Here’s a little utility to check the status of Windows Defender ATP on a local or remote client. I basically took some code from the WDATP connectivity verification tool, removed the network connectivity testing part (I might add that later as well) and transformed the code so it can be used to check whether the client is properly onboarded and if all required services are running.
On servers it returns quickly with incomplete info. But on Windows 10 clients it returns this:
=============
Connecting to remote server computername failed with the following error message : WinRM cannot
complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the
network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. By
default, the WinRM firewall exception for public profiles limits access to remote computers within the same local
subnet. For more information, see the about_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError: (computername:String) [], PSRemotingTransportException
+ FullyQualifiedErrorId : WinRMOperationTimeout,PSSessionStateBroken
Line 128 fails for me
Select-Object : Property “ConfigurationVersion” cannot be found.
At line:128 char:176
+ … ntlyContinue | Select-Object -ExpandProperty “ConfigurationVersion” )
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (@{OnboardingSta….Core\Registry}:PSObject) [Select-Object], PSArgumen
tException
+ FullyQualifiedErrorId : ExpandPropertyNotFound,Microsoft.PowerShell.Commands.SelectObjectCommand
I checked in my registry and the key it tries to enumerate doesn’t exist.
Not a big deal – the rest works – if the error bothers you, comment the relevant lines out in the function