(转载)Windows信息搜集vbs脚本
参考:
https://blkstone.github.io/2016/11/25/system-summary-with-vbs/
https://blog.csdn.net/cl939974883/article/details/104168442
PS:下面代码是在Windows环境下执行,复制完成后,使用编辑器软件或者记事本打开,然后右键另存为保存将编码改为ANSI
详细代码内容
'################################################ ' NAME: bkReport ' ' AUTHOR: bobkey , nsfocus.com ' Mail : qinbo@nsfocus.com ' DATE : v1.0 11/24/2004 ' v2.0 12/25/2005 ' v2.1 03/20/2006 ' v2.2 01/10/2007 ' COMMENT: 检测并输出html. wsh5.1以上环境运行 ' '################################################# '******************************************************************** '* * '* Begin of File * '* * '******************************************************************* On Error Resume Next Const forwriting=2 Const forreading=1 Dim oFSO,oF,eventlog Text = "此脚本运行不会对您的系统造成任何损害或恶意行为" &VbCrLf&vbCrlf& "通过连接WMI提供的公共接口枚举系统相关信息"&VbCrLf&VbCrLf& "按确定键运行30秒左右会生成html格式报告" Title_Text = "bkReport Version 2.2" MsgBox Text,vbExclamation+vbSystemModal,Title_Text dtmStart = Now() strComputer = "." Set oShell = WScript.CreateObject("WScript.Shell") hostname=oShell.ExpandEnvironmentStrings("%computername%") MainReport=hostname&"_Report.html" EventReport=hostname&"_EventLog.html" datec=Now() Set oFSO = CreateObject("Scripting.FileSystemObject") Set oF = oFSO.CreateTextFile(MainReport) Set eventlog=oFSO.CreateTextFile(EventReport) strComputer = "." Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2") Set colComputers = objWMIService.ExecQuery _ ("Select * from Win32_ComputerSystem") For Each objComputer in colComputers Select Case objComputer.DomainRole Case "0" machine= "独立工作站" Case "1" machine= "成员工作站" Case "2" machine= "独立服务器" Case "3" machine= "成员服务器" Case "4" machine= "备份服务器" Case "5" machine= "主域控制器" End Select Next oF.WriteLine "<html>" oF.WriteLine "<head><title>MainReport Build by bkReport.vbs</title></head>" oF.Writeline "<p> </p><p> </p><p> </p>" oF.WriteLine "<h2><font color=MidnightBlue><center>"&hostname&"@"&machine&" 快照信息 </center></font></h2>" oF.WriteLine "<p align=right><font size=2>date: " & Now()&"</font></p>" oF.Writeline "<hr width=80% color=#ff8000>" oF.Writeline "<p> </p>" oF.WriteLine "<OL><LI><a href=#here1>系统摘要</a>" oF.WriteLine "<LI><a href=#here2>BIOS信息</a>" oF.WriteLine "<LI><a href=#here3>环境变量</a>" oF.WriteLine "<LI><a href=#here4>系统文件内容</a>" oF.WriteLine "<LI><a href=#here5>网络状态</a>" oF.WriteLine "<LI><a href=#here6>磁盘和共享</a>" oF.WriteLine "<LI><a href=#here7>进程</a>" oF.WriteLine "<LI><a href=#here8>进程ID对应的启动服务</a>" oF.WriteLine "<LI><a href=#here9>服务</a>" oF.WriteLine "<LI><a href=#here10>补丁</a>" oF.WriteLine "<LI><a href=#here11>软件</a>" oF.WriteLine "<LI><a href=#here12>帐号</a>" oF.WriteLine "<LI><a href=#here13>AT创建的计划任务</a>" oF.WriteLine "<LI><a href=#here14>重要文件属性</a>" oF.WriteLine "<LI><a href=#here15>自启动项</a>" oF.WriteLine "<LI><a href=#here16>注册表</a>" oF.WriteLine "<LI><a href=#here17>系统日志</a></LI></OL>" oF.Writeline "<p> </p><p> </p>" '--------------------------------- '系统摘要 ' -------------------------------- Set objWMIService = GetObject("winmgmts:\\" & strComputer) Set colOperatingSystems = objWMIService.InstancesOf("Win32_OperatingSystem") oF.WriteLine "<h3><font color=MidnightBlue><a name=here1>"&"[ 1. 系统摘要 ]"&"</a></font></h3>" oF.WriteLine "<table BORDER=1 style=font-size:9pt cellspacing=1 align=CENTER>" For Each objOperatingSystem In colOperatingSystems ostype=objOperatingSystem.Name LastbootUpTime=objOperatingSystem.LastBootUpTime ' oF.WriteLine "<tr><td><b>" &"Name: "&"</b></td><td>"& objOperatingSystem.Name &"</td></tr>" ' oF.WriteLine "<tr><td><b>" & "Caption: " &"</b></td><td>" &objOperatingSystem.Caption &"</td></tr>" ' oF.WriteLine "<tr><td><b>" & "LastBootUpTime: "&"</b></td><td>"&objOperatingSystem.LastBootUpTime &"</td></tr>" ' oF.WriteLine "<tr><td><b>" & "LocalDateTime: " &"</b></td><td>"&objOperatingSystem.LocalDateTime &"</td></tr>" ' oF.WriteLine "<tr><td><b>"& "Version: " &"</b></td><td>"&objOperatingSystem.Version &"</td></tr>" 'oF.WriteLine "<tr><td><b>"& "Windows Directory: "&"</b></td><td>"&objOperatingSystem.WindowsDirectory&"</td></tr>" Next Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2") Set colItems = objWMIService.ExecQuery("Select * from Win32_MemoryArray") For Each objItem in colItems memsize =CLng(objItem.EndingAddress /1024) ' oF.WriteLine "memory size: " & objItem.EndingAddress /1024 &" MB" Next Set objWMI = GetObject("winmgmts:\\" & strComputer & "\root\cimv2") Set col = objWMI.ExecQuery("Select * from Win32_Processor") For Each obj in col cpuinfo=obj.Name Next oF.WriteLine "<table BORDER=1 style=font-size:9pt> <tr><th CLASS=pt bgColor=#808080>OS</th><th bgColor=#808080>HostName</th><th bgColor=#808080>Memory</th><th bgColor=#808080>CPU</th><th bgColor=#808080>LastBootUpTime</th></tr> " oF.WriteLine "<tr><td>"&ostype&"</td><td>"&hostname&"</td><td>"&memsize&"MB</td><td>"&cpuinfo&"</td><td>"& LastBootUpTime &"</td></tr>" strComputer = "." Set objWMIService = GetObject("winmgmts:\\"& strComputer & "\root\cimv2") Set colAdapters = objWMIService.ExecQuery _ ("SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = True") oF.WriteLine "<tr><th bgColor=#808080>Adapter</th><th bgColor=#808080>MACaddr</th><th bgColor=#808080>IPaddr</th><th bgColor=#808080>Subnet</th><th bgColor=#808080>gateway</th></tr> " For Each objAdapter in colAdapters Adapter= objAdapter.Description MACaddr= objAdapter.MACAddress If Not IsNull(objAdapter.IPAddress) Then For i = 0 To UBound(objAdapter.IPAddress) IPaddr=objAdapter.IPAddress(i) Next End If If Not IsNull(objAdapter.IPSubnet) Then For i = 0 To UBound(objAdapter.IPSubnet) Subnet=objAdapter.IPSubnet(i) Next End If If Not IsNull(objAdapter.DefaultIPGateway) Then For i = 0 To UBound(objAdapter.DefaultIPGateway) gateway = objAdapter.DefaultIPGateway(i) Next End If oF.WriteLine "<tr><td>"&Adapter&"</td><td>"&MACaddr&"</td><td>"&IPaddr&"</td><td>"&Subnet&"</td><td>"&gateway&"</td></tr>" Next oF.WriteLine "</table>" '-------------------------------------------------------------------- 'BIOS信息 '-------------------------------------------------------------------- oF.WriteLine "<h3><font color=MidnightBlue><a name=here2>"&"[ 2. BIOS信息 ]"&"</a></font ></h3>" Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") Set colBIOS = objWMIService.ExecQuery _ ("Select * from Win32_BIOS") oF.WriteLine "<TABLE BORDER=1 WIDTH=800 style=font-size:9pt cellspacing=1><TR><TD>" For Each objBIOS in colBIOS oF.WriteLine "<p><font size=2>"&"Build Number: " &objBIOS.BuildNumber&"</font></p>" oF.WriteLine "<p><font size=2>"&"Current Language: " &objBIOS.CurrentLanguage&"</font></p>" oF.WriteLine "<p><font size=2>"&"Installable Languages: " &objBIOS.InstallableLanguages&"</font></p>" oF.WriteLine "<p><font size=2>"& "Manufacturer: " &objBIOS.Manufacturer&"</font></p>" oF.WriteLine "<p><font size=2>"& "Name: "&objBIOS.Name&"</font></p>" oF.WriteLine "<p><font size=2>"& "Primary BIOS: "& objBIOS.PrimaryBIOS&"</font></p>" oF.WriteLine "<p><font size=2>"& "Release Date: " &objBIOS.ReleaseDate&"</font></p>" oF.WriteLine "<p><font size=2>"& "Serial Number: " & objBIOS.SerialNumber&"</font></p>" oF.WriteLine "<p><font size=2>"& "SMBIOS Version: " &objBIOS.SMBIOSBIOSVersion&"</font></p>" oF.WriteLine "<p><font size=2>"&"SMBIOS Minor Version: " &objBIOS.SMBIOSMinorVersion&"</font></p>" oF.WriteLine "<p><font size=2>"& "SMBIOS Present: " &objBIOS.SMBIOSPresent&"</font></p>" oF.WriteLine "<p><font size=2>"& "Status: " &objBIOS.Status&"</font></p>" oF.WriteLine "<p><font size=2>"& "Version: " &objBIOS.Version&"</font></p>" oF.WriteLine "<p><font size=2>"& "BIOS Characteristics: "&"</font></p>" Next oF.WriteLine "</TD></TR></TABLE>" '----------------------------------------------------------------- '环境变量 '----------------------------------------------------------------- oF.WriteLine "<h3><font color=MidnightBlue><a name=here3>"&"[ 3. 环境变量 ]"&"</a></font </h3>" Set wshshell = CreateObject("WScript.Shell") oF.WriteLine "<TABLE BORDER=1 WIDTH=800 style=font-size:9pt cellspacing=1><TR><TD>" oF.writeline "<b><font size=3>SYSTEM variables</font></b>" For Each EnvirSYSTEM In wshshell.Environment("SYSTEM") oF.writeline "<p><font size=2>" &EnvirSYSTEM &"</font></p>" Next oF.writeline "<b><font size=3>PROCESS variables</font></b>" For Each EnvirPROCESS In wshshell.Environment("PROCESS") oF.writeline "<p><font size=2>"&EnvirPROCESS &"</font></p>" Next oF.writeline "<b><font size=3>USER variables</font></b>" For Each EnvirUSER In wshshell.Environment("USER") oF.writeline "<p><font size=2>"&EnvirUSER &"</font></p>" Next oF.writeline "<b><font size=3>VOLATILE variables</font></b>" For Each EnvirVOLATILE In wshshell.Environment("VOLATILE") oF.writeline "<p><font size=2>"&EnvirVOLATILE &"</font></p>" Next set wshshell=Nothing oF.WriteLine "</TD></TR></TABLE>" '---------------------------------- '系统文件 '---------------------------------- oF.WriteLine "<h3><font color=MidnightBlue><a name=here4>"&"[ 4. 系统文件内容 ]"&"</a></font></h3>" Set wshshell=wscript.CreateObject("WScript.shell") autoexecBAT=wshshell.expandEnvironmentStrings("%systemdrive%")&"\autoexec.bat" configSYS=wshshell.expandEnvironmentStrings("%systemdrive%")&"\config.sys" bootINI=wshshell.expandEnvironmentStrings("%systemdrive%")&"\boot.ini" winINI=wshshell.expandEnvironmentStrings("%systemroot%")&"\win.ini" systemINI=wshshell.expandEnvironmentStrings("%systemroot%")&"\system.ini" autoexecNT=wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\autoexec.nt" configNT=wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\config.nt" HOSTS=wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\drivers\etc\hosts" Function readtxt (txtfile) Set objFSO = CreateObject("Scripting.FileSystemObject") Set objFile = objFSO.OpenTextFile(txtfile, 1) oF.WriteLine "<TABLE BORDER=1 WIDTH=800 cellspacing=1><TR><TD><b><font size=3>" &txtfile &"</font></b>" Do Until objFile.AtEndOfStream strCharacters = objFile.Readline oF.WriteLine "<p><font size=2>" &strCharacters &"</font></p>" Loop oF.WriteLine "</TD></TR></TABLE>" End Function readtxt (autoexecBAT) readtxt (configSYS) readtxt (bootINI) readtxt (winINI) readtxt (systemINI) readtxt (autoexecNT) readtxt (configNT) readtxt (HOSTS) '--------------------------------- '网络状态 ' -------------------------------- oF.WriteLine "<h3>"&"<font color=MidnightBlue><a name=here5>"&"[ 5. 