REG_DWORD count=0
HKLM\software\Microsoft\Office\
REG_EXPAND_SZ ForcePSTPath=
2013年5月27日 星期一
MS office default configuration
HKLM\software\Microsoft\Office\\User Settings\
REG_DWORD count=0
HKLM\software\Microsoft\Office\\User Settings\\\software\Microsoft\Office\\outlook\
REG_EXPAND_SZ ForcePSTPath=
REG_DWORD count=0
HKLM\software\Microsoft\Office\
REG_EXPAND_SZ ForcePSTPath=
2013年5月26日 星期日
wmi study
http://blogs.technet.com/b/heyscriptingguy/archive/2007/07/25/how-can-i-create-a-new-wmi-namespace-under-the-root-namespace.aspx?Redirected=true
http://blogs.technet.com/b/smsandmom/archive/2007/08/30/how-to-extend-your-hardware-inventory-using-the-sms-def-mof-file.aspx
http://blogs.msdn.com/b/rslaten/archive/2007/03/23/adding-custom-data-to-wmi-as-a-low-rights-user-and-having-sms-collect-that-data.aspx
wmi custom namespace/class creation/deletion via script/mof
http://blogs.technet.com/b/smsandmom/archive/2007/08/30/how-to-extend-your-hardware-inventory-using-the-sms-def-mof-file.aspx
http://blogs.msdn.com/b/rslaten/archive/2007/03/23/adding-custom-data-to-wmi-as-a-low-rights-user-and-having-sms-collect-that-data.aspx
wmi custom namespace/class creation/deletion via script/mof
2013年5月23日 星期四
wmi associator
1:使用WMI object browser點選要開啟的class
2:點選association tab,找出連結兩個class的associator
3:連結成功後即可query對應物件屬性
strComputer = "."
maxlen=0
Set objWMIService = GetObject("winmgmts:" & "!\\" & strComputer & "\root\cimv2")
Set colAdaptersConf = objWMIService.ExecQuery("Select * from Win32_NetworkAdapterConfiguration Where IPEnabled = True")
For Each objAdapterConf In colAdaptersConf
set ASSOobjItem = objAdapterConf.Associators_("win32_networkAdapterSetting")
For each objASSOobjItem in ASSOobjItem
Wscript.Echo objASSOobjItem.NetConnectionID & " : " & objAdapterConf.IPAddress(0)
Next
Next
2:點選association tab,找出連結兩個class的associator
3:連結成功後即可query對應物件屬性
strComputer = "."
maxlen=0
Set objWMIService = GetObject("winmgmts:" & "!\\" & strComputer & "\root\cimv2")
Set colAdaptersConf = objWMIService.ExecQuery("Select * from Win32_NetworkAdapterConfiguration Where IPEnabled = True")
For Each objAdapterConf In colAdaptersConf
set ASSOobjItem = objAdapterConf.Associators_("win32_networkAdapterSetting")
For each objASSOobjItem in ASSOobjItem
Wscript.Echo objASSOobjItem.NetConnectionID & " : " & objAdapterConf.IPAddress(0)
Next
Next
wmi event registration management
wmi registered event removal
host="."
WQL="select * from __eventfilter where Name like '%NTC%'"
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\subscription")
Set colItems = objWMIService.ExecQuery(WQL)
For Each objItem in colItems
set ASSOobjItem = objItem.Associators_("__FilterToConsumerBinding")
For each objASSOobjItem in ASSOobjItem
objASSOobjItem.Delete_
Next
Wscript.Echo objItem.Delete_
Next
Event Registration
#PRAGMA AUTORECOVER
#pragma namespace("\\\\.\\root\\subscription")
instance of ActiveScriptEventConsumer as $Consumer
{
Name = "NTC20130523001 Process Monitor";
ScriptingEngine = "VBScript";
ScriptFileName = "D:\\Q.vbs";
};
instance of __EventFilter as $EventFilter
{
EventNamespace = "Root\\Cimv2";
Name = "NTC20130523001 Process Monitor";
Query = "Select * From __InstanceCreationEvent Within 2"
"Where TargetInstance Isa \"Win32_Process\" "
"And Targetinstance.Name = \"calc.exe\" ";
QueryLanguage = "WQL";
};
instance of __FilterToConsumerBinding
{
Consumer = $Consumer;
Filter = $EventFilter;
};
%windir%\system32\wbem\mofcomp.exe customize.mof
manaully do wmi event registration
1: create filter
2: create consumer
3: right click on the created filter/consumer from the right pane and pick desired object to register
REF:http://www.codeproject.com/Articles/28226/Creating-WMI-Permanent-Event-Subscriptions-Using-M
REF:http://support.microsoft.com/kb/2545227
host="."
WQL="select * from __eventfilter where Name like '%NTC%'"
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\subscription")
Set colItems = objWMIService.ExecQuery(WQL)
For Each objItem in colItems
set ASSOobjItem = objItem.Associators_("__FilterToConsumerBinding")
For each objASSOobjItem in ASSOobjItem
objASSOobjItem.Delete_
Next
Wscript.Echo objItem.Delete_
Next
Event Registration
#PRAGMA AUTORECOVER
#pragma namespace("\\\\.\\root\\subscription")
instance of ActiveScriptEventConsumer as $Consumer
{
Name = "NTC20130523001 Process Monitor";
ScriptingEngine = "VBScript";
ScriptFileName = "D:\\Q.vbs";
};
instance of __EventFilter as $EventFilter
{
EventNamespace = "Root\\Cimv2";
Name = "NTC20130523001 Process Monitor";
Query = "Select * From __InstanceCreationEvent Within 2"
"Where TargetInstance Isa \"Win32_Process\" "
"And Targetinstance.Name = \"calc.exe\" ";
QueryLanguage = "WQL";
};
instance of __FilterToConsumerBinding
{
Consumer = $Consumer;
Filter = $EventFilter;
};
%windir%\system32\wbem\mofcomp.exe customize.mof
manaully do wmi event registration
1: create filter
2: create consumer
3: right click on the created filter/consumer from the right pane and pick desired object to register
REF:http://www.codeproject.com/Articles/28226/Creating-WMI-Permanent-Event-Subscriptions-Using-M
REF:http://support.microsoft.com/kb/2545227
訂閱:
文章 (Atom)