Powershell – Invoke command used for Get-AppLockerFileInformation Windows 2008

This script which I have written can be used for getting app-locker event information from remote computers using power-shell on windows 2008 servers.

 

Invoke command calls applocker.ps1 on remote computer mentioned and exports the output to csv format, this can be converted to batch file to run on multiple servers
The .ps1 file and the .csv file will be on the source computer from which we are running this power-shell script. Before you run this script make sure power-shell remote management is enabled on the remote computers.

invoke-command -filepath C:\scripts\applocker.ps1 -computername servername | Export-csv c:\scripts\applocker\servername.csv

Content of applocker.ps1
———————————————————————————–
Import-Module AppLocker
Get-AppLockerFileInformation -EventLog -LogPath “Microsoft-Windows-AppLocker/EXE and DLL”
Get-AppLockerFileInformation -EventLog -LogPath “Microsoft-Windows-AppLocker/MSI and Script”
———————————————————————————–

Advertisements

About asifkhandevadi

Hello, I have been working on windows since 9 years and currently working as windows, VMware and MS clustering SME at IBM. Whenever I get free time I participate in Microsoft forums and write some blogs to enhance my technical and communication skills through knowledge sharing. Please contact me on FB or Linkedin if you need any assistance on troubleshooting, implementation and virtualizaton.
This entry was posted in Power-Shell. Bookmark the permalink.

One Response to Powershell – Invoke command used for Get-AppLockerFileInformation Windows 2008

  1. subair ahmed makhdoom says:

    Great work Guruji, will get back to you with lots of doubts..

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s