网络状态 ]"&"</a></font >"&"</h3>" Dim f1 Set ws=WScript.CreateObject ("wscript.shell") ws.run "%comspec% /c echo ######################### ipconfig /all ######################### > ttmp",0,True ws.run "%comspec% /c ipconfig /all >> ttmp",0,True ws.run "%comspec% /c echo ######################### netstat -r ######################### >> ttmp",0,True ws.run "%comspec% /c netstat -r >>ttmp",0,True ws.run "%comspec% /c echo ######################### arp -a ######################### >> ttmp",0,True ws.run "%comspec% /c arp -a >>ttmp",0,True ws.run "%comspec% /c echo ######################### netstat -an ######################### >> ttmp",0,True ws.run "%comspec% /c netstat -an >>ttmp",0,True ws.run "%comspec% /c echo ######################### nbtstat -r ######################### >> ttmp",0,True ws.run "%comspec% /c nbtstat -r >>ttmp",0,True ws.run "%comspec% /c echo ######################### nbtstat -n ######################### >> ttmp",0,True ws.run "%comspec% /c nbtstat -n >>ttmp",0,True ws.run "%comspec% /c echo ######################### nbtstat -S ######################### >> ttmp",0,True ws.run "%comspec% /c nbtstat -S >>ttmp",0,True ws.run "%comspec% /c echo ######################### netstat -es ######################### >> ttmp",0,True ws.run "%comspec% /c netstat -es >>ttmp",0,True Set f1=oFSO.OpenTextFile ("ttmp",forreading,True) oF.WriteLine "<TABLE BORDER=1 WIDTH=800 cellspacing=1><TR><TD>" Do Until f1.AtEndOfStream a=f1.ReadLine oF.WriteLine "<p><font size=2>" &a&"</font></p>" Loop oF.WriteLine "</TD></TR></TABLE>" f1.Close ofso.DeleteFile "ttmp",True '--------------------------------- '检查磁盘和共享 ' -------------------------------- oF.WriteLine "<h3><font color=MidnightBlue><a name=here6>"&"[ 6. 磁盘和共享 ]"&"</a></font ></h3>" Sub Enudisk oF.writeline "<table BORDER=1 style=font-size:9pt cellspacing=1>" On Error Resume Next 'Enumerate Disk Drive Properties 用了除法转成MB单位,并用clng函数取整 Set objFSO = CreateObject("Scripting.FileSystemObject") Set colDrives = objFSO.Drives of.writeline "<tr><th bgColor=#808080>Drive letter: </th><th bgColor=#808080>Volume name: </th><th bgColor=#808080>File system: </th><th bgColor=#808080>Total size: </th><th bgColor=#808080>Free space: </th></tr>" For Each objDrive in colDrives of.writeline "<tr><td>" & objDrive.DriveLetter &"</td>"&_ "<td>" & objDrive.VolumeName&"</td>"&_ "<td>" & objDrive.FileSystem&"</td>"&_ "<td>" & clng(objDrive.TotalSize /1024 /1024 ) &"MB"&"</td>"&_ "<td>" & CLng(objDrive.FreeSpace /1024 /1024 ) &"MB"&"</td></tr>" Next If Err <>0 Then Err.Clear End If End Sub Enudisk strComputer = "." Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2") Set colItems = objWMIService.ExecQuery("Select * from Win32_Share",,48) of.writeline "<tr><th bgColor=#808080>Path: </th><th bgColor=#808080>Name: </th><th bgColor=#808080>Caption:</th><th bgColor=#808080>Status:</th><th bgColor=#808080>MaximumAllowed:</th></tr>" For Each objItem in colItems of.writeline "<tr><td>"& objItem.Path&"</td>"& _ "<td>" & objItem.Name&"</td>"& _ "<td>" & objItem.Caption&"</td>"& _ "<td>" & objItem.Status&"</td>"&_ "<td>" &objItem.MaximumAllowed &"</td></tr>" Next oF.WriteLine "</table>" '--------------------------------- '检测进程 ' -------------------------------- oF.WriteLine "<h3><font color=MidnightBlue><a name=here7>"&"[ 7. 进程 ]"&"</a></font ></h3>" Set objWMI = _ GetObject("winmgmts:{impersonationLevel=impersonate}//./root/cimv2") Set colProcessList = objWMI.ExecQuery("SELECT * FROM Win32_Process") Set objFSO = CreateObject("Scripting.FileSystemObject") oF.WriteLine "<table BORDER=1 WIDTH=%100 style=font-size:9pt cellspacing=1>" oF.writeline "<tr><th bgColor=#808080>UserDomain</th><th bgColor=#808080>Ownership</th><th bgColor=#808080>CreationDate</th><th bgColor=#808080>Process ID:</th><th bgColor=#808080>Process Name:</th>"&"<th bgColor=#808080>Executable Path:</th><th bgColor=#808080>Size:</th><th bgColor=#808080>File created:</th><th bgColor=#808080>File last modified:</th><th bgColor=#808080>File last accessed:</th></tr>" For Each colprocess In colProcessList colProperties=colProcess.GetOwner(strNameOfUser,strUserDomain) Set objFile = objFSO.GetFile (colProcess.ExecutablePath) oF.WriteLine "<tr><td>" & strUserDomain & "</td><td>"&strNameOfUser&"</td><td>"& colProcess.CreationDate&"</td><td>"&colProcess.Processid &"</td><td>" &colprocess.name&"</td><td>"&colProcess.ExecutablePath & "</td>" oF.WriteLine "<td>" & objFile.Size &"</td>" oF.WriteLine "<td>" & objFile.DateCreated &"</td>" oF.WriteLine "<td>" & objFile.DateLastModified &"</td>" oF.WriteLine "<td>" & objFile.DateLastAccessed &"</td></tr>" Next oF.WriteLine "</table>" '--------------------------------- '检测进程id对应的服务 ' -------------------------------- oF.WriteLine "<h3><font color=MidnightBlue><a name=here8>"&"[ 8. 进程ID对应的启动服务 ]"&"</a></font ></h3>" set objIdDictionary = CreateObject("Scripting.Dictionary") strComputer = "." Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") Set colServices = objWMIService.ExecQuery _ ("Select * from Win32_Service Where State <> 'Stopped'") For Each objService in colServices If objIdDictionary.Exists(objService.ProcessID) Then Else objIdDictionary.Add objService.ProcessID, objService.ProcessID End If Next colProcessIDs = objIdDictionary.Items oF.WriteLine "<TABLE BORDER=1 style=font-size:9pt cellspacing=1>" For i = 0 to objIdDictionary.Count - 1 Set colServices = objWMIService.ExecQuery _ ("Select * from Win32_Service Where ProcessID = '" & _ colProcessIDs(i) & "'") oF.WriteLine "<TR><TH bgColor=#808080>Process ID: </TH><td>" &colProcessIDs(i)&"<td/>" For Each objService in colServices oF.WriteLine "<tr><td COLSPAN=2>" & objService.DisplayName &"</td></tr>" Next Next oF.WriteLine "</TABLE>" '--------------------------------- '检测服务 ' -------------------------------- oF.WriteLine "<h3>"&"<font color=MidnightBlue><a name=here9>"&"[ 9. 