I am trying to fetch the patch,AV and application service status using invoke cmdlet. Its failing to write the output.
If I try to get McAfee and Service status its displaying the output but for the third script which is failing to write output($hotfixinfo).
If I log in to the VM manually and execute it I can get the output.
$script = @'
if([IntPtr]::Size -eq 8){
$text = Get-ItemProperty -Path "HKLM:\SOFTWARE\WOW6432Node\Network Associates\ePolicy Orchestrator\Agent\" -ErrorAction SilentlyContinue |
%{"$($_.AgentGUID)"}
}
elseif([IntPtr]::Size -eq 4){
$text = Get-ItemProperty -Path "HKLM:\SOFTWARE\Network Associates\ePolicy Orchestrator\Agent\" -ErrorAction SilentlyContinue |
%{"$($_.AgentGUID)"}
}
if(-not $text){
$text = Get-Service -Name "McAfee Framework Service" -ErrorAction SilentlyContinue | %{"$($_.Name) is $($_.Status)"}
if(-not $text){
$text = Get-Service -Name wuauserv | Select -First 1 |
%{"$($_.Name) is $($_.Status)"}
}
}
$cbout = Get-Service -Name "CarbonBlack" -ErrorAction SilentlyContinue | Select -first 1 | %{"$($_.Name) is $($_.Status)"}
if(-not $cbout){
$cbout = Get-Service -Name wuauserv | Select -first 1 | %{"$($_.Name) is $($_.Status)"}
}
$hotfixinfo=@()
[reflection.assembly]::LoadWithPartialName("System.Version")
$os = Get-WmiObject -class Win32_OperatingSystem
$osName = $os.Caption
$s = "%systemroot%\system32\drivers\srv.sys"
$v = [System.Environment]::ExpandEnvironmentVariables($s)
If (Test-Path "$v")
{
Try
{
$versionInfo = (Get-Item $v).VersionInfo
$versionString = "$($versionInfo.FileMajorPart).$($versionInfo.FileMinorPart).$($versionInfo.FileBuildPart).$($versionInfo.FilePrivatePart)"
$fileVersion = New-Object System.Version($versionString)
}
Catch
{
$hotfixinfo+= "Unable to retrieve file version info, please verify vulnerability state manually."
Return
}
}
Else
{
$hotfixinfo+= "Srv.sys does not exist, please verify vulnerability state manually."
Return
}
if ($osName.Contains("Vista") -or ($osName.Contains("2008") -and -not $osName.Contains("R2")))
{
if ($versionString.Split('.')[3][0] -eq "1")
{
$currentOS = "$osName GDR"
$expectedVersion = New-Object System.Version("6.0.6002.19743")
}
elseif ($versionString.Split('.')[3][0] -eq "2")
{
$currentOS = "$osName LDR"
$expectedVersion = New-Object System.Version("6.0.6002.24067")
}
else
{
$currentOS = "$osName"
$expectedVersion = New-Object System.Version("9.9.9999.99999")
}
}
elseif ($osName.Contains("Windows 7") -or ($osName.Contains("2008 R2")))
{
$currentOS = "$osName LDR"
$expectedVersion = New-Object System.Version("6.1.7601.23689")
}
elseif ($osName.Contains("Windows 8.1") -or $osName.Contains("2012 R2"))
{
$currentOS = "$osName LDR"
$expectedVersion = New-Object System.Version("6.3.9600.18604")
}
elseif ($osName.Contains("Windows 8") -or $osName.Contains("2012"))
{
$currentOS = "$osName LDR"
$expectedVersion = New-Object System.Version("6.2.9200.22099")
}
elseif ($osName.Contains("Windows 10"))
{
if ($os.BuildNumber -eq "10240")
{
$currentOS = "$osName TH1"
$expectedVersion = New-Object System.Version("10.0.10240.17319")
}
elseif ($os.BuildNumber -eq "10586")
{
$currentOS = "$osName TH2"
$expectedVersion = New-Object System.Version("10.0.10586.839")
}
elseif ($os.BuildNumber -eq "14393")
{
$currentOS = "$($osName) RS1"
$expectedVersion = New-Object System.Version("10.0.14393.953")
}
elseif ($os.BuildNumber -eq "15063")
{
$currentOS = "$osName RS2"
$hotfixinfo+="No need to Patch. RS2 is released as patched. "
return
}
}
elseif ($osName.Contains("2016"))
{
$currentOS = "$osName"
$expectedVersion = New-Object System.Version("10.0.14393.953")
}
elseif ($osName.Contains("Windows XP"))
{
$currentOS = "$osName"
$expectedVersion = New-Object System.Version("5.1.2600.7208")
}
elseif ($osName.Contains("Server 2003"))
{
$currentOS = "$osName"
$expectedVersion = New-Object System.Version("5.2.3790.6021")
}
else
{
$hotfixinfo+="Unable to determine OS applicability, please verify vulnerability state manually."
$currentOS = "$osName"
$expectedVersion = New-Object System.Version("9.9.9999.99999")
}
#Write-Host "`n`nCurrent OS: $currentOS (Build Number $($os.BuildNumber))" -ForegroundColor Cyan
#Write-Host "`nExpected Version of srv.sys: $($expectedVersion.ToString())" -ForegroundColor Cyan
#Write-Host "`nActual Version of srv.sys: $($fileVersion.ToString())" -ForegroundColor Cyan
If ($($fileVersion.CompareTo($expectedVersion)) -lt 0)
{
$hotfixinfo+= "`n`n"
$hotfixinfo+= "System is NOT Patched"
}
Else
{
$hotfixinfo+= "`n`n"
$hotfixinfo+= "System is Patched"
}
$outputarray=@()
$outputarray+=$hotfixinfo
$outputarray+=$cbout
$outputarray+=$text
$outputarray -join ';'
'@
$obj = foreach($vm in (Get-VM | Where-Object {$_.PowerState -eq "Poweredon" -and $_.ExtensionData.Config.GuestFullName -like "*Microsoft*"})) {
$out1 = Invoke-VMScript -VM $vm.Name -GuestUser "administrator" -GuestPassword "" -ScriptText $script -ScriptType Powershell -ErrorAction Stop | Select -ExpandProperty ScriptOutput
New-Object PSObject -Property (
[ordered]@{
Name = $vm.Name
OS = $vm.Guest.OSFullName
IP = ($vm.Guest.IPAddress | Where {($_.Split(".")).length -eq 4}) -join (",")
Cluster=$vm.VMHost.Parent.Name
RP = $vm.ResourcePool.Name
Out1 = $out1
})
}
$obj
#|Export-Csv -Path 'C:\My Data\CSV Output\report.csv' -NoTypeInformation -NoClobber
Are you sure you are not hitting one of the return statements?
Perhaps try adding a different value on each return (e,g,return 6), that way you should be able to get an idea where the script exits.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
When I try to execute this inside the guest os(manually). I can see the output but its not writing while using (Invoke-VMScript -VM $vm.Name -GuestUser "administrator" -GuestPassword "" -ScriptText $script -ScriptType Powershell -ErrorAction Stop | Select -ExpandProperty ScriptOutput)
if([IntPtr]::Size -eq 8){
$text = Get-ItemProperty -Path "HKLM:\SOFTWARE\WOW6432Node\Network Associates\ePolicy Orchestrator\Agent\" -ErrorAction SilentlyContinue |
%{"$($_.AgentGUID)"}
}
elseif([IntPtr]::Size -eq 4){
$text = Get-ItemProperty -Path "HKLM:\SOFTWARE\Network Associates\ePolicy Orchestrator\Agent\" -ErrorAction SilentlyContinue |
%{"$($_.AgentGUID)"}
}
if(-not $text){
$text = Get-Service -Name "McAfee Framework Service" -ErrorAction SilentlyContinue | %{"$($_.Name) is $($_.Status)"}
if(-not $text){
$text = Get-Service -Name wuauserv | Select -First 1 |
%{"$($_.Name) is $($_.Status)"}
}
}
$cbout = Get-Service -Name "CarbonBlack" -ErrorAction SilentlyContinue | Select -first 1 | %{"$($_.Name) is $($_.Status)"}
if(-not $cbout){
$cbout = Get-Service -Name wuauserv | Select -first 1 | %{"$($_.Name) is $($_.Status)"}
}
$hotfixinfo=&{
[reflection.assembly]::LoadWithPartialName("System.Version")
$os = Get-WmiObject -class Win32_OperatingSystem
$osName = $os.Caption
$s = "%systemroot%\system32\drivers\srv.sys"
$v = [System.Environment]::ExpandEnvironmentVariables($s)
If (Test-Path "$v")
{
Try
{
$versionInfo = (Get-Item $v).VersionInfo
$versionString = "$($versionInfo.FileMajorPart).$($versionInfo.FileMinorPart).$($versionInfo.FileBuildPart).$($versionInfo.FilePrivatePart)"
$fileVersion = New-Object System.Version($versionString)
}
Catch
{
Write-Host "Unable to retrieve file version info, please verify vulnerability state manually." -ForegroundColor Yellow
Return
}
}
Else
{
Write-Host "Srv.sys does not exist, please verify vulnerability state manually." -ForegroundColor Yellow
Return
}
if ($osName.Contains("Vista") -or ($osName.Contains("2008") -and -not $osName.Contains("R2")))
{
if ($versionString.Split('.')[3][0] -eq "1")
{
$currentOS = "$osName GDR"
$expectedVersion = New-Object System.Version("6.0.6002.19743")
}
elseif ($versionString.Split('.')[3][0] -eq "2")
{
$currentOS = "$osName LDR"
$expectedVersion = New-Object System.Version("6.0.6002.24067")
}
else
{
$currentOS = "$osName"
$expectedVersion = New-Object System.Version("9.9.9999.99999")
}
}
elseif ($osName.Contains("Windows 7") -or ($osName.Contains("2008 R2")))
{
$currentOS = "$osName LDR"
