尝试开发审计程序

【问题标题】:Trying to develop auditing program尝试开发审计程序
【发布时间】:2019-04-24 01:52:54
【问题描述】:

当我在当地大学担任 IT 工作时,我已经编译了这个审计程序,但实际上我非常坚持实际抓取当前工作的驱动器并从 Programs 中提取所有文件strong> 和 Programs x86 以成功构建此应用程序,而不是使用注册表 (SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall),因为这不会只提取所有程序。

另外,我不确定如何获取脚本最初位于第二个粗体部分的当前活动目录驱动器,并创建一个文件夹,将文件作为 msinfo32.exe 系统名称保存到一个新文件夹中.

(不管叫什么名字)这是我一直在努力实现的一个长期目标,我完全迷失了。

' Sample VBScript to Export list of Installed Programs into CSV File.
' ------------------------------------------------------
const HKEY_LOCAL_MACHINE = &H80000002
Dim strComputer, strKeyPath
strComputer = "."

' Registry key path of Control panel items for installed programs

strKeyPath = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"

Dim objReg, strSubkey, arrSubkeys 

Set objReg=GetObject( _ 
    "winmgmts:{impersonationLevel=impersonate}!\\" & _
   strComputer & "\root\default:StdRegProv")

objReg.EnumKey HKEY_LOCAL_MACHINE, strKeyPath, arrSubkeys 

Dim objFSO, objCSVFile

' Create CSV file 
Const ForWriting = 2

Set objFSO = CreateObject("Scripting.FileSystemObject")

' Here, I have given CSV file path as "Installed-Softwares.csv", this will create Installed-Softwares.csv file
' where you placed and execute this VB Script file. You can give your own file path
' like "C:\Users\Administrator\Desktop\Installed-Softwares.csv"

Set objCSVFile = objFSO.CreateTextFile("F:\Custom\Installed-Softwares.csv", _ 
    ForWriting, True)**

' Write Software property names as CSV columns(first line)
 objCSVFile.Write "Name,Version,Publisher,Location,Size"
 objCSVFile.Writeline ' New Line

Dim Name,Version,Publisher,Location,Size

'Enumerate registry keys.
For Each strSubkey In arrSubkeys 
 objReg.GetStringValue HKEY_LOCAL_MACHINE, strKeyPath & strSubkey, "DisplayName" , Name
 If Name <> "" Then 
    objReg.GetStringValue HKEY_LOCAL_MACHINE, strKeyPath & strSubkey, "DisplayVersion", Version
           objReg.GetStringValue HKEY_LOCAL_MACHINE, strKeyPath & strSubkey, "Publisher",Publisher
           objReg.GetStringValue HKEY_LOCAL_MACHINE, strKeyPath & strSubkey, "InstallLocation", Location
           objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath & strSubkey, "EstimatedSize" , Size
  If  Size <> "" Then 
   Size= Round(Size/1024, 3) & " MB"
  Else 
   Size= "0 MB"
  End If 

objCSVFile.Write Name &","&Version&","&Publisher&","&Location&","&Size
           objCSVFile.Writeline ' New Line
      End If 
Next

WScript.Quit

注释:例如,从(例如C:\或当前主驱动器)程序文件和x86程序文件中拉取->放入列表->输出Currentdrive:\newfolder\msinfo32systemname。

此外,它显示的是 0 MB 而不是实际的 MB,我注意到输出文件正在执行此操作。这与其他文件结合使用,我实际上并没有完全从头开始编写代码。

信用:https://www.morgantechspace.com/2014/04/VBScript-to-Get-List-of-Installed-Software-through-Registry.html

【问题讨论】:

  • 如果你使用的是 PSv5+,你能不能只使用 Get-Package | Sort Name | Export-Csv C:\temp\installedItems.csv -NoTypeInformation 这样的东西?
  • 至于Size 问题:objReg.GetDWORDValue 得到一个数值。您正在将其与带有If Size &lt;&gt; "" Then 的字符串进行比较。将其更改为 If Size &lt;&gt; 0 Then

标签: powershell csv vbscript audit


【解决方案1】:

