I‘m trying to set via VBS the Win32_NTEventlogFile to keep entries for 10 days. I know I need an elevated shell to modify the security log. I’ve used the samples from Microsoft with this code
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate,(Security)}!\\" & _
strComputer & "\root\cimv2")
Set colLogFiles = objWMIService.ExecQuery _
("Select * from Win32_NTEventLogFile " _
& "Where LogFileName='Security'")
For Each objLogFile in colLogFiles
objLogfile.MaxFileSize = (50*1024)
objLogFile.OverwriteOutDated=10
objLogFile.OverwritePolicy=OutDated
objLogFile.Put_(&H20000)
Next
This works for changing the maximum file size, but it does not work for setting the retention cycle.
When I query OverwriteOutDated again after changing it it says ‚0‘ in WMI. When I access it with powershell PS Get-Eventlog -List
It reports
Retain: -1
OverflowAction: DoNotOverwrite
But when I change it via powershell with
Limit-EventLog -LogName Security -RetentionDays 10 -OverflowAction OverwriteOlder
It works
Retain: 10
OverflowAction: OverwriteOlder
There is no error in the WMI call reported. I just seems to mess up the entry. Am I forgetting something when trying to change the retention cycle via WMI?
Related
Ok so What I would like is a script that uses the invoke web request command based on a given system info.
So let's say i have two different installers one for a Nvidia gpu system and another for an AMD gpu system, I can already get the gpu info using another script, and save it to a html link or a text file, but how can I use this information, using invoke web request, to download the right installer?
This is the VB script I use to fetch the GPU info:
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer &"\root\CIMV2")
Set colItems = objWMIService.ExecQuery( _ "SELECT *FROM Win32_VideoController",,48)
For Each objItem in colItems
Wscript.Echo "-----------------------------------"
Wscript.Echo "Win32_VideoController instance"
Wscript.Echo "-----------------------------------"
Wscript.Echo"Caption:"&objItem.Caption
Next
You don't need to mix-and-match VBS and PowerShell, PowerShell is perfectly capable of querying WMI on its own!
Use Where-Object to filter the results based on the Caption value, then use an if statement to determine whether any of each type was found:
$allVideoControllers = Get-CimInstance -Class Win32_VideoController
if($allVideoControllers |Where-Object Caption -like '*NVidia*'){
# Found an nvdia card, download and run the nvidia installer in here
}
if($allVideoControllers |Where-Object Caption -like '*AMD*'){
# Found an AMD card, download and run the AMD installer in here
}
I'm trying to figure out a way to scan all devices (without drivers installed) and install them one by one automatically.
I've made a simple script that adds/removes a registry value for driver locations, since we have a server with all the current drivers and it's updated frequently, so instead of pointing device manager to that location manually the script does it for me.
Problem is we work in a production environment and we have a lot of different devices to install, and doing it manually takes too long, even with the script i have to click each device and update the driver, the scripts just makes it a little easier by pointing it to the server with the drivers.
So basically i'm try to make the script add the location (this works fine ATM) and them update each device without prompting the user.
Option Explicit
Set ws = WScript.CreateObject("WScript.Shell")
Dim s, ws, rl
rl = "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\"
s = InputBox("Please select what you want to do" & _
vbCrLf & vbTab & "1 - Clear all, set default driver path." & _
vbCrLf & vbTab & "2 - Default path + production drivers" & _
vbCrLf & vbTab & "3 - Default and production path + Skylake drivers")
If s = 1 then
ws.RegWrite rl & "DevicePath", "%SystemRoot%\inf" , "REG_EXPAND_SZ"
ElseIf s = 2 then
ws.RegWrite rl & "DevicePath", "%SystemRoot%\inf; B:\LocalDrivers\; \\ccdsrv01\shares\Resources\Drivers\Client" , "REG_EXPAND_SZ"
ElseIf s = 3 then
ws.RegWrite rl & "DevicePath", "%SystemRoot%\inf; B:\LocalDrivers\; \\ccdsrv01\shares\Resources\Drivers\Client; \\ccdsrv01\shares\Resources\PreProd\SkyBay (Skylake-SunrisePoint)\New" , "REG_EXPAND_SZ"
End If
As we know it's easy to get client site name in windows 2003 via WMI_NTdomain.clientsitename, object status by WMI_NTdomain.status , but that class doesn't exist in Windows 2000. So can you show me how to get those value by script or command line?
