Skip to content

Instantly share code, notes, and snippets.

@MyITGuy

MyITGuy/LastPolicyRequestTimestamp.ps1

Created September 4, 2025 13:18
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save MyITGuy/4914c5f771234e88ca5993d296e177db to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save MyITGuy/4914c5f771234e88ca5993d296e177db to your computer and use it in GitHub Desktop.
Download ZIP
Raw
LastPolicyRequestTimestamp.ps1
#region Get-CMInstallPath
function Get-CMInstallPath {
function Split-CommandLine {
[CmdletBinding()]
Param
(
[Parameter(Mandatory = $false, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, Position = 0)]
[ValidateNotNullOrEmpty()]
[string]$CommandLine
)
Begin {
$Kernel32Definition = @'
[DllImport("kernel32")]
public static extern IntPtr GetCommandLineW();
[DllImport("kernel32")]
public static extern IntPtr LocalFree(IntPtr hMem);
'@
$Kernel32 = Add-Type -MemberDefinition $Kernel32Definition -Name 'Kernel32' -Namespace 'Win32' -PassThru
$Shell32Definition = @'
[DllImport("shell32.dll", SetLastError = true)]
public static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine,
out int pNumArgs);
'@
$Shell32 = Add-Type -MemberDefinition $Shell32Definition -Name 'Shell32' -Namespace 'Win32' -PassThru
if (!$CommandLine) {
$CommandLine = [System.Runtime.InteropServices.Marshal]::PtrToStringUni($Kernel32::GetCommandLineW())
}
}
Process {
$ParsedArgCount = 0
$ParsedArgsPtr = $Shell32::CommandLineToArgvW($CommandLine, [ref]$ParsedArgCount)
Try {
$ParsedArgs = @();
0..$ParsedArgCount | ForEach-Object {
$ParsedArgs += [System.Runtime.InteropServices.Marshal]::PtrToStringUni(
[System.Runtime.InteropServices.Marshal]::ReadIntPtr($ParsedArgsPtr, $_ * [IntPtr]::Size)
)
}
}
Finally {
$Kernel32::LocalFree($ParsedArgsPtr) | Out-Null
}
$ret = @()
# -lt to skip the last item, which is a NULL ptr
for ($i = 0; $i -lt $ParsedArgCount; $i += 1) {
$ret += $ParsedArgs[$i]
}
return $ret
}
}
$ServicePathName = Get-CimInstance -ClassName Win32_Service -Namespace root/CIMV2 -Filter "Name='CcmExec'" | Select-Object -ExpandProperty PathName
$ServicePathName | Split-CommandLine | Split-Path -Parent
}
#endregion Get-CMInstallPath
function ConvertFrom-CMTrace {
[CmdletBinding()]
param(
[Parameter(Mandatory = $true, Position = 0, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)]
[string[]]$InputObject
)
begin {}
process {
if ([System.String]::IsNullOrEmpty($InputObject) -eq $true) { return}
foreach ($Line In @($InputObject)) {
try {
if ($Line -match '\<\!\[LOG\[(?<Message>.*)?\]LOG\]\!\>\<time=\"(?<Time>.+)?\"\s+date=\"(?<Date>.+)?\"\s+component=\"(?<Component>.+)?\"\s+context="(?<Context>.*)?\"\s+type=\"(?<Type>\d)?\"\s+thread=\"(?<Thread>\d+)?\"\s+file=\"(?<File>.+)?\"\>') {
$LineMatch = $matches
}
if ($LineMatch.time -match '(?<Time>.+)(?<TZAdjust>[+|-])(?<TZOffset>\d{2,3})') {
$TimeMatch = $matches
}
$Date = $LineMatch.date
$Time = $TimeMatch.time
$TZAdjust = $TimeMatch.TZAdjust
$TZOffset = $TimeMatch.TZOffset
$TimeUTC = ([datetime]"$($Date) $($Time)").AddMinutes("$($TZAdjust)$($TZOffset)")
[PSCustomObject][ordered]@{
Message = [string]$LineMatch.message
Date = [string]$LineMatch.date
Time = [string]$LineMatch.time
Component = [string]$LineMatch.component
Context = [string]$LineMatch.context
Type = [int]$LineMatch.type
Thread = [long]$LineMatch.thread
File = [string]$LineMatch.file
FileName = [string]($LineMatch.file -split ':')[0]
LineNumber = [long]($LineMatch.file -split ':')[1]
TimeWritten = $TimeUTC.ToLocalTime()
}
}
catch {
throw $_
}
}
}
end {}
}
$CMInstallPath = Get-CMInstallPath
$LastPolicyRequest = Get-Content -Path $CMInstallPath\logs\policyagent.log | ConvertFrom-CMTrace -ErrorAction SilentlyContinue | Where-Object Message -match '^Requesting Machine policy assignments from authority' | Select-Object -Last 1 -ExpandProperty TimeWritten
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment