Find Specified Software - Powershell

Question

I'm trying to check in AD if AV is installed via PS. If I run the script below individually, it comes out correctly where it is installed and where it is not.

if ( [bool](Get-Process 'Sophos UI' -EA SilentlyContinue) ) {
        $resultado="Instalado"
    } else {
        $resultado="Nao nstalado"
      }
return $resultado

However, when taking it to AD, the script below shows everything as INSTALLED, even on machines where it is not. How to fix this error?

function verificaSophos {
    if ( [bool](Get-Process 'Sophos UI' -EA SilentlyContinue) ) {
        $resultado="Instalado"
    } else {
        $resultado="Nao nstalado"
      }
  return $resultado
}

$Comps= Get-ADComputer -Filter {(Enabled -eq $True)} -properties *
$CompList = foreach ($Comp in $Comps) {
        [PSCustomObject] @{                    
        Name = $Comp.Name
        VerificaInstalacaoSophos = verificaSophos $Comp
        DataColeta = Get-Date -Format "dd/MM/yyyy HH:mm:ss"
    }
    }

$CompList | Export-CSV c:\temp\sophos.csv -NoTypeInformation -Encoding UTF8

I want that the script shows correctly information.

Answer 1

You could change your function to accept a computer name like below and use that to invoke the command on the specified machine like:

function verificaSophos {
    param (
        [string]$ComputerName = $env:COMPUTERNAME
    )
    $resultado = Invoke-Command -ComputerName $ComputerName -ScriptBlock {
                    [bool](Get-Process 'Sophos UI' -ErrorAction SilentlyContinue)
                 }
    if ($resultado) { 'Instalado' } else { 'Nao instalado' }
}

$Comps    = Get-ADComputer -Filter 'Enabled -eq $true'
$CompList = foreach ($Comp in $Comps) {
    [PSCustomObject] @{                    
        Name = $Comp.Name
        VerificaInstalacaoSophos = verificaSophos $Comp.Name
        DataColeta = Get-Date -Format "dd/MM/yyyy HH:mm:ss"
    }
}

However, the answer by js2010 is probably the easiest way.

Answer 2

Get-Process in Windows PowerShell 5.1 has a -ComputerName parameter, the protocol used is DCOM, assuming you can connect to these hosts via DCOM then you can use:

$Comps = Get-ADComputer -Filter 'Enabled -eq $True'
$map = Get-Process 'Sophos UI' -ComputerName $Comps.Name -EA SilentlyContinue |
    Group-Object MachineName -AsHashTable -NoElement

$Comps | ForEach-Object {
    $installed = 'Nao nstalado'
    if ($map.ContainsKey($_.Name)) {
        $installed = 'Instalado'
    }

    [pscustomobject]@{
        Name                     = $_.Name
        VerificaInstalacaoSophos = $installed
        DataColeta               = Get-Date -Format 'dd/MM/yyyy HH:mm:ss'
    }
} | Export-Csv c:\temp\sophos.csv -NoTypeInformation -Encoding UTF8

Otherwise, assuming WinRM is enabled in these hosts and you have permissions, you can use a similar approach but with Get-CimInstance:

$Comps = Get-ADComputer -Filter 'Enabled -eq $True'
$map = Get-CimInstance win32_process -Filter "Name LIKE 'Sophos UI%'" -ComputerName $Comps.Name -EA SilentlyContinue |
    Group-Object PSComputerName -AsHashTable -NoElement

$Comps | ForEach-Object {
    $installed = 'Nao nstalado'
    if ($map.ContainsKey($_.Name)) {
        $installed = 'Instalado'
    }

    [pscustomobject]@{
        Name                     = $_.Name
        VerificaInstalacaoSophos = $installed
        DataColeta               = Get-Date -Format 'dd/MM/yyyy HH:mm:ss'
    }
} | Export-Csv c:\temp\sophos.csv -NoTypeInformation -Encoding UTF8

Answer 3

I would do it this way over remote powershell. Run get-package locally first to load the format file with the table view. You don't need wildcards if you have the exact software name. This runs in parallel.

$comps = echo computer1,computer2,computer3
invoke-command $comps { get-package *sophos* }