My old system is still running well on windows 2000, i don't want to change it at now.
Grab HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters\DynamicSiteName with reg.exe, vbscript, or your favorite scripting/programing language.
Edit:
I admit that I haven't seen W2k for some time now. Does this VB Script output usefull information:
option explicit
dim adSys
Set adSys = CreateObject("ADSystemInfo")
WScript.Echo "SiteName=" & adSys.SiteName
'WScript.Echo "Computername DN=" & adSys.ComputerName
'WScript.Echo "Username DN=" & adSys.UserName
'WScript.Echo "DomainDNSName (Comp)=" & adSys.DomainDNSName
'WScript.Echo "DomainShortName (Comp)=" & adSys.DomainShortName
'WScript.Echo "ForestDNSName (Comp)=" & adSys.ForestDNSName
You could also use the WMI ScriptOMatic to search for the relevent class.
I've got the following code to end a process, but I still receive an error code 2 (Access Denied).
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colProcessList = objWMIService.ExecQuery("SELECT * FROM Win32_Process WHERE Name = 'MSSEARCH.exe'")
For each objProcess in colProcessList
wscript.echo objProcess.processid
intrc = objProcess.Terminate()
if intrc = 0 then wscript.echo "succesfully killed process" else wscript.echo "Could not kill process. Error code: " & intrc End if
It's quite legitimate to get "access denied" for ending a program. If it's a service (which I'm guessing mssearch.exe is), then it is probably running as the "SYSTEM" user, which has higher privileges than even the Administrator account.
You can't log on as the SYSTEM account, but you could probably write a service to manage other services...
As a non-privileged user, you can only end processes you own. In a multiuser environment this can bite you in the ankle, because WMI would return equally named processes from other users as well, unless you write a more specific WQL query.
If your process is a service, and your script runs under a privileged account, you may still need to take "the regular route" to stop it, for example using WScript.Shell to call net stop or sc.exe, or, more elegantly, using the Win32_Service class:
Set Services = objWMIService.ExecQuery _
("SELECT * FROM Win32_Service WHERE Name = '" & ServiceName & "'")
For Each Service In Services
Service.StopService()
WSCript.Sleep 2000 ' wait for the service to terminate '
Next
If you look on this page: http://msdn.microsoft.com/en-us/library/aa393907(VS.85).aspx you would see that error code 2 is access denied instead of file not found
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
We recently switched our Windows software packages from RPM (cygwin) to MSI (wix). Having a native packaging is a much welcome change and we intend to stick with it. However, MSI feels overly complicated for what it does and doesn't seem to provide some basic abilities. But I'm probably mistaken.
Is there a way to list all installed MSI from the command line ?
Mabybe this is a good starting point for you example VB Script from MSDN:
strComputer = "."
Set objWMIService = GetObject("winmgmts:" & _
"{impersonationLevel=impersonate}!\\" & _
strComputer & _
"\root\cimv2")
Set colSoftware = objWMIService.ExecQuery _
("SELECT * FROM Win32_Product")
If colSoftware.Count > 0 Then
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.CreateTextFile( _
"c:\SoftwareList.txt", True)
For Each objSoftware in colSoftware
objTextFile.WriteLine objSoftware.Caption & vbtab & _
objSoftware.Version
Next
objTextFile.Close
Else
WScript.Echo "Cannot retrieve software from this computer."
End If
You may use PowerShell and Windows Management Instrumentation (WMI). Here is a one liner:
Get-WmiObject -Class win32_product
Here is help for the Get-WmiObject cmdlet:
http://technet.microsoft.com/en-us/library/dd315295.aspx
Here is a sample where we select the first installed program and format it as a table:
PS C:\Users\knut> Get-WmiObject -Class win32_product |
>> select -First 1 | ft Name, Version, Vendor -AutoSize
>>
Name Version Vendor
---- ------- ------
AWS SDK for .NET 1.2.0200 Amazon Web Services Developer Relations
I'm not sure if this is what you need but you can query the uninstall list from the command line with:
REG QUERY HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall