www.get-cmd.com

EPM 2012 R2 : Check End Point Protection status for AD computers

28 juin 2014 Nicolas EndPoint Protection Manager 0

I just released this script on the script center of technet gallery : http://gallery.technet.microsoft.com/scriptcenter/Check-End-Point-Protection-875ffdc6

Here is the description :

Sometimes you need to check if antivirus is enable or not on AD Computers/Servers. You can do it by your monitoring application, but this script can be useful to check daily your infrastructure. So this script will display for each AD Computers (you can modify the query for specific OU) :

AntiSpyware : True for enabled / Nothing for Disabled or Not installed
Last Updated AntiSpyware Signature : The last update for spyware definitions
AntiVirus : True for enabled / Nothing for Disabled or Not installed
Last Updated Antivirus :  The last update for antivirus definitions

epm

Here is the script :

#REQUIRES -Version 2.0  
  
<#  
.SYNOPSIS   
    Check the client status of End Point Protection for AD Computers  
  
.DESCRIPTION  
    Create a schedule task to run daily this script. It will retrieve informations about End Point Protection for AD Computers and send the result by email. 
  
.NOTES    
    NAME: Check_EPM_Status.ps1  
    AUTHOR: PRIGENT Nicolas [www.get-cmd.com]  
    v1.0 - 06/28/2014 - N.PRIGENT : Creation 
  
.LINK   
    Script posted over : www.get-cmd.com  
  
.EXAMPLE   
    Just run ./Check_EPM_Status.ps1  
    If you don't have EPM on a computer, errors will appear in the powershell console. 
#>  
 
# Variables : Modify this query for a specific OU 
 
$ADComputers = Get-ADComputer -Filter 'ObjectClass -eq "Computer"' | Select -Expand DNSHostName 
$tab = @() 
 
### 
$a = @' 
<!--mce:0--> 
'@ 
### 
 
# for each computer, get the DNS Host Name 
 
foreach ($Comp in $ADComputers) { 
 
# Reset variables 
 
$objet = new-object Psobject 
 
# New powershell session 
$session = New-PSSession -ComputerName $Comp 
 
# Import module EPM 
 
$ImportMod = {Import-Module “$env:ProgramFiles\Microsoft Security Client\MpProvider”} 
 
# Display informations 
 
$AntiSpy = {Get-MProtComputerStatus | Select -Expand AntispywareEnabled}  
$AntiSpyLastUp = {Get-MProtComputerStatus | Select -Expand AntispywareSignatureLastUpdated} 
$AntiVir = {Get-MProtComputerStatus | Select -Expand AntivirusEnabled} 
$AntiVirLastUp = {Get-MProtComputerStatus | Select -Expand AntivirusSignatureLastUpdated} 
 
$Imp = Invoke-Command -session $session -scriptblock $ImportMod 
$spy = Invoke-Command -session $session -scriptblock $AntiSpy 
$spyUp = Invoke-Command -session $session -scriptblock $AntiSpyLastUp 
$vir = Invoke-Command -session $session -scriptblock $AntiVir 
$virUp = Invoke-Command -session $session -scriptblock $AntiVirLastUp 
 
$objet | Add-member -Name "Server name" -Membertype "Noteproperty" -Value $Comp 
$objet | Add-member -Name "Status of AntiSpyware" -Membertype "Noteproperty" -Value $spy 
$objet | Add-member -Name "Last updated AntiSpyware Signature" -Membertype "Noteproperty" -Value $spyUp 
$objet | Add-member -Name "Status of AntiVirus" -Membertype "Noteproperty" -Value $vir 
$objet | Add-member -Name "Last updated AntiVirus Signature" -Membertype "Noteproperty" -Value $virUp 
$tab += $objet 
 
Exit-PSSession 
} 
 
# sort the table 
$tab = $tab | Sort-Object "Server Name" 
 
# Add to the body for mail 
$body = $tab | ConvertTo-HTML -head $a 
 
# And send mail 
send-mailmessage -to "Email@domain.com" -from "Check@EndPointProtection" -subject "EndPoint Protection Status for AD Computers" -body ($body | out-string) -BodyAsHTML -SmtpServer "x.x.x.x:YY"
About Nicolas 282 Articles
I work as an IT Production Manager, based in Paris (France) with a primary focus on Microsoft technologies. I have 10 years experience in administering Windows Servers. . I am a Microsoft MVP for Cloud & Datacenter Management. I also received the PowerShell Hero 2016 award by PowerShell.0rg. And finally, I am "MCSE: Cloud Platform and Infrastructure", "MCSA: Windows Servers", "Administering & Deploying SCCM", and CheckPoint CCSA certified.