This script which I have written can be used for getting app-locker event information from remote computers using power-shell on windows 2008 servers.
Invoke command calls applocker.ps1 on remote computer mentioned and exports the output to csv format, this can be converted to batch file to run on multiple servers
The .ps1 file and the .csv file will be on the source computer from which we are running this power-shell script. Before you run this script make sure power-shell remote management is enabled on the remote computers.
invoke-command -filepath C:\scripts\applocker.ps1 -computername servername | Export-csv c:\scripts\applocker\servername.csv
Content of applocker.ps1
-----------------------------------------------------------------------------------
Import-Module AppLocker
Get-AppLockerFileInformation -EventLog -LogPath "Microsoft-Windows-AppLocker/EXE and DLL"
Get-AppLockerFileInformation -EventLog -LogPath "Microsoft-Windows-AppLocker/MSI and Script"
-----------------------------------------------------------------------------------
No comments:
Post a Comment