Is there a way to check registry definitions in Forefront on remote systems?
After playing with the script found in This Thread yesterday, I found that the script did exactly what I was looking for. However, I need to run these checks on remote systems on our network. I spent a few hours altering the script, but could not get it to run on the checks against the specified computers. I'm quite new to scripting, so I'm probably not seeing the glaring mistake. Can anyone assist with this? Any assistance would be much appreciated.
При запуске скрипт не ломается ни с какими ошибками. Он запрашивает системное имя, которое предназначено и сломается, если имя неверное или система не подключена. Если указанный компьютер подключен к сети, сценарий перейдет к значениям эха. Однако возвращаемые значения относятся к локальной системе, а не к удаленной.
strInput = UserInput( "Enter System Name:" )
WScript.Echo "You entered: " & strInput
Function UserInput( myPrompt )
If UCase( Right( WScript.FullName, 12 ) ) = "\CSCRIPT.EXE" Then
WScript.StdOut.Write myPrompt & " "
UserInput = WScript.StdIn.ReadLine
Else
UserInput = InputBox( myPrompt )
End If
End Function
strComputer = strInput
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
'Option Explicit
FCS_REGKEY_ROOT = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware"
Dim SCAN_KEY, SIGNATUREUPDATES_KEY
Dim AV_VERSION_VALUE, AS_VERSION_VALUE, ENGINE_VERSION_VALUE, AV_DATE, AS_DATE
Dim LAST_SCAN_TIME, LAST_SCAN_TYPE, INSTALL_PATH_VALUE
SCAN_KEY=FCS_REGKEY_ROOT & "\Scan"
SIGNATUREUPDATES_KEY = FCS_REGKEY_ROOT & "\Signature Updates"
INSTALL_PATH_VALUE= FCS_REGKEY_ROOT & "\InstallLocation"
AV_VERSION_VALUE= SIGNATUREUPDATES_KEY &"\AVSignatureVersion"
AS_VERSION_VALUE= SIGNATUREUPDATES_KEY &"\ASSignatureVersion"
ENGINE_VERSION_VALUE= SIGNATUREUPDATES_KEY &"\EngineVersion"
AV_DATE= SIGNATUREUPDATES_KEY &"\AVSignatureApplied"
AS_DATE= SIGNATUREUPDATES_KEY &"\ASSignatureApplied"
LAST_SCAN_TIME= SCAN_KEY & "\LastScanRun"
LAST_SCAN_TYPE= SCAN_KEY & "\LastScanType"
'************ MAIN ************
Dim AV_Version, AS_Version, EngineVersion, ProductVersion
Dim AV_BuildDate, AS_BuildDate, LastScanTime, LastScanType
Dim objShell
set objShell = CreateObject("WScript.Shell")
'============ Get current info ============
AV_Version = objShell.RegRead(AV_VERSION_VALUE)
AS_Version = objShell.RegRead(AS_VERSION_VALUE)
EngineVersion = objShell.RegRead(ENGINE_VERSION_VALUE)
AV_BuildDate = BinaryToDate( objShell.RegRead(AV_DATE) )
AS_BuildDate = BinaryToDate( objShell.RegRead(AS_DATE) )
ProductVersion = GetProductVersion(INSTALL_PATH_VALUE)
LastScanTime = BinaryToDate( objShell.RegRead(LAST_SCAN_TIME) )
LastScanType = GetScanType( objShell.RegRead(LAST_SCAN_TYPE) )
'============ Display summary info ============
WScript.echo "Microsoft Forefront Client Security version: " & ProductVersion
WScript.echo "Engine version: " & EngineVersion
WScript.echo "Antivirus Definition: Version " & AV_Version & " created on " & AV_BuildDate
WScript.echo "Antispyware Definition: Version " & AS_Version & " created on " & AS_BuildDate
WScript.echo "Last scan: " & LastScanTime & " (" & LastScanType & ")"
'************ END MAIN ************
'===============================================================
'Function BinaryToDate will covert a binary DATE_TIME structure into a Variant date set to the local time
' Parameter: bArray - a VARIANT array of bytes
' Return: a VARIANT date
Function BinaryToDate(bArray)
dim Seconds,Days,dateTime
Set dateTime = CreateObject("WbemScripting.SWbemDateTime")
Seconds = bArray(7)*(2^56) + bArray(6)*(2^48) + bArray(5)*(2^40) + bArray(4)*(2^32) _
+ bArray(3)*(2^24) + bArray(2)*(2^16) + bArray(1)*(2^8) + bArray(0)
Days = Seconds/(1E7*86400)
dateTime.SetVarDate CDate(DateSerial(1601, 1, 1) + Days ), false
BinaryToDate = dateTime.GetVarDate ()
End Function
'===============================================================
'Function GetProductVersion will query a registry key for the file location and then return the version from the filesystem
' Parameter: strRegPath - path to the registry pointing to the installation location
' Return: a VARIANT string containing the product version
Function GetProductVersion(regPath)
const FILE_TO_CHECK = "\msmpeng.exe"
dim strFilePath, objFSO
strFilePath = objShell.RegRead(regPath) & FILE_TO_CHECK
Set objFSO = CreateObject("Scripting.FileSystemObject")
GetProductVersion = objFSO.GetFileVersion(strFilePath)
Set objFSO = Nothing
End Function
'===============================================================
'Function GetScanType will return a string with the scan type that corresponds to the enum
' Parameter: iScanType - type of scan
' Return: a VARIANT string containing text type of scan
Function GetScanType(iScanType)
Select case(iScanType)
Case 1 : GetScanType= "Quick Scan"
Case 2 : GetScanType= "Full Scan"
Case Else GetScanType= "Invalid Scan type"
End Select
End Function