1.我们需要在域控制器上新建一个隐藏的共享文件夹 shoujifile$,专门用于存放收集到的资料,如下图所示:
登录和注销脚本代码如下:
'收集域用户注销计算机信息
On Error Resume Next
strComputer = "."
Set lianjieobj = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = lianjieobj.ExecQuery("Select * from Win32_ComputerSystem")
For Each objItem in colItems
getcomputerstr = objItem.name
getcomputerdomainstr = objItem.Domain
getusernamestr = objItem.UserName
getmodelstr = objItem.Model & "(" & objItem.Manufacturer & ")"
next
Set colItems = nothing
Set ercolItems = lianjieobj.ExecQuery("Select * from Win32_OperatingSystem")
For Each erobjItem in ercolItems
getosnamestr = erobjItem.Caption
getoslastbootuptimestr = erobjItem.LastBootUpTime
next
Set ercolItems = nothing
Set lianjieobj = nothing
If getusernamestr <> "" Then
Else
Set SetobjNet = CreateObject("WScript.Network")
getusernamestr = SetobjNet.UserName
Set SetobjNet = nothing
End If
filenamestr = split(getusernamestr,"\")(ubound(split(getusernamestr,"\")))
getdatetimestr = replace(date(),"/","-") & " " & time()
'下面这一句是存放文件的路径,根据自已的情况大家可自行修改。
pathstr = "\\192.168.234.1\shoujifile$\" & filenamestr & ".csv"
Set ofso = CreateObject("Scripting.FileSystemObject")
If ofso.fileExists(pathstr) Then
Set Output = ofso.OpenTextFile(pathstr,8,True)
Output.WriteLine """"& getcomputerstr &""","""& getcomputerdomainstr &""","""& getusernamestr &""","""& getdatetimestr &""",""注销"","""& getmodelstr &""","""& getosnamestr &""","""& getoslastbootuptimestr &""""
Output.close()
Set Output = nothing
else
Set Output = ofso.CreateTextFile(pathstr, True)
Output.WriteLine """计算机名称"",""登录域"",""登录名称"",""时间"",""类型"",""计算机型号"",""操作系统名称"",""最近一次开机时间"""
Output.WriteLine """"& getcomputerstr &""","""& getcomputerdomainstr &""","""& getusernamestr &""","""& getdatetimestr &""",""登录"","""& getmodelstr &""","""& getosnamestr &""","""& getoslastbootuptimestr &""""
Output.close()
Set Output = nothing
end if
Set ofso = nothing'收集域用户登录计算机信息
On Error Resume Next
strComputer = "."
Set lianjieobj= GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems= lianjieobj.ExecQuery("Select * from Win32_ComputerSystem")
For Each objItem in colItems
getcomputerstr = objItem.name
getcomputerdomainstr = objItem.Domain
getusernamestr = objItem.UserName
getmodelstr = objItem.Model & "(" & objItem.Manufacturer & ")"
next
Set colItems= nothing
Set ercolItems= lianjieobj.ExecQuery("Select * from Win32_OperatingSystem")
For Each erobjItem in ercolItems
getosnamestr = erobjItem.Caption
getoslastbootuptimestr = erobjItem.LastBootUpTime
next
Set ercolItems= nothing
Set lianjieobj= nothing
If getusernamestr <> "" Then
Else
Set SetobjNet= CreateObject("WScript.Network")
getusernamestr = SetobjNet.UserName
Set SetobjNet= nothing
End If
filenamestr = split(getusernamestr,"\")(ubound(split(getusernamestr,"\")))
getdatetimestr = replace(date(),"/","-") & " " & time()
'下面这一句是存放文件的路径,根据自已的情况大家可自行修改。
pathstr = "\\192.168.234.1\shoujifile$\" & filenamestr & ".csv"
Set ofso= CreateObject("Scripting.FileSystemObject")
If ofso.fileExists(pathstr) Then
Set Output= ofso.OpenTextFile(pathstr,8,True)
Output.WriteLine """"& getcomputerstr &""","""& getcomputerdomainstr &""","""& getusernamestr &""","""& getdatetimestr &""",""登录"","""& getmodelstr &""","""& getosnamestr &""","""& getoslastbootuptimestr &""""
Output.close()
Set Output= nothing
else
Set Output= ofso.CreateTextFile(pathstr, True)
Output.WriteLine """计算机名称"",""登录域"",""登录名称"",""时间"",""类型"",""计算机型号"",""操作系统名称"",""最近一次开机时间"""
Output.WriteLine """"& getcomputerstr &""","""& getcomputerdomainstr &""","""& getusernamestr &""","""& getdatetimestr &""",""登录"","""& getmodelstr &""","""& getosnamestr &""","""& getoslastbootuptimestr &""""
Output.close()
Set Output= nothing
end if
Set ofso= nothing2.复制保存上面脚本.vbs后缀,再分别把存放路径IP修改为你域服务器的IP。
3.在域控制器上打开组策略管理工具或运行gpmc.msc,我们这里直接修改 Default Domain Policy 策略对所有域用户进行收集,当然你也可以对指定组织单元设置专门的略策。分别设置用户的登录/注销脚本文件,如下图所示:
配置完之后,在域控制器上用 gpupdae /force 命令刷新以下组策略.
域用户只要一登录或注销我们就会自动收集到他们的信息,打开 shoujifile$ 共享文件夹,看到里面对应用户的 csv 文件了。
