Monthly Archives: August 2012

Get info about Antivirus from Windows Security Centre using Powershell and WMI

function Get-WscAntiVirusInfo {
[CmdletBinding()]
param (
[parameter(ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true)]
[Alias('name')]
$computername=$env:computername
)

$AntiVirusProduct =  gwmi -Namespace root\securitycenter2 -Class AntiVirusProduct -ComputerName $computername
$ProductState=$AntiVirusProduct.ProductState
#$ProductState
$HexProductState="{0:x6}" -f $ProductState
Write-Verbose "HexProductState=$HexProductState"

#$FirstByte = Join-String -Strings "0x", $HexProductState.Substring(0,2)
$FirstByte = -join (“0x”, $HexProductState.Substring(0,2))

Write-Verbose "FirstByte=$FirstByte"
$SecondByte = $HexProductState.Substring(2,2)
Write-Verbose "SecondByte=$SecondByte"
$ThirdByte = $HexProductState.Substring(4,2)
Write-Verbose "ThirdByte=$ThirdByte"

$ObjHt=@{Computername=$ComputerName; `
        AntivirusName=$AntiVirusProduct.displayName; `
        InstanceGuid=$AntiVirusProduct.instanceGuid; `
        PathToSignedProductExe=$AntiVirusProduct.pathToSignedProductExe; `
        PathToSignedReportingExe=$AntiVirusProduct.pathToSignedReportingExe; `
        ProductState=$AntiVirusProduct.productState; `
        HexProductState=$HexProductState; `
        AntivirusPresent=$false; `
        ThirdPartyFirewallPresent=$false; `
        AutoUpdate=$false; `
        RealTimeProtection=$false; `
        VirusDefsUptoDate=$false}

switch ($FirstByte) {
    {($_ -band 1) -gt 0} {$ObjHt.ThirdPartyFirewallPresent=$true}
    {($_ -band 2) -gt 0} {$ObjHt.AutoUpdate=$true}
    {($_ -band 4) -gt 0} {$ObjHt.AntivirusPresent=$true}
}

if ($SecondByte -eq "10") {
    $ObjHt.RealTimeProtection=$true
}

if ($ThirdByte -eq "00") {
    $ObjHt.VirusDefsUptoDate=$true
}

New-Object -TypeName PSObject -Property $ObjHt

}

To discover other classes in the root\SecurityCenter2  namespace use

Get-WmiObject -Namespace root\SecurityCenter2 -List

Using enums in Powershell

Using enums in Powershell | I’ve got the byte on my side.

PowerShell Byte Array And Hex Functions

PowerShell Byte Array And Hex Functions.

Convert decimal to hex and binary in Powershell

dec to hex

PS> "{0:x}" -f 397312
61000
PS> [String]::Format("{0:x}", 397312)
61000
PS> [Convert]::ToString(397312, 16)
61000

If you want the hex number to have 6 digits then use

PS> "{0:x6}" -f 397312
061000

hex to dec

PS> "{0:d}" -f 0x61000
397312

PS> [String]::Format("{0:d}", 0x61000)
397312

PS> [Convert]::ToString(0x061000, 10)
397312

dec to bin

PS> [Convert]::ToString(129, 2)
10000001

hex to bin

PS> [Convert]::ToString(0x81, 2)
10000001

Group Policy Settings Search

http://gps.cloudapp.net/

Windows 7–enable showing state information instead of Please wait message

Run Group Policy Management (Start > Run > gpmc.msc)

Computer conf./Administrative Templates/System/Verbose vs normal status messages

Note Windows ignores this setting if the Remove Boot / Shutdown / Logon / Logoff status messages setting is turned on

Enabling Group Policy Preferences Debug Logging using the RSAT – Ask the Directory Services Team

Enabling Group Policy Preferences Debug Logging using the RSAT – Ask the Directory Services Team – Site Home – TechNet Blogs.

smsagent

Tips, tricks and time-savers for the Windows and ConfigMgr administrator

To The Point

Anything about Technology and Business

Brian's Power Windows Blog

Microsoft in the Enterprise. Windows, Hyper-V, Exchange, SQL, and more!

PowerScripting Podcast

Shownotes and links for the PowerScripting Podcast, a podcast to help people learn Windows Powershell

Learn Powershell | Achieve More

What is this Powershell of which you speak?