powershell - 尝试开发审计程序
问题描述
不久前,当我在当地大学担任 IT 人员时,我已经编译了这个审计程序,我非常坚持实际抓住当前工作的驱动器并从Programs和Programs x86中提取所有文件以成功构建这个应用程序,而不是使用注册表 (SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall),因为这不会只提取所有程序。
另外,我不确定如何获取脚本最初位于第二个粗体部分的当前活动目录驱动器,并创建一个文件夹,将文件作为 msinfo32.exe 系统名称保存到一个新文件夹中。
(不管叫什么名字)这是我一直在努力实现的一个长期目标,但我完全迷失了方向。
' Sample VBScript to Export list of Installed Programs into CSV File.
' ------------------------------------------------------
const HKEY_LOCAL_MACHINE = &H80000002
Dim strComputer, strKeyPath
strComputer = "."
' Registry key path of Control panel items for installed programs
strKeyPath = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"
Dim objReg, strSubkey, arrSubkeys
Set objReg=GetObject( _
"winmgmts:{impersonationLevel=impersonate}!\\" & _
strComputer & "\root\default:StdRegProv")
objReg.EnumKey HKEY_LOCAL_MACHINE, strKeyPath, arrSubkeys
Dim objFSO, objCSVFile
' Create CSV file
Const ForWriting = 2
Set objFSO = CreateObject("Scripting.FileSystemObject")
' Here, I have given CSV file path as "Installed-Softwares.csv", this will create Installed-Softwares.csv file
' where you placed and execute this VB Script file. You can give your own file path
' like "C:\Users\Administrator\Desktop\Installed-Softwares.csv"
Set objCSVFile = objFSO.CreateTextFile("F:\Custom\Installed-Softwares.csv", _
ForWriting, True)**
' Write Software property names as CSV columns(first line)
objCSVFile.Write "Name,Version,Publisher,Location,Size"
objCSVFile.Writeline ' New Line
Dim Name,Version,Publisher,Location,Size
'Enumerate registry keys.
For Each strSubkey In arrSubkeys
objReg.GetStringValue HKEY_LOCAL_MACHINE, strKeyPath & strSubkey, "DisplayName" , Name
If Name <> "" Then
objReg.GetStringValue HKEY_LOCAL_MACHINE, strKeyPath & strSubkey, "DisplayVersion", Version
objReg.GetStringValue HKEY_LOCAL_MACHINE, strKeyPath & strSubkey, "Publisher",Publisher
objReg.GetStringValue HKEY_LOCAL_MACHINE, strKeyPath & strSubkey, "InstallLocation", Location
objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath & strSubkey, "EstimatedSize" , Size
If Size <> "" Then
Size= Round(Size/1024, 3) & " MB"
Else
Size= "0 MB"
End If
objCSVFile.Write Name &","&Version&","&Publisher&","&Location&","&Size
objCSVFile.Writeline ' New Line
End If
Next
WScript.Quit
注释:例如,从(例如 C:\ 或当前主驱动器)程序文件和 x86 程序文件中拉取 -> 放入列表 -> 输出 Currentdrive:\newfolder\msinfo32systemname。
此外,它显示的是 0 MB 而不是实际的 MB,我注意到输出文件正在执行此操作。这与其他文件结合使用,我实际上并没有完全从头开始编写代码。
解决方案
Since you are tagging this as Powershell, here's a function you can use to find installed software on (remote) computer(s). It uses the registry, but looks for software in both SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
and SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall
.
# Get the current path this script is in
$ScriptPath = if ($PSScriptRoot) { $PSScriptRoot } else { Split-Path $script:MyInvocation.MyCommand.Path }
# Combine to make a valid path for the output file
$OutputPath = Join-Path -Path $ScriptPath -ChildPath 'InstalledSoftware'
if (!(Test-Path -Path $OutputPath -PathType Container)) {
New-Item -Path $OutputPath -ItemType Directory -Force | Out-Null
}
function Get-InstalledSoftware {
[CmdletBinding()]
param(
[Parameter(ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, Position = 0)]
[string[]]$ComputerName = $env:COMPUTERNAME,
[Parameter(Mandatory = $false)]
[string]$NamePattern = '*',
[switch]$ExcludeUpdates
)
begin {
$UninstallPaths = 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\',
'SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\'
}
process {
foreach ($computer in $ComputerName) {
$result = @()
if ([string]::IsNullOrEmpty($computer) -or $computer -eq '.') { $computer = $env:COMPUTERNAME }
$loggedOnUser = (Get-WmiObject -Class Win32_ComputerSystem -ComputerName $computer).UserName
$regBaseKey = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey([Microsoft.Win32.RegistryHive]::LocalMachine,$computer)
foreach ($regPath in $UninstallPaths) {
($regBaseKey.OpenSubKey($regPath)) | foreach {
$_.GetSubKeyNames() | ForEach-Object {
$regSubKey = $regBaseKey.OpenSubKey("$regPath$_")
$application = $regSubKey.GetValue('DisplayName')
$size = [int64]$regSubKey.GetValue('EstimatedSize')
if (($application) -and ($application -like $NamePattern)) {
if (!$ExcludeUpdates -or ($application -notlike "*update*")) {
$result += [PSCustomObject]@{
'Computer' = $computer
'Application' = $application
'Version' = $regSubKey.GetValue('DisplayVersion')
'InstallLocation' = $regSubKey.GetValue('InstallLocation')
'UninstallString' = $regSubKey.GetValue('UninstallString')
'Publisher' = $regSubKey.GetValue('Publisher')
'Size' = '{0:F2} MB' -f ($size / 1MB)
'LoggedOnUser' = $loggedOnUser
}
}
}
# close $regSubKey
if ($regSubKey) { $regSubKey.Close() }
}
}
}
# close $regBaseKey
if ($regBaseKey) { $regBaseKey.Close() }
# export the software list for this computer as CSV
$outputFile = Join-Path -Path $OutputPath -ChildPath "msinfo32$computer"
($result | Sort-Object -Property 'Application' -Unique) | Export-Csv -Path $outputFile -NoTypeInformation
# show on screen
Write-Verbose "Created '$outputFile'"
}
}
}
It creates a folder in the current script path called 'InstalledSoftware' where the csv file per computer is saved as 'msinfo32COMPUTERNAME.csv'
Call it like this for the local computer:
Get-InstalledSoftware -NamePattern * -ExcludeUpdates -Verbose
or feed it an array of computer names (you have admin permissions on) like this:
Get-InstalledSoftware -ComputerName machine1,machine2,machine3 -NamePattern * -ExcludeUpdates -Verbose
推荐阅读
- angular - 错误:[HPM] 上下文无效。期待类似:“/api”或[“/api”,“/ajax”]
- javascript - 如何动态结束加载动画
- jax-rs - /voterRestService 上已经有一个端点正在运行
- c - printw() 和 mvwprintw() 不打印
- reactjs - 如何在样式组件中使用联合选择器
- python - 如何使用 django 管理面板在特定地址上传文件?
- xml - 使用 xslt 1.0 添加当前日期和时间
- java - 带有 Spring 更高版本的 HashMaps 的 LinkedCaseInsensitive 映射转换问题
- typescript - 使用冒号和 as 声明类型的语法有什么区别?
- php - 使用 php 和 singleton 只运行一次该过程