stressedout2004
asked on
PowerShell Code Needs Modifications
Hello,
I need the following code below to perform the following:
1. to append the FQDN to the $computerName variable.
2. The following data needs to be populated
__GENUS : 2
__CLASS : Win32_EncryptableVolume
__SUPERCLASS :
__DYNASTY : Win32_EncryptableVolume
__RELPATH : Win32_EncryptableVolume.De viceID="\\ \\?\\Volum e{Commente d OUT}\\"
__PROPERTY_COUNT : 8
__DERIVATION : {}
__SERVER : TestSystem
__NAMESPACE : root\CIMV2\Security\Micros oftVolumeE ncryption
__PATH : \\TestSystem\root\CIMV2\Se curity\Mic rosoftVolu meEncrypti on:Win32_E ncryptable Volume.Dev iceID=
"\\\\?\\Volume{Commented OUT}\\"
ConversionStatus : 1
DeviceID : \\?\Volume{Commented OUT}\
DriveLetter : C:
EncryptionMethod : 6
IsVolumeInitializedForProt ection : True
PersistentVolumeID : {Commented OUT}
ProtectionStatus : 1
VolumeType : 0
PSComputerName : TestSystem
I need the following code below to perform the following:
1. to append the FQDN to the $computerName variable.
2. The following data needs to be populated
__GENUS : 2
__CLASS : Win32_EncryptableVolume
__SUPERCLASS :
__DYNASTY : Win32_EncryptableVolume
__RELPATH : Win32_EncryptableVolume.De
__PROPERTY_COUNT : 8
__DERIVATION : {}
__SERVER : TestSystem
__NAMESPACE : root\CIMV2\Security\Micros
__PATH : \\TestSystem\root\CIMV2\Se
"\\\\?\\Volume{Commented OUT}\\"
ConversionStatus : 1
DeviceID : \\?\Volume{Commented OUT}\
DriveLetter : C:
EncryptionMethod : 6
IsVolumeInitializedForProt
PersistentVolumeID : {Commented OUT}
ProtectionStatus : 1
VolumeType : 0
PSComputerName : TestSystem
Import-Module -Name ActiveDirectory
$resultFile = 'C:\Temp\ProtectionStatus.csv'
$computerList = Get-ADComputer -filter * -SearchBase "OU=Center Manager,OU=Clinical Desktops,OU=Computer Accounts,DC=ppct,DC=world" |
Select-Object -ExpandProperty DNSHostName
$computerList | Foreach-Object {
$computerName = $_
"Processing $($computerName) ..." | Write-Host -ForegroundColor White -NoNewline
Try {
Get-WmiObject -ComputerName $computerName -Namespace "root\CIMV2\Security\MicrosoftVolumeEncryption" -Query "SELECT DriveLetter, ProtectionStatus FROM Win32_EncryptableVolume" -ErrorAction Stop |
Select-Object -Property @{n='ComputerName'; e={$computerName}}, DriveLetter, ProtectionStatus, Error
" OK" | Write-Host -ForegroundColor Green
} Catch {
$_ | Select-Object -Property @{n='ComputerName'; e={$computerName}}, DriveLetter, ProtectionStatus, @{n='Error'; e={$_.Exception.Message}}
" ERROR" | Write-Host -ForegroundColor Red
}
} | Export-Csv -NoTypeInformation -Path $resultFile
"Results written to '$($resultFile)'" | Write-Host -ForegroundColor White
Import-Csv -Path $resultFile | Out-GridView
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I need to pull information to prove a laptop is encrypted. Does that help :)
Also I receive the RPC Error. Can we append the DNS namespace ppct.world to the computer name? I have verified that WMI, DCOM and permissions are not the problem. Further, the firewall is turned off and the account running the script is a Domain Admin Account.
Untitled.jpg
Also I receive the RPC Error. Can we append the DNS namespace ppct.world to the computer name? I have verified that WMI, DCOM and permissions are not the problem. Further, the firewall is turned off and the account running the script is a Domain Admin Account.
Untitled.jpg
You're using an old version of the script (or you copied/replaced line 3 without the pipe at the end). Check the ComputerName column - that's the machine's Distinguished Name, not the FQDN, which does no good for remote queries.
The current script extracts the machine's FQDN from AD (lines 3 and 4 above).
And the WMI specific properties ("__...") are pretty irrelevant when it comes to show that a drive is encrypted. The normal properties will do just nicely.
The current script extracts the machine's FQDN from AD (lines 3 and 4 above).
And the WMI specific properties ("__...") are pretty irrelevant when it comes to show that a drive is encrypted. The normal properties will do just nicely.
ASKER
Got it thanks. One final question. What syntax would I enter to search all computer objects in AD?
Just don't limit the search by removing the -SearchBase "OU=Center Manager,OU=Clinical Desktops,OU=Computer Accounts,DC=ppct,DC=world" in line 3 (but make sure to keep the pipe | at the end!)
ASKER
To confirm
$computerList = Get-ADComputer -filter * -SearchBase "OU=Center Manager,OU=Clinical Desktops,OU=Computer Accounts,DC=ppct,DC=world" |
Becomes this
$computerList = Get-ADComputer -filter * |
$computerList = Get-ADComputer -filter * -SearchBase "OU=Center Manager,OU=Clinical Desktops,OU=Computer Accounts,DC=ppct,DC=world"
Becomes this
$computerList = Get-ADComputer -filter * |
Like that, yes.
ASKER
works perfect
If you need to change which properties are included in your results, just specify them with the Select-Object commands (on lines 11 and 14).