-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathPSAD_Detection.ps1
136 lines (116 loc) · 4.66 KB
/
PSAD_Detection.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
<#
PSAD 6.2 Detection Rule Adds:
-Strict Lookup for targeting one version only
#>
# Function used to look up software - dont modify
function Get-ARPv
{
param(
$DisplayName,
$Version,
$strict = $false
)
# write-host "Strict is: $strict"
# -----------------------------------------------------------------------------
# Global Stuff
# -----------------------------------------------------------------------------
$InstallGlobal = $null
# PS App Deploy $is64bit
[boolean]$Is64Bit = [boolean]((Get-WmiObject -Class 'Win32_Processor' -ErrorAction 'SilentlyContinue' | Where-Object { $_.DeviceID -eq 'CPU0' } | Select-Object -ExpandProperty 'AddressWidth') -eq 64)
$path32 = "\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
$path64 = "\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall"
# =============================================================================
# -----------------------------------------------------------------------------
# Run regular code to check for install status
# -----------------------------------------------------------------------------
# Pre-Flight Null
$32bit = $false
$64bit = $false
$Installed32 = $null
$Installed64 = $null
# write-host "Software Name: $DisplayName"
# write-host "Software Version: $Version"
$Installed32 = Get-ChildItem HKLM:$path32 -Recurse -ErrorAction Stop | Get-ItemProperty -name DisplayName -ErrorAction SilentlyContinue | Where-Object {$_.DisplayName -like $DisplayName}
if ($is64bit)
{
$Installed64 = Get-ChildItem HKLM:$path64 -Recurse -ErrorAction Stop | Get-ItemProperty -name DisplayName -ErrorAction SilentlyContinue | Where-Object {$_.DisplayName -like $DisplayName}
}
# If found in registry,
if ($null -ne $Installed32)
{
foreach ($key32 in $Installed32)
{
$key = Get-ItemProperty -Path $Key32.PSPath
if ($Strict)
{
if ([version]($key.DisplayVersion) -eq [version]$Version)
{
$32bit = $True
}
}
if (!$Strict)
{
if ([version]($key.DisplayVersion) -ge [version]$Version)
{
$32bit = $True
}
}
}
}
# If found in registry under 64bit path,
if ($null -ne $installed64)
{
foreach ($key64 in $Installed64)
{
$key = Get-ItemProperty -Path $Key64.PSPath
if ($Strict)
{
if ([version]($key.DisplayVersion) -eq [version]$Version)
{
$64bit = $True
}
}
if (!$Strict)
{
if ([version]($key.DisplayVersion) -ge [version]$Version)
{
$64bit = $True
}
}
}
}
# Installed, take existing result and
if ($32bit -or $64bit) {$InstallGlobal = $True}
else {$InstallGlobal = $false}
return $InstallGlobal
}
# Function used to find VSTO - Compatible with Windows 7 (x64 only)
function Get-VSTO
{
param(
$TargetVersion
)
$vsto = "HKLM:\SOFTWARE\WOW6432Node\Microsoft\VSTO Runtime Setup\v4R"
if (Test-Path $vsto)
{
$key = Get-ItemProperty -Path $VSTO
$Version = [version]$key.Version
if ($version -ge [version]$targetversion)
{
return $true
}
}
}
# -----------------------------------------------------------------------------------------------------------------------------------------
# Make your changes below - set variables per example per each piece of software required, or write your own function above
# for specific software. Must return $True or $False
# Note for Get-ARPv you must pass a proper version number e.g 1.0 - wildcards are not supported
# -----------------------------------------------------------------------------------------------------------------------------------------
$PlantronicsHub = Get-ARPv -DisplayName "Plantronics Hub Software" -Version "3.22.53245.32743" -strict $true
# -----------------------------------------------------------------------------------------------------------------------------------------
# -And all of your application test results below to return to SCCM if the application(s) are properly installed if there are multiple
# -----------------------------------------------------------------------------------------------------------------------------------------
if ($PlantronicsHub)
{
write-host "Installed"
}