Issue with Regestry with SEP Ver 12

This topic contains 3 replies, has 4 voices, and was last updated by  Tore Groneng 3 years, 8 months ago.

  • Author
    Posts
  • #13897

    Balamurali Sharma
    Participant

    $ServerList = Get-Content "H:\My Documents\My Powershell\serverlist.txt"
    $c=Get-Credential

    foreach ($computer in $ServerList) {

    write-host `n

    if (Test-Connection -ComputerName $computer -Quiet)
    {
    write-host Processing server $computer -ForegroundColor yellow
    $column = 1

    $Opt = New-CimSessionOption -Protocol Dcom
    $Session = New-CimSession -ComputerName $computer -Credential $c -SessionOption $Opt

    $AVD = Invoke-Command -ComputerName $computer {((get-ItemProperty 'Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\AV' -Name PatternFileDate -ea 0).PatternFileDate) } -Credential $c
    $AVR= Invoke-Command -ComputerName "$computer" {((Get-ItemProperty "HKLM:SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\AV\" -Name PatternFileRevision -ea 0).PatternFileRevision) } -Credential $c

    $AVPatternFileDate = $AVD

    # Convert PatternFileDate to readable date
    $AVYearFileDate = [string]($AVPatternFileDate[0] + 1970)
    $AVMonthFileDate = [string] ($AVPatternFileDate[1]+1)
    $AVDayFileDate = [string] $AVPatternFileDate[2]
    $AVPatternFileDate = $AVDayFileDate + "/" + $AVMonthFileDate + "/" + $AVYearFileDate

    Write-Host $computer,$AVPatternFileDate,$AVR
    }
    }
    ———————————–
    Result is:
    Processing server CRVWW00A0007
    CRVWW00A0007 17/3/2014 4

    The above script is working fine for SEP Version 11. but not for SEP Version 12.0
    < #———————————————— Using this for SEP version 12 not working $AV= Invoke-Command -ComputerName "$computer" {((Get-ItemProperty "HKLM:Symantec\Symantec Endpoint Protection\CurrentVersion\Public-Opstate\" -Name LatestVirusDefsDate -ea 0).LatestVirusDefsDate) } -Credential $c $AV= Invoke-Command -ComputerName "$computer" {((Get-ItemProperty "HKLM:Symantec\Symantec Endpoint Protection\CurrentVersion\Public-Opstate\" -Name LatestVirusDefsRevision -ea 0).LatestVirusDefsRevision) } -Credential $c —————————————–#>
    Getting error:
    Connecting to remote server SERVER1 failed with the following error message : WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet. For more information, see the about_Remote_Troubleshooting Help topic.
    Not sure how to get the results in SEP version 12. Please advice.

  • #13898

    Richard Siddaway
    Moderator

    If its working on SEP 11 and not SEP 12 I'd start thinking that something in SEP has changed.

    Try RDPing onto a SEP 12 machine and check that the registry keys you are using are correct. Test remoting using a simple cmdlet like get-process. SEP 12 may have broken/stopped remoting or changed a firewall exception

  • #13904

    Dave Wyatt
    Moderator

    I'm not sure why you're creating a CIM Session (with the DCOM protocol) in that code, since you're not using that session. Invoke-Command uses WinRM (PSSession, not CIMSession).

    You can access the registry via WMI, but you'll have to make use of Invoke-CimMethod to do it, not Invoke-Command.

  • #13906

    Tore Groneng
    Participant

    hi,

    Have to agree with both moderators here, however the error clearly states that the connection to server1 failed. Since you are using the test-connection cmdlet, the server is online and reachable with ICMP(ping). That narrows it down to:

    1. Firewall exception for WinRM is missing on Server1
    2. If the server running the script and Server1 are on different subnets, maybe there is a firewall there blocking access to WinRM
    3. Your user ($c) is not an "admin" user on Server1
    4. Is the WinRM service running on Server1?

    Still, you should follow Richard's advice on checking if Server1 have those registry values you are looking for.

    Next you could try and test remoting from Server1 and see if that works. If you really want to get your fingers dirty, Don Jones has written an blog on how to diagnose WinRM issues here:


    troubleshooting-winrm-and-powershell-remoting-part-1

    Cheers

    Tore

You must be logged in to reply to this topic.