October 24, 2016 – secRMM has increased its PowerShell support. There is a new secRMM PowerShell cmdlet to give you the same property granularity that is available from the secRMM Excel AddIn (as shown in the screen shot b
elow).
This means you have the most detailed forensic removable storage security data (including mobile devices as well as thumb drives, external hard drives, SD-Cards, etc.) to process any way you can image.
The secRMM Powershell cmdlet can operate standalone and can also be used with SCCM. Since the secRMM SDK is included with the base secRMM install, just install secRMM and then go to directory: “C:\Program Files\secRMM\AdminUtils\SDK”.
Under the SDK directory is the Powershell directory. There is a sample PowerShell script named GetSecRMMEvents.ps1 that shows you how to use the secRMM cmdlet. For SCCM, it couldn’t be any easier. Here is the PowerShell line of code that gets all the secRMM data from SCCM:
$secRMMEvents = secRMMEventData -SCCM
As you can see, the secRMM cmdlet is named secRMMEventData. This name is logical because the cmdlet can get the secRMM data from multiple sources: SCCM, the secRMM event log and/or the secRMMCentral event log. Once the data comes back to the PowerShell script (or the PowerShell pipeline), you have a secRMM object that contains the various properties (data) with which you can perform more logic or store however you see fit. The secRMM object has an Output method that will convert the text to HTML, CSV or XML.
For details, please see the secRMM SDK Programmers Guide at http://squadratechnologies.com/StaticContent/ProductDownload/secRMM/9.4.0.0/secRMMSDKProgrammerGuide.pdf.
There are also secRMM PowerShell scripts in the secRMM SDK to get/set a secRMM property and to read/write to a mobile device.
In the near future, we will be looking at ways to link together the secRMM data in SCCM with the Intune data. We hope you found this information useful. Thanks for reading!