服务 ]"&"</a></font >"&"</h3>" strComputer = "." Set objWMIService = GetObject("winmgmts:" & _ "{impersonationLevel=Impersonate}!\\" & strComputer & "\root\cimv2") Set colStartServices = objWMIService.ExecQuery _ ("SELECT DisplayName,State FROM Win32_Service WHERE State = 'Running'") oF.WriteLine "<table BORDER=1 style=font-size:9pt width=100% cellspacing=1>" oF.WriteLine "<tr><th bgColor=#808080>Running server list:</th></tr>" of.writeline "<tr><td>" For Each objService in colStartServices of.writeline "<p>" & objService.DisplayName & "</p>" Next oF.WriteLine "</td></tr></table>" Set objWMIService = GetObject("winmgmts:\\" & strComputer) Set colServices = objWMIService.InstancesOf("Win32_Service") oF.WriteLine "<table BORDER=1 style=font-size:9pt width=100% cellspacing=1>" oF.WriteLine "<tr><th bgColor=#808080>Name:</th><th bgColor=#808080>Display Name:</th><th bgColor=#808080>Path Name:</th><th bgColor=#808080>Start Mode:</th><th bgColor=#808080>State:</th></tr>" For Each objService In colServices oF.WriteLine "<tr>"&"<td>" &objService.Name &"</td>"&_ "<td>" & objService.DisplayName&"</td>"& _ "<td>" & objService.PathName &"</td>"& _ "<td>" & objService.StartMode &"</td>"& _ "<td>" &objService.State &"</td>" Next oF.WriteLine "</tr></table>" '--------------------------------- '检测补丁 ' -------------------------------- oF.WriteLine "<h3>"&"<font color=MidnightBlue><a name=here10>"&"[ 10. 补丁 ]"&"</a></font >"&"</h3>" strComputer = "." Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") Set colOperatingSystems = objWMIService.ExecQuery _ ("Select * from Win32_OperatingSystem") For Each objOperatingSystem in colOperatingSystems PACKVER = objOperatingSystem.ServicePackMajorVersion _ & "." & objOperatingSystem.ServicePackMinorVersion Next Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") Set colQuickFixes = objWMIService.ExecQuery _ ("Select * from Win32_QuickFixEngineering") oF.WriteLine "<table BORDER=1 style=font-size:9pt cellspacing=1>" oF.WriteLine "<tr><th bgColor=#808080>PackVersion: </th><td>"&PACKVER&"</td></tr>" ' oF.WriteLine "<td>Computer: </td>" oF.WriteLine "<tr><th bgColor=#808080>Description:</th>" oF.WriteLine "<th bgColor=#808080>Hotfix ID:</th>" ' oF.WriteLine "<td>Installation Date:</td>" ' oF.WriteLine "<td>Installed By:</td>" oF.WriteLine "</tr>" For Each objQuickFix in colQuickFixes oF.WriteLine "<tr>" ' oF.WriteLine "<td>" & objQuickFix.CSName & "</td>" oF.WriteLine "<td>" & objQuickFix.Description & "</td>" oF.WriteLine "<td>" & objQuickFix.HotFixID & "</td>" ' oF.WriteLine "<td>" & objQuickFix.InstallDate & "</td>" ' oF.WriteLine "<td>" & objQuickFix.InstalledBy & "</td>" oF.WriteLine "</tr>" Next oF.WriteLine "</table>" '--------------------------------- '检测软件 ' -------------------------------- 'get installed software oF.WriteLine "<h3>"&"<font color=MidnightBlue><a name=here11>"&"[ 11. 软件 ]"&"</a></font >"&"</h3>" oF.WriteLine "<table BORDER=1 style=font-size:9pt cellspacing=1>" Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2") oF.WriteLine "<tr><th bgColor=#808080>Caption:</th><th bgColor=#808080>version:</th></tr>" Set colApps = objWMIService.ExecQuery("Select * from Win32_Product") For Each objApp in colApps oF.WriteLine "<tr><td>"&objApp.Caption &"</td><td>"& objApp.Version &"</td></tr>" Next Dim oRegistry, sBaseKey, iRC, sKey, arSubKeys, sValue Const HKLM = &H80000002 'HKEY_LOCAL_MACHINE Set oRegistry = GetObject("winmgmts:\\" & strComputer & _ "/root/default:StdRegProv") sBaseKey = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\" iRC = oRegistry.EnumKey(HKLM, sBaseKey, arSubKeys) For Each sKey In arSubKeys iRC = oRegistry.GetStringValue(HKLM, sBaseKey & sKey, _ "DisplayName", sValue) version= oRegistry.GetStringValue(HKLM, sBaseKey & sKey, _ "DisplayVersion", sVer) If iRC <> 0 Then oRegistry.GetStringValue HKLM, sBaseKey & sKey, _ "QuietDisplayName", sValue End If If sValue <> "" Then of.writeline"<tr><td>" & sValue & "</td><td>" & sver & "</td></tr>" ElseIf Err <> 0 Then of.writeline"<tr><td>"& "Installed App Name Not Available" & "</td></tr>" err.clear err.Number=0 End If Next Const ADMINISTRATIVE_TOOLS = &H2f& Set objShell = CreateObject("Shell.Application") Set objFolder = objShell.Namespace(ADMINISTRATIVE_TOOLS) Set objTools = objFolder.Items oF.WriteLine "<tr><th bgColor=#808080>Admin tools:</th></tr>" For i = 0 to objTools.Count - 1 oF.WriteLine "<tr><td>"& objTools.Item(i)&"</td></tr>" Next oF.WriteLine "</table>" '--------------------------------- '检测帐号 ' -------------------------------- oF.WriteLine "<h3><font color=MidnightBlue><a name=here12>"&"[ 12. 帐号 ]"&"</a></font ></h3>" strComputer = "." Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2") Set colItems = objWMIService.ExecQuery("Select * from Win32_UserAccount",,48) oF.WriteLine "<table width=100% BORDER=1 style=font-size:9pt cellspacing=1>" oF.writeline "<tr><th bgColor=#808080>" &"Name: "& "</th>"_ &"<th bgColor=#808080>"&"Description: "& "</th>"_ &"<th bgColor=#808080>"&"Lockout: "& "</th>"_ &"<th bgColor=#808080>"&"PasswordChangeable: "& "</th>"_ &"<th bgColor=#808080>"&"PasswordExpires: "& "</t>"_ &"<th bgColor=#808080>"&"SID: " & "</th>"_ &"<th bgColor=#808080>"& "Status: "& "</th>"_ &"<th bgColor=#808080>"& "administrators: "& "</th>" For Each objItem in colItems strUser = objItem.Name Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators") oF.writeline "<tr><td>" & objItem.Name &"</td><td>" & _ objItem.Description &"</td><td>" & _ objItem.Lockout &"</td><td>" & _ objItem.PasswordChangeable &"</td><td>" & _ objItem.PasswordExpires &"</td><td>" & _ objItem.SID &"</td><td>" & _ objItem.Status&"</td>" For Each objUser in objGroup.Members If objUser.Name = strUser Then oF.writeline "<td>True</td>" End If Next Next On Error Resume Next Set objNetwork = CreateObject("Wscript.Network") strComputer = objNetwork.ComputerName strPassword = "" Set colAccounts = GetObject("WinNT://" & strComputer) colAccounts.Filter = Array("user") For Each objUser In colAccounts objUser.ChangePassword strPassword, strPassword If Err = 0 or Err = -2147023569 Then oF.writeline "<p><font size=2>" &objUser.Name & " password is null !.</font></p>" End If Err.Clear Next oF.WriteLine "</tr>" oF.WriteLine "</table>" '--------------------------------- '检查计划任务 ' -------------------------------- oF.WriteLine "<h3><font color=MidnightBlue><a name=here13>"&"[ 13. AT创建的计划任务 ]"&"</a></font ></h3>" oF.writeline "<table width=100% BORDER=1 style=font-size:9pt cellspacing=1>" 'oF.writeline "<tr><th bgColor=#808080>Caption:</th><th bgColor=#808080>Command:</th><th bgColor=#808080>Days Of Month:</th><th bgColor=#808080>Days Of Week:</th><th bgColor=#808080>Description: </th><th bgColor=#808080>Elapsed Time:</th><><></th><><><> strComputer = "." Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") Set colScheduledJobs = objWMIService.ExecQuery _ ("Select * from Win32_ScheduledJob") For Each objJob In colScheduledJobs oF.writeline "<tr><th bgColor=#808080>Caption:</th><td> " & objJob.Caption &"</td></tr>" oF.writeline "<tr><th bgColor=#808080>Command:</th><td> " & objJob.Command &"</td></tr>" oF.writeline "<tr><th bgColor=#808080>Days Of Month: </th><td>" & objJob.DaysOfMonth &"</td></tr>" oF.writeline "<tr><th bgColor=#808080>Days Of Week: </th><td>" & objJob.DaysOfWeek &"</td></tr>" oF.writeline "<tr><th bgColor=#808080>Description: </th><td>" & objJob.Description &"</td></tr>" oF.writeline "<tr><th bgColor=#808080>Elapsed Time: </th><td>" & objJob.ElapsedTime &"</td></tr>" oF.writeline "<tr><th bgColor=#808080>Install Date: </th><td>" & objJob.InstallDate &"</td></tr>" oF.writeline "<tr><th bgColor=#808080>Interact with Desktop: </th><td>" & objJob.InteractWithDesktop &"</td></tr>" oF.writeline "<tr><th bgColor=#808080>Job ID: </th><td>" & objJob.JobID &"</td></tr>" oF.writeline "<tr><th bgColor=#808080>Job Status: </th><td>" & objJob.JobStatus &"</td></tr>" oF.writeline "<tr><th bgColor=#808080>Name: </th><td>" & objJob.Name &"</td></tr>" oF.writeline "<tr><th bgColor=#808080>Notify: </th><td>" & objJob.Notify &"</td></tr>" oF.writeline "<tr><th bgColor=#808080>Owner: </th><td>" & objJob.Owner &"</td></tr>" oF.writeline "<tr><th bgColor=#808080>Priority: </th><td>" & objJob.Priority &"</td></tr>" oF.writeline "<tr><th bgColor=#808080>Run Repeatedly: </th><td>" & objJob.RunRepeatedly &"</td></tr>" oF.writeline "<tr><th bgColor=#808080>Start Time: </th><td>" & objJob.StartTime &"</td></tr>" oF.writeline "<tr><th bgColor=#808080>Status: </th><td>" & objJob.Status &"</td></tr>" oF.writeline "<tr><th bgColor=#808080>Time Submitted: </th><td>" & objJob.TimeSubmitted &"</td></tr>" oF.writeline "<tr><th bgColor=#808080>Until Time: </th><td>" & objJob.UntilTime &"</td></tr>" Next oF.writeline "</table>" '---------------------------------- '获取文件信息函数 '---------------------------------- Function getfileinfo (targetfiles) Set objFSO = CreateObject("Scripting.FileSystemObject") Set objFile = objFSO.GetFile (targetfiles) oF.WriteLine "<tr><td>" & objFile.Path &"</td>" oF.WriteLine "<td>" & objFile.Size &"</td>" oF.WriteLine "<td>" & objFile.Type &"</td>" oF.WriteLine "<td>" & objFile.DateCreated &"</td>" oF.WriteLine "<td>" & objFile.DateLastModified &"</td>" oF.WriteLine "<td>" & objFile.DateLastAccessed &"</td></tr>" End Function oF.WriteLine "<h3><font color=MidnightBlue><a name=here14>"&"[ 14. 