Detecting files on a remote server
source link: https://www.codesd.com/item/detecting-files-on-a-remote-server.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Detecting files on a remote server
Guessing remote registry isn't available (hardened builds so service isn't running) - I can't query the registry for a specific value. However a file is present on the server I am analysing which provides the data I need. Thus far I have written the following - I would appreciate if this can be reviewed as it just hangs - I'm guessing that I would benefit from a if exists statement for the parent directory..
Suggestions and help very much appreciated (only been using PowerShell for a short time so working hard to get to grips with this.
Set-ExecutionPolicy RemoteSigned -ErrorAction SilentlyContinue
$servers = Get-Content -Path C:\Windows\System32\list3.txt
$out = ForEach ($server in $servers)
{
invoke-command -computername $server {Get-ChildItem -Path "C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\" -Exclude Backup -Filter mpavdlta.vdm -Recurse | Select-Object -Last 1 | Select LastWriteTime | ft -AutoSize}
}
$out|Out-File C:\Temp\Versions.log
$servers = Get-Content -Path "X:\ServerList.txt"
$logfile = "X:\Versions.log"
$Include = "Include.file"
$out = ForEach ($server in $servers)
{
Write-Output(Get-ChildItem -Path "\\$Server\X$\Remote Folder\Structure\" -Exclude Backup -Filter $Include -Recurse | Select-Object -Last 1 | Select LastWriteTime | ft -AutoSize) | Out-File $logFile
}
$out
Are you using account that has privileges on remote machine. If so this should provide a path to go down. This will pull server name from list and interrogate via \UNC\admin$ share. Serverlist.txt was just a list of machines in the following format.
machinename.domain.com
I had a look at your original request. Can you not loop through the serverlist and start the remote reg service, do your job and then stop it.
Something like.
$servers = Get-Content -Path "X:\ServerList.txt"
$Service = "Remote Registry"
$out = ForEach ($server in $servers)
{
Get-Service -Name $Service -ComputerName $Server | Set-Service -Status Running
Do remote reg stuff
Get-Service -Name $Service -ComputerName $Server | Set-Service -Status Stopped
}
$out
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK