On Fri, Mar 20, 2015 at 1:40 AM, Emin <emin.a...@gmail.com> wrote: > Hi, > > I've got something similar at work for years now. > > You should split this into 2 main parts: > 1. the script that will run on clients and that will query the registry > 2. the script "engine" that will open sessions on remote computers with a > foreach loop and do for each target computer: > Invoke-command -ComputerName $target -FilePath .\myclientscript.ps1 > -credentials $c > > Once you've done that and that it works, you can work on the performance of > these two scripts. > 1. for the client script, the fastest it executes, the better. Keep also in > mind that the less output it has, the less it has to send data back through > the remoting session, the fastest it will be. I'm using whitelists inside > the script to filter known and exptected things. > 2.I'm splitting operations in the engine to very atomic tasks to achieve > great performances. I don't rely on built-in cmdlets to test if I can > remote-in. What I'm using is explained in this post > https://p0w3rsh3ll.wordpress.com/2012/11/26/revisiting-test-port-using-a-powershell-worflow/ > > I'd recommend to read all the articles written during the 2 weeks about > security on PowerShell Magazine > http://www.powershellmagazine.com/tag/security/ > In my article there's a link to a private gist where the script scans for > the same launch points as autoruns.exe from sysinternals does > http://www.powershellmagazine.com/2014/07/17/live-incident-response-with-powershell/ > > /Emin
Thanks! I shall definitely look through them and let you know how I get on. Kurt ================================================ Did you know you can also post and find answers on PowerShell in the forums? http://www.myitforum.com/forums/default.asp?catApp=1