重要文件属性 ]"&"</a></font ></h3>" oF.writeline "<table BORDER=1 style=font-size:9pt width=100% cellspacing=1>" oF.WriteLine "<tr><th bgColor=#808080>Path:</th><th bgColor=#808080>Size:</th><th bgColor=#808080>Type:</th><th bgColor=#808080>Date created:</th><th bgColor=#808080>Date last modified:</th><th bgColor=#808080>Date last accessed:</th></tr>" getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\cmd.exe" getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\services.exe" getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\xcopy.exe" getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\arp.exe" getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\posix.exe" getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\cacls.exe" getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\debug.exe" getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\telnet.exe" getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\ftp.exe" getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\tftp.exe" getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\tracert.exe" getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\edlin.exe" getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\rsh.exe" getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\ipconfig.exe" getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\regedt32.exe" getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\finger.exe" getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\at.exe" getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\netstat.exe" getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\wscript.exe" getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\cscript.exe" getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\ping.exe" getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\atsvc.exe" getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\rcp.exe" getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\regedit.exe" getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\nslookup.exe" getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\runonce.exe" getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\net.exe" getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\route.exe" getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\copy.exe" getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\user.exe" getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\csrss.exe" getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\rexec.exe" getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\nbtstat.exe" getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\notepad.exe" getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\edit.com" oF.writeline "</table>" 'get autorun oF.WriteLine "<h3><font color=MidnightBlue><a name=here15>"&"[ 15. 自启动项 ]"&"</a></font></h3>" oF.writeline "<table BORDER=1 style=font-size:9pt width=100% cellspacing=1>" Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") Set colStartupCommands = objWMIService.ExecQuery _ ("Select * from Win32_StartupCommand") oF.writeline "<tr><th bgColor=#808080>User:</th><th bgColor=#808080>Location:</th><th bgColor=#808080>Name:</th><th bgColor=#808080>Command:</th>" For Each objStartupCommand in colStartupCommands oF.writeline "<tr><td>"&objStartupCommand.User&"</td><td>"&objStartupCommand.location&"</td><td>"&objStartupCommand.name &"</td><td>"& objStartupCommand.command&"</td></tr>" Next oF.WriteLine "</table>" '--------------------------------- '检查注册表自启动项目 ' -------------------------------- oF.WriteLine "<h3><font color=MidnightBlue><a name=here16>"&"[ 16. 注册表 ]"&"</a></font></h3>" Const HKEY_CLASSES_ROOT = &H80000000 Const HKEY_CURRENT_USER = &H80000001 Const HKEY_LOCAL_MACHINE = &H80000002 Const HKEY_USERS=&H80000003 Const HKEY_CURRENT_CONFIG=&H80000005 Const REG_SZ = 1 Const REG_EXPAND_SZ = 2 Const REG_BINARY = 3 Const REG_DWORD = 4 Const REG_MULTI_SZ = 7 strComputer = "." Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_ strComputer & "\root\default:StdRegProv") On Error Resume Next oF.writeline "<table BORDER=1 style=font-size:9pt width=100% cellspacing=1>" oF.writeline "<tr><th bgColor=#808080>读取此项内容</th><th bgColor=#808080>内容</th></tr>" 'enum subkeys\all entryNames oReg.GetdwordValue HKEY_LOCAL_MACHINE,"SYSTEM\CurrentControlSet\Services\lanmanserver\parameters","Autoshareserver",strValue If IsNull(strValue) Then Else oF.WriteLine "<tr><td>"&"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\Autoshareserver" &"</td>" oF.WriteLine "<td>"&strValue &"</td></tr>" End If oReg.GetstringValue HKEY_LOCAL_MACHINE,"Software\Microsoft\Windows NT\CurrentVersion\Winlogon","Shell",strValue If IsNull(strValue) Then Else oF.WriteLine "<tr><td>"&"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\shell" &"</td>" oF.WriteLine "<td>"&strValue &"</td></tr>" End If oreg.GetstringValue HKEY_LOCAL_MACHINE,"Software\Microsoft\Windows NT\CurrentVersion\Winlogon","Userinit",strValue If IsNull(strValue) Then Else oF.WriteLine "<tr><td>"&"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\Userinit" &"</td>" oF.WriteLine "<td>"&strValue &"</td></tr>" End If oReg.GetstringValue HKEY_LOCAL_MACHINE,"Software\Microsoft\Windows NT\CurrentVersion\Windows","run",strValue If IsNull(strValue) Then Else oF.WriteLine "<tr><td>"&"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\run" &"</td>" oF.WriteLine "<td>"&strValue &"</td></tr>" End If oReg.GetstringValue HKEY_CURRENT_USER,"Software\Microsoft\Windows NT\CurrentVersion\Windows","run",strValue If IsNull(strValue) Then Else oF.WriteLine "<tr><td>"&"HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\run" &"</td>" oF.WriteLine "<td>"&strValue &"</td></tr>" End If oReg.GetstringValue HKEY_CURRENT_USER,"Software\Microsoft\Windows NT\CurrentVersion\Windows","load",strValue If IsNull(strValue) Then Else oF.WriteLine "<tr><td>"&"HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load" &"</td>" oF.WriteLine "<td>"&strValue &"</td></tr>" End If oreg.getdwordvalue HKEY_LOCAL_MACHINE,"SYSTEM\CurrentControlSet\Services\EventLog\Application","Maxsize",dwordvalue If IsNull(strValue) Then Else oF.WriteLine "<tr><td>"&"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Maxsize" &"</td>" oF.WriteLine "<td>"&dwordValue &"</td></tr>" End If oreg.getdwordvalue HKEY_LOCAL_MACHINE,"SYSTEM\CurrentControlSet\Services\EventLog\security","Maxsize",dwordvalue If IsNull(strValue) Then Else oF.WriteLine "<tr><td>"&"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\security\Maxsize" &"</td>" oF.WriteLine "<td>"&dwordValue &"</td></tr>" End If oreg.getdwordvalue HKEY_LOCAL_MACHINE,"SYSTEM\CurrentControlSet\Services\EventLog\system","Maxsize",dwordvalue If IsNull(strValue) Then Else oF.WriteLine "<tr><td>"&"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\system\Maxsize" &"</td>" oF.WriteLine "<td>"&dwordValue &"</td></tr>" End If oreg.getdwordvalue HKEY_LOCAL_MACHINE,"SYSTEM\CurrentControlSet\Control\Lsa","restrictanonymous",dwordvalue If IsNull(strValue) Then Else oF.WriteLine "<tr><td>"&"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\RestrictAnonymous" &"</td>" oF.WriteLine "<td>"&dwordValue &"</td></tr>" End If oreg.getdwordvalue HKEY_LOCAL_MACHINE,"System\CurrentControlSet\Services\NetBT\Parameters","SMBDeviceEnabled",dwordvalue If IsNull(strValue) Then Else oF.WriteLine "<tr><td>"&"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\SMBDeviceEnabled" &"</td>" oF.WriteLine "<td>"&dwordValue &"</td></tr>" End If oReg.GetStringValue HKEY_LOCAL_MACHINE,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows","Appinit_Dlls",stringvalue If IsNull(strValue) Then Else oF.WriteLine "<tr><td>"&"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls" &"</td>" oF.WriteLine "<td>"&stringvalue &"</td></tr>" End If oF.writeline "<tr><th bgColor=#808080>枚举此键内容</th><th bgColor=#808080>项目名</th><th bgColor=#808080>数据类型</th></tr>" 'get entryNames values RegEnum HKEY_LOCAL_MACHINE,"SOFTWARE\Microsoft\Windows\CurrentVersion\Run" RegEnum HKEY_LOCAL_MACHINE,"SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx" RegEnum HKEY_LOCAL_MACHINE,"SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" RegEnum HKEY_LOCAL_MACHINE,"SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices" RegEnum HKEY_LOCAL_MACHINE,"SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" RegEnum HKEY_CURRENT_USER,"SOFTWARE\Microsoft\Windows\CurrentVersion\Run" RegEnum HKEY_CURRENT_USER,"SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" RegEnum HKEY_CURRENT_USER,"SOFTWARE\Micrsoft\Windows\CurrentVersion\RunOnceEx" RegEnum HKEY_CURRENT_USER,"SOFTWARE\Micrsoft\Windows\CurrentVersion\RunServices" 'the dll files Location: C:\WINDOWS\system32 RegEnum HKEY_LOCAL_MACHINE,"System\CurrentControlSet\Control\Session Manager\KnownDLLs" Function RegEnum (Subtrees,strKeyPath) On Error Resume Next oReg.EnumValues Subtrees, strKeyPath,_ arrValueNames, arrValueTypes If Not IsNull(arrvaluenames) Then If Subtrees= &H80000002 Then oF.WriteLine "<tr><td>"&"HKEY_LOCAL_MACHINE\"&strKeyPath &"</td></tr>" Elseif Subtrees=&H80000001 Then oF.WriteLine "<tr><td>"& "HKEY_CURRENT_USER\"&strKeyPath &"</td></tr>" End If End If For i=0 To UBound(arrValueNames) oF.WriteLine "<tr><td></td><td>"& arrValueNames(i) &"</td>" Select Case arrValueTypes(i) Case REG_SZ oF.WriteLine "<td>"& "String" &"</td></tr>" Case REG_EXPAND_SZ oF.WriteLine "<td>"& "Expanded String" &"</td></tr>" Case REG_BINARY oF.WriteLine "<td>"& "Binary" &"</td></tr>" Case REG_DWORD oF.WriteLine "<td>"& "DWORD" &"</td></tr>" Case REG_MULTI_SZ oF.WriteLine "<td>"& "Multi String" &"</td></tr>" End Select Next End Function strKeyPath = "SYSTEM\CurrentControlSet\Control\SecurePipeServers\Winreg" oReg.CheckAccess HKEY_LOCAL_MACHINE, strKeyPath, KEY_QUERY_VALUE, bHasAccessRight If bHasAccessRight = True Then a=" Query" Else a= " Not Query" End If oReg.CheckAccess HKEY_LOCAL_MACHINE, strKeyPath, KEY_SET_VALUE, bHasAccessRight If bHasAccessRight = True Then b= " Set" Else b=" Not Set " End If oReg.CheckAccess HKEY_LOCAL_MACHINE, strKeyPath, KEY_CREATE_SUB_KEY, bHasAccessRight If bHasAccessRight = True Then c= " Create" Else c=" Not Create" End If oReg.CheckAccess HKEY_LOCAL_MACHINE, strKeyPath, DELETE, bHasAccessRight If bHasAccessRight = True Then d=" DELETE" Else d=" NotDelete" End If oF.writeline "<tr><th bgColor=#808080>检查项目</th><th bgColor=#808080>支持的权限" oF.WriteLine "<tr><td>"&"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\Winreg"&"</td><td>"&a&b&c&d&"</td></tr>" oF.writeline "</table>" '------------------------------------------------------------ 'Set fs=CreateObject("scripting.filesystemobject") 'Set f0=fs.getspecialfolder(0) 'Set f1=fs.getspecialfolder(1) 'Set f2=fs.getspecialfolder(2) 'system32=f1 'oF.writeline "<table BORDER=1 style=font-size:9pt>" 'oF.WriteLine "<tr><th>" 'WScript.Echo f0&f1&f2 'Set objShell = CreateObject ("Shell.Application") 'Set objFolder = objShell.Namespace (system32) 'Set objFSO = CreateObject("Scripting.FileSystemObject") 'Dim arrHeaders(13) 'For i = 0 to 13 ' arrHeaders(i) = objFolder.GetDetailsOf (objFolder.Items, i) 'Next 'For Each strFileName