This snippet can be used to deploy Sysmon on all servers that belong to an Active Directory group. The requirements for this script are PowerShell remoting.
$Paths = @{
Sysmon = "<SourceDir>\Sysmon"
DomainController = (Get-ADDomain).DomainControllersContainer
}
$Groups = Get-ADGroup -Filter {(Name -like 'GroupName*')}
$Servers = Get-ADComputer -Filter * -SearchBase $Paths.DomainController
# Sysmon Installation variables
$Command = ('"{0}\Sysmon\Sysmon64.exe"' -f $env:ProgramFiles)
$ARGs = ('-AcceptEula -i "{0}\Sysmon\sysmonconfig-export.xml"' -f $env:ProgramFiles)
foreach($Server in $Servers) {
# Update Group membership
Write-Host ('Add Server {0} to Group: ' -f $Server.DNSHostName ) -NoNewline
foreach($Group in $Groups) {
try {
Write-Host ('{0}, ' -f $Group.Name) -NoNewline -ForegroundColor Green
Add-ADGroupMember -Identity $Group.DistinguishedName -Members $Server.DistinguishedName -ErrorAction Stop
}
catch {
$_.Exception.Message
}
}
# Write newline
"`n"
$System = New-PSSession -ComputerName $Server.DNSHostName
Invoke-Command -Session $System -ScriptBlock {
Write-Host ('Copy Sysmon to Server: {0}' -f $USING:Server.DNSHostName)
Copy-Item `
-Path $USING:Paths.Sysmon `
-Destination ('{0}\' -f $env:ProgramFiles) `
-Recurse `
-Force
# Start installation of Sysmon64
Write-Host ('Install Sysmon to Server: {0}' -f $USING:Server.DNSHostName)
if (Test-Path -Path ('{0}\Sysmon\Sysmon64.exe' -f $env:ProgramFiles)){
Start-Process -Wait -FilePath $USING:Command -ArgumentList $USING:ARGs -NoNewWindow
}
}
}