Need some help with powershell script
Hi,
I need some help to modifying the following script. The script is executed from a central server when a specific event is triggered. From the that central server the script is being executed and an email is sent. We would like to include code to use the computer name (env:COMPUTERNAME) with a the computer local account: administrator / password: 1234password to shutdown the network card.
The script will run from a central server and the code should be able to open a remote connection to the env:COMPUTERNAME then shutdown the network card.
I need some help to modifying the following script. The script is executed from a central server when a specific event is triggered. From the that central server the script is being executed and an email is sent. We would like to include code to use the computer name (env:COMPUTERNAME) with a the computer local account: administrator / password: 1234password to shutdown the network card.
The script will run from a central server and the code should be able to open a remote connection to the env:COMPUTERNAME then shutdown the network card.
$LogName = "ForwardedEvents"
$EventID = "1116"
$Recipient = "Admin@Domain.com"
$Sender = "Trojanalerts@Domain.com"
$Subject = "TROJAN or RANSOMWARE found on System $($env:COMPUTERNAME)"
$PSEMailServer = "smtp.domain.com"
$DateTime = (Get-Date).AddDays(-1)
# Get All Events in Log $LogName with EventID $EventID
$Event = Get-WinEvent -FilterHashtable @{logname=$LogName;id=$EventID} -MaxEvents 1
IF ( (($Event.Message -like '*Trojan*') -or ($Event.Message -like '*ransom*') ) -and ($Event.TimeCreated -ge $DateTime) ){
$Body = @"
TROJAN or RANSOMWare has been found on System $($env:COMPUTERNAME)
See details below:
Message: $($event.Message)
Time: $($event.TimeCreated)
Alert: $($event.LevelDisplayName)
Process: $($event.ProcessId)
Provider: $($event.ProviderName)
"@
# Send E-Mail to $Recipient
Send-MailMessage -to $Recipient -From $Sender -Subject $Subject -Body $Body -BodyAsHtml -Encoding UTF8
}ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The powershell versions are all over the place. Upgrade is not an option. Any chance to find a way that will work with the endpoints (windows 7)
Windows 7 can be upgraded but that code may work for you as is and an upgrade can be done remotely through psexec. I have a script somewhere to handle upgrading power shell to 4.0 remotely with a powershell script which calls the upgrade through psexec and you run it from your centralized server. I'll see if I can find it, by the way on your 1st question for Domain user, check line 2 of the source code I posted, it's already uses a domain user and prompts for pass.
ASKER
All right! I haven't test the code yet but one more question is the a way to Disable all Net adapters without having to specify the name of the adapter? I'm some cases the adapter might have been renamed and we might be using the wrong one.
Maybe interrogate to get all the net-adapter names and then shutdown all of them? How can I get that done via code? I was also considering shutdown computer but I' feel that disable the network adapter is much faster and cleaner. Any other suggestions?
Maybe interrogate to get all the net-adapter names and then shutdown all of them? How can I get that done via code? I was also considering shutdown computer but I' feel that disable the network adapter is much faster and cleaner. Any other suggestions?
ASKER