentlyContinue |  Get-MpComputerStatus 

   $Object = New-Object PSObject -Property @{
    
    
       "Device Name" = $results.name 
       "Physical Location" = $results.description
       "Employee" = $bios.UserName        
       "Last Logon Date" = $results.LastLogonDate
       "Category" = $bios.ChassisSKUNumber
       "Vendor" = $bios.Manufacturer
       "Make/Model" = $bios.Model
       "Serial Number" = $cs.SerialNumber        
       'OS' = $os.caption
       'Malware Updated' = $rs.AntivirusSignatureLastUpdated
       'AntiSpyware Status' = $rs.AntispywareEnabled
       'AntiMalware Version' = $rs.AMServiceVersion
     
        }
        

       $Object |
  Select-Object "Physical Location", "Employee", "Device Name", "Malware Updated",'AntiSpyware Status','AntiMalware Version', "Serial Number", "Vendor", "Make/Model", "OS"|
  Export-Csv  -Append -Force  -NoTypeInformation "$($env:USERPROFILE)\documents\WinDef.csv"  #"c:\data\asset_inventory2.csv
 }
Lee_Dailey
  • 7,292
  • 2
  • 22
  • 26
mikey814
  • 3
  • 1
  • 2
  • Have you looked at the syntax for `Get-MpComputerStatus`? It covers cimsessions ``Get-MpComputerStatus [-CimSession ] [-ThrottleLimit ] [-AsJob] []`` – Abraham Zinala Mar 10 '21 at 20:36

1 Answers1

0

You can either use -CimSession as explained in MS Docs:

Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a New-CimSession or Get-CimSession cmdlet. The default is the current session on the local computer

Or you can $rs=Invoke-Command RemoteComputer {Get-MpComputerStatus}

Santiago Squarzon
  • 41,465
  • 5
  • 14
  • 37
  • I have been trying to get the Invoke-command to work, using this: – mikey814 Mar 16 '21 at 19:09
  • sent the previous comment accidentally should have had this :$rs = Invoke-Command -ComputerName $_ {Get-MpComputerStatus} This command works only if the winrm service is runniing on remote pc. which by default it is not. – mikey814 Mar 16 '21 at 19:20
  • `-CimSession` uses WinRM (Powershell Remoting) ports too so won't work either. You'll need those services up if you want to manage computers remotely with PS. – Santiago Squarzon Mar 16 '21 at 19:56
  • Thanks for the response; is there any way to starat the WinRm service remotely, using powershell script, as Group Policy is set at the corporate level. – mikey814 Mar 18 '21 at 11:12
  • 1
    I used the following script to start the WinRM service on remote pcs : **$hostnamestxt = 'C:\Data\powershell\hosts.txt' $computers = get-content "$hostnamestxt" foreach($computer in $computers){ psexec \\$computer net start WinRm } ** I was then able to use the :$rs = Invoke-Command -ComputerName $_ {Get-MpComputerStatus} command in my script to get the Malware Status from remote computers on the domain. – mikey814 Mar 18 '21 at 16:10
  • Great, sorry for the late response. Glad you could sort it out. – Santiago Squarzon Mar 18 '21 at 16:43