Script to get Symantec Endpoint Protection DAT date and Revision number from multiple remote servers from registry.

Hi All,

 

I need help in fixing my script which is getting information from local machine from which i am running the script but not the remote servers results. Attaching my script.

Also need script to add and also to remove local admin Groups from remote servers.

-----------------------------------------------------

Clear
$c=Get-Credential ABC-domain\AB12345
$ServerList = Get-Content "H:\My Documents\My Powershell\serverlist.txt"
foreach ($computer in $ServerList) {
$Opt = New-CimSessionOption -Protocol Dcom
$Session = New-CimSession -ComputerName $computer -Credential $c -SessionOption $Opt
$AV=Invoke-Command -ScriptBlock {(get-ItemProperty 'Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\public-opstate'  -Name LatestVirusDefsDate -ea 0).LatestVirusDefsDate }
$pv=Invoke-Command -ScriptBlock {(get-ItemProperty 'Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\public-opstate'  -Name LatestVirusDefsRevision -ea 0).LatestVirusDefsRevision }
$date =$AV1
$AV=Get-Date $date -Format 'dd/MM/yyyy'

Write-Host "for server $computer AV date is $av/Rev is $pv"

}

-----------------------------------------------------------

Thank you,

Bala MS.

 

 

  • Hi 

    You can try this

    $servername = Get-Content 'E:\backup\test.txt'

    # Check the Latest virus Definition Date

    Foreach($server in $servername){

    $Reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine',$server)

    $key = $Reg.OpenSubKey("SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\public-opstate")

    $date1 = $key.getvalue("LatestVirusDefsDate")

    $date1

    }

  • Getting error as:

    Exception calling "OpenSubKey" with "1" argument(s): "Requested registry access is not allowed."

    I believe that is because we are not providing the server log in credentials for that.

    As set in my script. Is there a way to add credentials to the servers?

  • Hi team, 

    I need someone to take it a look and advice please. 

    Thank you 

  • Hey Bala,

    It's not really good form to post a message like your last one, more likely to have to the opposite effect to be honest.   [;)]

    Anyhow, I'd suggest taking a look at the registry key permissions to see how they are configured.  It's more likely they are locked down preventing you doing this.

    Regards your other question, if you need to add or remove groups to/from the local system, this is best achieved via GPO and the Restricted Groups option.

    cheers,

    Tim

     

  • Hi Tim,

    I appreciate your valuable time:). Thank you so much for the advice I value it.

    I was guessing that Dily Babu script was good enough but there was no option to give credentials to login the remote servers. I would check for other options too.

     

  • I think the thing Dily was giving an example of was the actual code to run within a ScriptBlock, so you will still be able to give credentials to the remote server at the same time with the -Credential option of the Invoke-Command cmdlet.

  • Hi Tim,

    Sure I will try that. I will try few online examples for invoke command for remote registry value query.

  • what do you need to add to the script, so the output will be saved to a file