由于您将其标记为 Powershell,因此您可以使用以下功能来查找(远程)计算机上已安装的软件。它使用注册表,但在SOFTWARE\Microsoft\Windows\CurrentVersion\UninstallSOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall 中查找软件。

# Get the current path this script is in
$ScriptPath = if ($PSScriptRoot) { $PSScriptRoot } else { Split-Path $script:MyInvocation.MyCommand.Path }
# Combine to make a valid path for the output file
$OutputPath = Join-Path -Path $ScriptPath -ChildPath 'InstalledSoftware'
if (!(Test-Path -Path $OutputPath -PathType Container)) {
    New-Item -Path $OutputPath -ItemType Directory -Force | Out-Null
}


function Get-InstalledSoftware {
    [CmdletBinding()]
    param(
        [Parameter(ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, Position = 0)]
        [string[]]$ComputerName = $env:COMPUTERNAME,

        [Parameter(Mandatory = $false)]
        [string]$NamePattern = '*',

        [switch]$ExcludeUpdates
    )
    begin {
        $UninstallPaths = 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\',
                          'SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\'
    }
    process {
        foreach ($computer in $ComputerName) {
            $result = @()
            if ([string]::IsNullOrEmpty($computer) -or $computer -eq '.') { $computer = $env:COMPUTERNAME }
            $loggedOnUser = (Get-WmiObject -Class Win32_ComputerSystem -ComputerName $computer).UserName
            $regBaseKey   = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey([Microsoft.Win32.RegistryHive]::LocalMachine,$computer)
            foreach ($regPath in $UninstallPaths) {
                ($regBaseKey.OpenSubKey($regPath)) | foreach {
                    $_.GetSubKeyNames() | ForEach-Object {
                        $regSubKey   = $regBaseKey.OpenSubKey("$regPath$_")
                        $application = $regSubKey.GetValue('DisplayName')
                        $size        = [int64]$regSubKey.GetValue('EstimatedSize')
                        if (($application) -and ($application -like $NamePattern)) {
                            if (!$ExcludeUpdates -or ($application -notlike "*update*")) {
                                $result += [PSCustomObject]@{
                                    'Computer'        = $computer
                                    'Application'     = $application
                                    'Version'         = $regSubKey.GetValue('DisplayVersion')
                                    'InstallLocation' = $regSubKey.GetValue('InstallLocation')
                                    'UninstallString' = $regSubKey.GetValue('UninstallString')
                                    'Publisher'       = $regSubKey.GetValue('Publisher')
                                    'Size'            = '{0:F2} MB' -f ($size / 1MB)
                                    'LoggedOnUser'    = $loggedOnUser
                                }
                            }
                        }
                        # close $regSubKey
                        if ($regSubKey)  { $regSubKey.Close() }
                    }
                }
            }
            # close $regBaseKey
            if ($regBaseKey)  { $regBaseKey.Close() }

            # export the software list for this computer as CSV
            $outputFile = Join-Path -Path $OutputPath -ChildPath "msinfo32$computer"
            ($result | Sort-Object -Property 'Application' -Unique) | Export-Csv -Path $outputFile -NoTypeInformation

            # show on screen
            Write-Verbose "Created '$outputFile'"
        }
    }
}

它在当前脚本路径中创建一个名为“InstalledSoftware”的文件夹,其中每台计算机的 csv 文件保存为“msinfo32COMPUTERNAME.csv”

为本地计算机这样调用它:

Get-InstalledSoftware -NamePattern * -ExcludeUpdates -Verbose

或向它提供一组计算机名称(您拥有管理员权限),如下所示:

Get-InstalledSoftware -ComputerName machine1,machine2,machine3 -NamePattern * -ExcludeUpdates -Verbose

【讨论】:

猜你喜欢
  • 1970-01-01
  • 2013-12-28
  • 1970-01-01
  • 1970-01-01
  • 1970-01-01
  • 1970-01-01
  • 1970-01-01
  • 1970-01-01
  • 2011-05-06
相关资源
最近更新 更多
热门标签
Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode