如何从远程 PC 使用 Get-MPComputerStatus?
How do I use Get-MPComputerStatus from Remote PC?
我正在尝试使用 powershell 脚本远程获取 Domain pc 的反恶意软件状态。以下代码按预期工作,只是我不知道如何将 -computername 参数传递给 Get-MpComputerStatus 命令。它将 return 本地电脑的恶意软件状态,即 运行 脚本,而不是 AD 电脑的。其余变量,例如位置、设备名称、序列号 return 已正确编辑:
import-module ActiveDirectory
Get-ADComputer -filter "name -like '*'" |
Select -expandproperty name |
ForEach {
$results = % { Get-ADComputer -Identity $_ -Properties Description }
$cs = gwmi win32_bios -ComputerName $_ -ErrorAction SilentlyContinue
$os = Get-Wmiobject -class Win32_operatingsystem -computername $_ -ErrorAction SilentlyContinue
$bios = Get-WmiObject Win32_ComputerSystem -ComputerName $_ -ErrorAction SilentlyContinue
$rs = Get-MpComputerStatus
#$rs = Get-WmiObject Win32_ComputerSystem -ComputerName $_ -ErrorAction SilentlyContinue | Get-MpComputerStatus
$Object = New-Object PSObject -Property @{
"Device Name" = $results.name
"Physical Location" = $results.description
"Employee" = $bios.UserName
"Last Logon Date" = $results.LastLogonDate
"Category" = $bios.ChassisSKUNumber
"Vendor" = $bios.Manufacturer
"Make/Model" = $bios.Model
"Serial Number" = $cs.SerialNumber
'OS' = $os.caption
'Malware Updated' = $rs.AntivirusSignatureLastUpdated
'AntiSpyware Status' = $rs.AntispywareEnabled
'AntiMalware Version' = $rs.AMServiceVersion
}
$Object |
Select-Object "Physical Location", "Employee", "Device Name", "Malware Updated",'AntiSpyware Status','AntiMalware Version', "Serial Number", "Vendor", "Make/Model", "OS"|
Export-Csv -Append -Force -NoTypeInformation "$($env:USERPROFILE)\documents\WinDef.csv" #"c:\data\asset_inventory2.csv
}
您可以按照 MS 文档中的说明使用 -CimSession:
在远程会话或远程计算机上运行 cmdlet。输入计算机名称或会话对象,例如 New-CimSession 或 Get-CimSession cmdlet 的输出。默认为本地计算机上的当前会话
或者你可以$rs=Invoke-Command RemoteComputer {Get-MpComputerStatus}
我正在尝试使用 powershell 脚本远程获取 Domain pc 的反恶意软件状态。以下代码按预期工作,只是我不知道如何将 -computername 参数传递给 Get-MpComputerStatus 命令。它将 return 本地电脑的恶意软件状态,即 运行 脚本,而不是 AD 电脑的。其余变量,例如位置、设备名称、序列号 return 已正确编辑:
import-module ActiveDirectory
Get-ADComputer -filter "name -like '*'" |
Select -expandproperty name |
ForEach {
$results = % { Get-ADComputer -Identity $_ -Properties Description }
$cs = gwmi win32_bios -ComputerName $_ -ErrorAction SilentlyContinue
$os = Get-Wmiobject -class Win32_operatingsystem -computername $_ -ErrorAction SilentlyContinue
$bios = Get-WmiObject Win32_ComputerSystem -ComputerName $_ -ErrorAction SilentlyContinue
$rs = Get-MpComputerStatus
#$rs = Get-WmiObject Win32_ComputerSystem -ComputerName $_ -ErrorAction SilentlyContinue | Get-MpComputerStatus
$Object = New-Object PSObject -Property @{
"Device Name" = $results.name
"Physical Location" = $results.description
"Employee" = $bios.UserName
"Last Logon Date" = $results.LastLogonDate
"Category" = $bios.ChassisSKUNumber
"Vendor" = $bios.Manufacturer
"Make/Model" = $bios.Model
"Serial Number" = $cs.SerialNumber
'OS' = $os.caption
'Malware Updated' = $rs.AntivirusSignatureLastUpdated
'AntiSpyware Status' = $rs.AntispywareEnabled
'AntiMalware Version' = $rs.AMServiceVersion
}
$Object |
Select-Object "Physical Location", "Employee", "Device Name", "Malware Updated",'AntiSpyware Status','AntiMalware Version', "Serial Number", "Vendor", "Make/Model", "OS"|
Export-Csv -Append -Force -NoTypeInformation "$($env:USERPROFILE)\documents\WinDef.csv" #"c:\data\asset_inventory2.csv
}
您可以按照 MS 文档中的说明使用 -CimSession:
在远程会话或远程计算机上运行 cmdlet。输入计算机名称或会话对象,例如 New-CimSession 或 Get-CimSession cmdlet 的输出。默认为本地计算机上的当前会话
或者你可以$rs=Invoke-Command RemoteComputer {Get-MpComputerStatus}