in objFolder.Items ' For i = 0 to 13 ' If i <> 9 Then ' oF.writeline "<tr><th>"& arrHeaders(0)&"</th><th>"& arrHeaders(1)&"</th><th>"& arrHeaders(2)&"</th><th>"& arrHeaders(3)&"</th><th>"& arrHeaders(4)&"</th><th>"& arrHeaders(5)&"</th><th>"& arrHeaders(6)&"</th><th>"& arrHeaders(7)&"</th><th>"& arrHeaders(8)&"</th><th>"& arrHeaders(9)&"</th><th>"& arrHeaders(10)&"</th><th>"& arrHeaders(11)&"</th><th>"& arrHeaders(12)&"</th><th>"& arrHeaders(13)&"</th></tr>" ' oF.writeline "<tr><td>" &objFolder.GetDetailsOf (strFileName, 0) &"</td>"&"<td>" &objFolder.GetDetailsOf (strFileName, 1) &"</td>"&"<td>" &objFolder.GetDetailsOf (strFileName, 2) &"</td>"&"<td>" &objFolder.GetDetailsOf (strFileName, 3) &"</td>"&"<td>" &objFolder.GetDetailsOf (strFileName, 4) &"</td>"&"<td>" &objFolder.GetDetailsOf (strFileName, 5) &"</td>"&"<td>" &objFolder.GetDetailsOf (strFileName, 6) &"</td>"&"<td>" &objFolder.GetDetailsOf (strFileName, 7) &"</td>"&"<td>" &objFolder.GetDetailsOf (strFileName,8) &"</td>"&"<td>" &objFolder.GetDetailsOf (strFileName, 9) &"</td>"&"<td>" &objFolder.GetDetailsOf (strFileName, 10) &"</td>"&"<td>" &objFolder.GetDetailsOf (strFileName, 11) &"</td>"&"<td>" &objFolder.GetDetailsOf (strFileName, 12) &"</td><td>" &objFolder.GetDetailsOf (strFileName, 13) &"</td></tr>" ' End If 'Next 'WScript.Echo 'Next 'sys file read 'Set fs=CreateObject("scripting.filesystemobject") 'Set f0=fs.getspecialfolder(0) 'Set f1=fs.getspecialfolder(1) 'Set f2=fs.getspecialfolder(2) 'winfile=f0&"\"&"win.ini" 'sysfile="C:\WINDOWS\SYSTEM.INI" 'set file2=oFSO.OpenTextFile (sysfile,forreading,True) 'While file2.AtEndOfStream<>True 'ccc=ReadLine 'oF.WriteLine "<p><font size=2>" &ccc&"</font></p>" 'Wend '--------------------------------- '导出系统日志为html ' -------------------------------- oF.WriteLine "<h3><font color=MidnightBlue><a name=here17>"&"[ 17. 系统日志 ]"&"</a></font></h3>" msg="是否导出系统日志为单独的html报告?"& VbCrLf msg=msg&"日志筛选内容包括:"& VbCrLf msg=msg&" 1.登录失败"& VbCrLf msg=msg&" 2.错误、警告、安全审核失败 "& VbCrLf Set objShell = WScript.CreateObject("Wscript.Shell") EventDoIt = MsgBox(msg,vbQuestion+vbYesNo+vbSystemModal,"运行提示") If EventDoIt = vbNo Then oF.writeline "<p><font size=2>程序运行没有选择导出日志</font></p>" Run_complete WScript.Quit End If oF.writeline "<p><font size=2><a href="&EventReport&">点击打开 "&EventReport&" 查看日志</a></font></p>" Set objWMIService = GetObject("winmgmts:{(Security)}\\" & strComputer & "\root\cimv2") Set colEvents = objWMIService.ExecQuery("Select * from Win32_NTLogEvent Where Logfile = 'Security' and EventCode = '529'") eventlog.WriteLine "<head><title>eventLog build by bkReport.vbs</title></head>" eventlog.writeline "<table BORDER=1 style=font-size:9pt width=100% cellspacing=1>" eventlog.Writeline "<tr><th bgColor=#808080 COLSPAN=6>登录失败日志信息</th></tr>" eventlog.Writeline "<tr><th bgColor=#808080>Category: </th>" eventlog.Writeline "<th bgColor=#808080>Event Code: </th>" eventlog.Writeline "<th bgColor=#808080>Record Number: </th>" eventlog.Writeline "<th bgColor=#808080>Event Type: </th>" eventlog.Writeline "<th bgColor=#808080>Time Written: </th>" eventlog.Writeline "<th bgColor=#808080>Message: </th></tr>" For Each objEvent in colEvents eventlog.Writeline "<tr><td>" & objEvent.Category &"</td>" eventlog.Writeline "<td>" & objEvent.EventCode &"</td>" eventlog.Writeline "<td>" & objEvent.RecordNumber &"</td>" eventlog.Writeline "<td>" & objEvent.Type &"</td>" eventlog.Writeline "<td>" & objEvent.TimeWritten &"</td>" eventlog.Writeline "<td>" & objEvent.Message &"</td></tr>" Next Set colLoggedEvents = objWMIService.ExecQuery _ ("Select * from Win32_NTLogEvent Where Type <> 'information' AND Type <> 'audit success'") eventlog.Writeline "<tr><th bgColor=#808080 COLSPAN=6>错误、警告、安全审核失败日志信息</th></tr>" eventlog.Writeline "<tr><th bgColor=#808080>Category: </th>" eventlog.Writeline "<th bgColor=#808080>Event Code: </th>" eventlog.Writeline "<th bgColor=#808080>Record Number: </th>" eventlog.Writeline "<th bgColor=#808080>Event Type: </th>" eventlog.Writeline "<th bgColor=#808080>Time Written: </th>" eventlog.Writeline "<th bgColor=#808080>Message: </th></tr>" For Each objEvent in colLoggedEvents eventlog.Writeline "<tr><td>" & objEvent.Category &"</td>" eventlog.Writeline "<td>" & objEvent.EventCode &"</td>" eventlog.Writeline "<td>" & objEvent.RecordNumber &"</td>" eventlog.Writeline "<td>" & objEvent.Type &"</td>" eventlog.Writeline "<td>" & objEvent.TimeWritten &"</td>" eventlog.Writeline "<td>" & objEvent.Message &"</td></tr>" Next oF.writeline "</table>" oF.WriteLine "</html>" Run_complete oF.closee Sub Run_complete dtmEnd = Now() oF.Writeline "<p> </p><p> </p><p> </p><p> </p><p> </p>" oF.Writeline "<hr width=90% color=#ff8000>" oF.Writeline "<p align=center><font size=2>脚本运行时间 "& DateDiff("s", dtmStart, dtmEnd)&" 秒 问题反馈eMail: qinbo@nsfocus.com</font></p>" objShell.run MainReport End Sub '******************************************************************** '* * '* End of File * '* * '********************************************************************
迷茫的人生,需要不断努力,才能看清远方模糊的志向!
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· DeepSeek 开源周回顾「GitHub 热点速览」
· 物流快递公司核心技术能力-地址解析分单基础技术分享
· .NET 10首个预览版发布:重大改进与新特性概览!
· AI与.NET技术实操系列(二):开始使用ML.NET
· 单线程的Redis速度为什么快?