Skip to content

Host commands

besimorhino edited this page Feb 14, 2020 · 3 revisions

Windows host checks

These are commands that can be run on modern Windows systems.

Check Windows Defender Firewall Status

invoke-command -computername $computer -scriptblock {
    try{ get-netfirewallprofile | select name,enabled }
    catch{ netsh advfirewall show all state }

This command should show the three default profiles (there might more though). You will get the profile name and 'enabled' or 'disabled' as results.

Check Windows Defender Status


This command pulls back basic Windows Defender status. The primary property to check for is "AntivirusEnabled". It should be set to "True"

Check Installed Software

Get-WmiObject -Class Win32_Product

This is a "dirty" way to do this... please mark this code as "alpha release only". I want to replace with a longer, but faster script that does this based on registry analysis.

Check Current Logged in Users

(Get-WmiObject Win32_LoggedOnUser).Antecedent

This is a quick and dirty way to pull the current logged in users. FYI: In Windows 10, you will often see your account listed twice.

Clone this wiki locally