In this post we will about using PowerShell to work with Symantec Endpoint Protection Manager.
Why? Good question. My guess is that you are looking for management reasons to utilize options that make life easier and that scales. In reviewing this question you will be confronting a number of topics simultaneously.
If you view this post overtime my you will see this post ( and others similar to it ) evolve over time.
if you are contemplating using PowerShell and invoking REST API you probably are looking for code to solve problems who’s solution scales. For example. An easy way to present a list of all group or present a list of all computers in group X. You could ask which computers last logged on with IP address X. Or use it to delete a number of computers.
I am going to try this in bite size installments in order to make my life easier at first.
First, lets note a few things. You are going to need to review and hone your PowerShell skills. Other posts on this site (and others) can probably help with this. Next, the REST API functions you are about to see are directly based on the information Symantec provides. See: https://support.symantec.com/us/en/article.doc9447.html This HTML page references a a ZIP file which has a number of examples.
This will be done as if in a lab. For my development environment I will be using my “sparedomain.net” lab environment. This means we can count on a domain controller /w dns at 192.168.160.50. We can count on a server to house SEPM at 192.168.160.52 We can count on a number of Windows 10 workstations with names like SPARE-0001 and SPARE-0002 (or similar in style)
Example 1:
Let’s look at our first example. This code excerpt hardcodes the name of the machine to be SEPM as well as hardcodes the administrative username to admin and the password to an easy to guess password (P@$$w0rd2019) This was made just complicated enough to keep Symantec happy.
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $True } [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; $cred= @{ username = "admin" password = "P@`
In this post we will about using PowerShell to work with Symantec Endpoint Protection Manager.
Why? Good question. My guess is that you are looking for management reasons to utilize options that make life easier and that scales. In reviewing this question you will be confronting a number of topics simultaneously.
If you view this post overtime my you will see this post ( and others similar to it ) evolve over time.
if you are contemplating using PowerShell and invoking REST API you probably are looking for code to solve problems who’s solution scales. For example. An easy way to present a list of all group or present a list of all computers in group X. You could ask which computers last logged on with IP address X. Or use it to delete a number of computers.
I am going to try this in bite size installments in order to make my life easier at first.
First, lets note a few things. You are going to need to review and hone your PowerShell skills. Other posts on this site (and others) can probably help with this. Next, the REST API functions you are about to see are directly based on the information Symantec provides. See: https://support.symantec.com/us/en/article.doc9447.html This HTML page references a a ZIP file which has a number of examples.
This will be done as if in a lab. For my development environment I will be using my “sparedomain.net” lab environment. This means we can count on a domain controller /w dns at 192.168.160.50. We can count on a server to house SEPM at 192.168.160.52 We can count on a number of Windows 10 workstations with names like SPARE-0001 and SPARE-0002 (or similar in style)
Example 1:
Let’s look at our first example. This code excerpt hardcodes the name of the machine to be SEPM as well as hardcodes the administrative username to admin and the password to an easy to guess password (P@$$w0rd2019) This was made just complicated enough to keep Symantec happy.
$w0rd2019" domain = "" } #converts $cred array to json to send to the SEPM $auth = $cred | ConvertTo-Json #returns SEPM API version Invoke-RestMethod -Uri https://SEPM:8446/sepm/api/v1/version -Method Post -Body $auth -ContentType 'application/json'
Let’s assume we save this file as API_Version_Test1.ps1
PS W:\other\sepm> .\API_Version_Test.ps1 API_SEQUENCE API_VERSION version ------------ ----------- ------- 190814000 1.0.0 14.2.4814.1101
This starts out simple but goes a long way to testing a few things. If you get this output that means SEPM’s installed and running that the PowerShell script ran OK and the credentials were OK.
I am stopping here for tonight… even though I already have some of the extra code snippets built.
One of the pieces of code snippets lists all the SEPM groups.
A more advance code snippet is going to use the REST API to Authenticate and acquire a Token which can be used to authenticate in subsequent calls.