Most managing solutions (SCCM/ConfigMgr, Intune, or just scheduled PowerShell tasks 🙂 ) makes use of an agent type method for control, to make sure the computer can do the work when it's capable of doing so (like being on the network, powered on etc.). However, sometimes you have to get some Ad Hoc work done quickly, on as many machines as possible at that moment, and for that PowerShell and CIM sessions can be very useful.
Here is a quick example on how to, Ad Hoc, query all online machines in an OU for their Windows Defender status.
Maybe not technically defending, but close enough🙂
Requirements
This example assumes that the clients are either Windows 8.x or Windows 10, and that PowerShell remoting is enabled on each of the clients (Enable-PSRemoting). It also requires that you have installed the Remote Server Administration Tools (RSAT) on the client you run the script on.
Sample Code
This PowerShell snippet gather detailed defender data from each of the clients, stores it in a file per computer, and also generate a summary report with the Windows Defender versions and definitions from all the clients.
# Get Windows Defender Status
$i = 0
$DefenderStatusSummary = @()
foreach ($COMPUTER in $(Get-ADComputer -Filter * -Searchbase 'OU=Workstations,OU=ViaMonstra,DC=corp,DC=viamonstra,DC=com')){
$ComputerName = $($COMPUTER.Name)
$Session = New-CimSession -ComputerName $ComputerName
# Get Windows Defender status
$DefenderStatus = Get-MpComputerStatus -CimSession $Session
# Detailed output to file for each computer
$DateAndTime = Get-Date -Format "MM-dd-yyyy_hh-mm-ss"
$WindowsDefenderStatusReport = 'C:\Setup\WindowsDefenderStatus_'+"$ComputerName"+"_"+$DateAndTime+".txt"
$DefenderStatus | Out-File $WindowsDefenderStatusReport
# Combine for summary report
$DefenderStatusSummary = $DefenderStatusSummary + ($DefenderStatus | select PSComputerName, *updated,*version)
# Close the CIM Session
Remove-CimSession -CimSession $Session
$i = $i + 1
}
Write-OutPut "Number of Computers queried are: $i"
# Create Summary Report
$DefenderStatusSummary | ConvertTo-Html | Out-File 'C:\Setup\WindowsDefenderStatusSummary.html'
Write-OutPut "C:\Setup\WindowsDefenderStatusSummary.html summary report created, detailed reports for each PC in C:\Setup"
Happy Deployment, Johan