Hello everyone,
I friend asked me to write this Powershell script for him so, I thought I'd post it here for everyone else to use. The script loads in a list of servers/PCs into memory. It then remotely queries the SEP version key and display a list a machine names and their SEP versions. I hope you all find it beneficial.
[I've also attached the script to this post]
# ******************************************************************************
# Script which loads in a list of server or PC names, and queries their registry
# to determine what version of SEP is on them
# NOTE: it will output a list containing the machine's name and its SEP version
# I've found that anything that returns a blank version is the result of either;
# A) SEP is not installed
# B) I don't have rights to connect to the machine
# Written by Henry C. Hernandez [InfoSecWay.com]
# Date: March 24th, 2010
# Modified:
# Legal Stuff:
# There are no warrenties with this script.
# Use at your own risk
# ******************************************************************************
$File = Import-Csv 'c:\hostlist.csv' #NOTE: the first line of this file must say machinename
foreach ($line in $file)
{
$machinename = $line.machinename
#Continue the script even if an error happens
trap [Exception] {continue}
$reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey("LocalMachine",$MachineName)
#Set the Reg Container
$key = "SOFTWARE\\Symantec\\Symantec Endpoint Protection\\SMC"
$regkey = "" #clears the value between loop runs
$regkey = $reg.opensubkey($key)
$SEPver = "" #clears the value between loop runs
#NOTE: the values between the " ' " symbols are the key you're looking for
$SEPver = $regKey.GetValue('ProductVersion')
$Results = $MachineName , $SEPver
Write-host $Results
#Write-Output ************
}