Joshua M Smith joshuamsmith

## tp_query.ps1
#### PowerShell quickie
### Read remote registry for network endpoints to see if Tamper Protection is on
## Needs Remote Management and Remote Registry enabled
# Remote Management: https://support.auvik.com/hc/en-us/articles/204424994-How-to-enable-WinRM-with-domain-controller-Group-Policy-for-WMI-monitoring
# Remote Registry: http://kb.gfi.com/articles/Skynet_Article/how-to-enable-remote-registry-through-group-policy
$key = 'SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Config'

# endpoint network paths: hostname, IP
$computers = 'Computer1','Computer2'
	#### PowerShell quickie
	### Read remote registry for network endpoints to see if Tamper Protection is on
	## Needs Remote Management and Remote Registry enabled
	# Remote Management: https://support.auvik.com/hc/en-us/articles/204424994-How-to-enable-WinRM-with-domain-controller-Group-Policy-for-WMI-monitoring
	# Remote Registry: http://kb.gfi.com/articles/Skynet_Article/how-to-enable-remote-registry-through-group-policy
	$key = 'SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Config'

	# endpoint network paths: hostname, IP
	$computers = 'Computer1','Computer2'