Monthly Archives: August 2012

Get info about Antivirus from Windows Security Centre using Powershell and WMI

function Get-WscAntiVirusInfo {
[CmdletBinding()]
param (
[parameter(ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true)]
[Alias('name')]
$computername=$env:computername
)

$AntiVirusProduct =  gwmi -Namespace root\securitycenter2 -Class AntiVirusProduct -ComputerName $computername
$ProductState=$AntiVirusProduct.ProductState
#$ProductState
$HexProductState="{0:x6}" -f $ProductState
Write-Verbose "HexProductState=$HexProductState"

#$FirstByte = Join-String -Strings "0x", $HexProductState.Substring(0,2)
$FirstByte = -join (“0x”, $HexProductState.Substring(0,2))

Write-Verbose "FirstByte=$FirstByte"
$SecondByte = $HexProductState.Substring(2,2)
Write-Verbose "SecondByte=$SecondByte"
$ThirdByte = $HexProductState.Substring(4,2)
Write-Verbose "ThirdByte=$ThirdByte"

$ObjHt=@{Computername=$ComputerName; `
        AntivirusName=$AntiVirusProduct.displayName; `
        InstanceGuid=$AntiVirusProduct.instanceGuid; `
        PathToSignedProductExe=$AntiVirusProduct.pathToSignedProductExe; `
        PathToSignedReportingExe=$AntiVirusProduct.pathToSignedReportingExe; `
        ProductState=$AntiVirusProduct.productState; `
        HexProductState=$HexProductState; `
        AntivirusPresent=$false; `
        ThirdPartyFirewallPresent=$false; `
        AutoUpdate=$false; `
        RealTimeProtection=$false; `
        VirusDefsUptoDate=$false}

switch ($FirstByte) {
    {($_ -band 1) -gt 0} {$ObjHt.ThirdPartyFirewallPresent=$true}
    {($_ -band 2) -gt 0} {$ObjHt.AutoUpdate=$true}
    {($_ -band 4) -gt 0} {$ObjHt.AntivirusPresent=$true}
}

if ($SecondByte -eq "10") {
    $ObjHt.RealTimeProtection=$true
}

if ($ThirdByte -eq "00") {
    $ObjHt.VirusDefsUptoDate=$true
}

New-Object -TypeName PSObject -Property $ObjHt

}

To discover other classes in the root\SecurityCenter2  namespace use

Get-WmiObject -Namespace root\SecurityCenter2 -List
Advertisements

Using enums in Powershell

Using enums in Powershell | I’ve got the byte on my side.

PowerShell Byte Array And Hex Functions

PowerShell Byte Array And Hex Functions.

Convert decimal to hex and binary in Powershell

dec to hex

PS> "{0:x}" -f 397312
61000
PS> [String]::Format("{0:x}", 397312)
61000
PS> [Convert]::ToString(397312, 16)
61000

If you want the hex number to have 6 digits then use

PS> "{0:x6}" -f 397312
061000

hex to dec

PS> "{0:d}" -f 0x61000
397312

PS> [String]::Format("{0:d}", 0x61000)
397312

PS> [Convert]::ToString(0x061000, 10)
397312

dec to bin

PS> [Convert]::ToString(129, 2)
10000001

hex to bin

PS> [Convert]::ToString(0x81, 2)
10000001

Group Policy Settings Search

http://gps.cloudapp.net/

Windows 7–enable showing state information instead of Please wait message

Run Group Policy Management (Start > Run > gpmc.msc)

Computer conf./Administrative Templates/System/Verbose vs normal status messages

Note Windows ignores this setting if the Remove Boot / Shutdown / Logon / Logoff status messages setting is turned on

Enabling Group Policy Preferences Debug Logging using the RSAT – Ask the Directory Services Team

Enabling Group Policy Preferences Debug Logging using the RSAT – Ask the Directory Services Team – Site Home – TechNet Blogs.

smsagent

Scripts, tools and tips, mostly around Microsoft SCCM and EMS

To The Point

Anything about Technology and Business

Brian's Power Windows Blog

Microsoft in the Enterprise. Windows, Hyper-V, Exchange, SQL, and more!

PowerScripting Podcast

Shownotes and links for the PowerScripting Podcast, a podcast to help people learn Windows Powershell

Learn Powershell | Achieve More

What is this Powershell of which you speak?