Monthly Archives: August 2012

Get info about Antivirus from Windows Security Centre using Powershell and WMI

function Get-WscAntiVirusInfo {
param (
[parameter(ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true)]

$AntiVirusProduct =  gwmi -Namespace root\securitycenter2 -Class AntiVirusProduct -ComputerName $computername
$HexProductState="{0:x6}" -f $ProductState
Write-Verbose "HexProductState=$HexProductState"

#$FirstByte = Join-String -Strings "0x", $HexProductState.Substring(0,2)
$FirstByte = -join (“0x”, $HexProductState.Substring(0,2))

Write-Verbose "FirstByte=$FirstByte"
$SecondByte = $HexProductState.Substring(2,2)
Write-Verbose "SecondByte=$SecondByte"
$ThirdByte = $HexProductState.Substring(4,2)
Write-Verbose "ThirdByte=$ThirdByte"

$ObjHt=@{Computername=$ComputerName; `
        AntivirusName=$AntiVirusProduct.displayName; `
        InstanceGuid=$AntiVirusProduct.instanceGuid; `
        PathToSignedProductExe=$AntiVirusProduct.pathToSignedProductExe; `
        PathToSignedReportingExe=$AntiVirusProduct.pathToSignedReportingExe; `
        ProductState=$AntiVirusProduct.productState; `
        HexProductState=$HexProductState; `
        AntivirusPresent=$false; `
        ThirdPartyFirewallPresent=$false; `
        AutoUpdate=$false; `
        RealTimeProtection=$false; `

switch ($FirstByte) {
    {($_ -band 1) -gt 0} {$ObjHt.ThirdPartyFirewallPresent=$true}
    {($_ -band 2) -gt 0} {$ObjHt.AutoUpdate=$true}
    {($_ -band 4) -gt 0} {$ObjHt.AntivirusPresent=$true}

if ($SecondByte -eq "10") {

if ($ThirdByte -eq "00") {

New-Object -TypeName PSObject -Property $ObjHt


To discover other classes in the root\SecurityCenter2  namespace use

Get-WmiObject -Namespace root\SecurityCenter2 -List

Using enums in Powershell

Using enums in Powershell | I’ve got the byte on my side.

PowerShell Byte Array And Hex Functions

PowerShell Byte Array And Hex Functions.

Convert decimal to hex and binary in Powershell

dec to hex

PS> "{0:x}" -f 397312
PS> [String]::Format("{0:x}", 397312)
PS> [Convert]::ToString(397312, 16)

If you want the hex number to have 6 digits then use

PS> "{0:x6}" -f 397312

hex to dec

PS> "{0:d}" -f 0x61000

PS> [String]::Format("{0:d}", 0x61000)

PS> [Convert]::ToString(0x061000, 10)

dec to bin

PS> [Convert]::ToString(129, 2)

hex to bin

PS> [Convert]::ToString(0x81, 2)

Group Policy Settings Search

Windows 7–enable showing state information instead of Please wait message

Run Group Policy Management (Start > Run > gpmc.msc)

Computer conf./Administrative Templates/System/Verbose vs normal status messages

Note Windows ignores this setting if the Remove Boot / Shutdown / Logon / Logoff status messages setting is turned on

Enabling Group Policy Preferences Debug Logging using the RSAT – Ask the Directory Services Team

Enabling Group Policy Preferences Debug Logging using the RSAT – Ask the Directory Services Team – Site Home – TechNet Blogs.


Scripts, tools and tips, mostly around Microsoft SCCM and EMS

To The Point

Anything about Technology and Business

Brian's Power Windows Blog

Microsoft in the Enterprise. Windows, Hyper-V, Exchange, SQL, and more!

PowerScripting Podcast

Shownotes and links for the PowerScripting Podcast, a podcast to help people learn Windows Powershell

Learn Powershell | Achieve More

What is this Powershell of which you speak?