Today, I will present you with a script that will retrieve a list of servers from a specified OU in AD and display the status of individual protection options in Defender for them.
In the first step, we need to fetch the list of computers or servers. If we have this list in a file, we can use that list. However, I am retrieving the list of machines from AD.
1 2 |
$ComputerList=Get-ADComputer -SearchBase "OU=Servers,OU=company,DC=domain,DC=local" -Filter 'enabled -eq "true"' | Select-Object -ExpandProperty Name $ComputerList.Count |
The variable $ComputerList will contain all the hosts to be checked.
Now, I will present the code that checks each host from the list and queries for the AV status. I’ve also implemented a safeguard to ensure that inaccessible hosts are not visible in the final report.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 |
[int]$i=1 $AVReport = @() foreach ($comp in $ComputerList) { $i++ if(Test-Connection -ComputerName $comp -Count 1){ $status = Invoke-Command -ComputerName $comp -ScriptBlock { Get-MpComputerStatus } If ($status) { $AVReport+=New-Object -TypeName PSObject -Property ([ordered]@{ "Computer Name"= $comp "AntiMalware" = $status.AMServiceEnabled "AntiSpyware"=$status.AntispywareEnabled "AntiVirus"=$status.AntivirusEnabled "AntiVirus Signatures"=$status.AntivirusSignatureLastUpdated "Behavior Monitor"=$status.BehaviorMonitorEnabled "NIS"=$status.NISEnabled "Access Protection"=$status.OnAccessProtectionEnabled "Realtime Protection"=$status.RealTimeProtectionEnabled "Rebot Req" = $status.RebootRequired }) } } } |
Depending on the format in which we want to display the report, we can use the following command:
1 |
$AVReport | Format-Table -AutoSize |
After executing the command, the result will be displayed in a separate window.
1 |
$AVReport | Out-GridView |