$expectedVersion = New-Object System.Version("6.1.7601.23689")
}
elseif ($osName.Contains("Windows 8.1") -or $osName.Contains("2012 R2"))
{
$currentOS = "$osName LDR"
$expectedVersion = New-Object System.Version("6.3.9600.18604")
}
elseif ($osName.Contains("Windows 8") -or $osName.Contains("2012"))
{
$currentOS = "$osName LDR"
$expectedVersion = New-Object System.Version("6.2.9200.22099")
}
elseif ($osName.Contains("Windows 10"))
{
if ($os.BuildNumber -eq "10240")
{
$currentOS = "$osName TH1"
$expectedVersion = New-Object System.Version("10.0.10240.17319")
}
elseif ($os.BuildNumber -eq "10586")
{
$currentOS = "$osName TH2"
$expectedVersion = New-Object System.Version("10.0.10586.839")
}
elseif ($os.BuildNumber -eq "14393")
{
$currentOS = "$($osName) RS1"
$expectedVersion = New-Object System.Version("10.0.14393.953")
}
elseif ($os.BuildNumber -eq "15063")
{
$currentOS = "$osName RS2"
"No need to Patch. RS2 is released as patched. "
return
}
}
elseif ($osName.Contains("2016"))
{
$currentOS = "$osName"
$expectedVersion = New-Object System.Version("10.0.14393.953")
}
elseif ($osName.Contains("Windows XP"))
{
$currentOS = "$osName"
$expectedVersion = New-Object System.Version("5.1.2600.7208")
}
elseif ($osName.Contains("Server 2003"))
{
$currentOS = "$osName"
$expectedVersion = New-Object System.Version("5.2.3790.6021")
}
else
{
Write-Host "Unable to determine OS applicability, please verify vulnerability state manually." -ForegroundColor Yellow
$currentOS = "$osName"
$expectedVersion = New-Object System.Version("9.9.9999.99999")
}
Write-Host "`n`nCurrent OS: $currentOS (Build Number $($os.BuildNumber))" -ForegroundColor Cyan
Write-Host "`nExpected Version of srv.sys: $($expectedVersion.ToString())" -ForegroundColor Cyan
Write-Host "`nActual Version of srv.sys: $($fileVersion.ToString())" -ForegroundColor Cyan
If ($($fileVersion.CompareTo($expectedVersion)) -lt 0)
{
Write-Host "`n`n"
Write-Host "System is NOT Patched" -ForegroundColor Red
}
Else
{
Write-Host "`n`n"
Write-Host "System is Patched" -ForegroundColor Green
}
}
$outputarray=@()
$outputarray+=$hotfixinfo
$outputarray+=$cbout
$outputarray+=$text
$outputarray -join ';'
Output Inside the guest OS:
this be excluded in the script - Current OS,Expected Version,Actual Version in the script. If that is causing the issue while writing output.
I need only information system is patched or not.
So wait, 2 out 3 VMs return the expected output, and one doesn't?
What is actually returned for these 3 VMs when done through Invoke-VMScript?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
So wait, 2 out 3 VMs return the expected output, and one doesn't?
No VM returned output. When I try to invoke this script.
This is the Output returned when I do Invoke-VM. But If i login to the VM and open powershell and execute the script manually. I can get the output.
Name : VM1
OS : Microsoft Windows Server 2008 R2 (64-bit)
IP : 153.71.23.25,192.168.111.137
Cluster : LABS_13
RP : Resources
Out1 :
Name : VM2
OS : Microsoft Windows Server 2008 R2 (64-bit)
IP : 192.168.111.135,153.71.23.23
Cluster : LABS_13
RP : Resources
Out1 :
Name : VM3
OS : Microsoft Windows Server 2008 R2 (64-bit)
IP : 192.168.111.134,153.71.23.22
Cluster : LABS_13
RP : Resources
Out1 :
Name : VM4
OS : Microsoft Windows Server 2008 R2 (64-bit)
IP : 192.168.111.133,153.71.23.21
Cluster : LABS_13
RP : Resources
Out1 :
Ok, no output when running via Invoke-VMScript.
Let me check
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
OK. Thanks Sir.
I think the output in $hotfixinfo variable contains multiple lines as below so its failing to write via invoke-vmscript.
Hello LucD,
Have you had a chance to look into this script.
I have the impression those Return lines might have something to do with it.
But I can't really explain why.
If you use this script, it returns the text
write-host "Hello world!"
'@
If you use this, nothing is returned
write-host "Hello world!"
return
'@
Best bet would be to restructure the script in such a way that return is not needed.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference