我该如何修复 thix 批处理脚本
How can i fix thix batch script
你好,我的脚本有问题,我想从这个脚本中得到以下内容。首先,我想创建一个文件夹,其中包含特定于我的计算机的月份,并在该文件夹中保存事件日志,但即使脚本 运行 具有管理员权限,也只保存没有安全性的应用程序事件和系统事件,什么也没有发生.下面是我的脚本
@echo off
rem Script starts here
rem Timestamp Generator
for /f "delims=" %%a in ('wmic OS Get localdatetime ^| find "."') do set "dt=%%a"
:: Format the WMIC command output in YY_MM_DD_hr_mn format
set "YY=%dt:~0,4%"
set "MM=%dt:~4,2%"
set "DD=%dt:~6,2%"
set "hr=%dt:~8,2%"
set "mn=%dt:~10,2%"
:: Format the MM (month-number) to display the month-name
if %MM%==01 set MM=Ianuarie
if %MM%==02 set MM=Februarie
if %MM%==03 set MM=Martie
if %MM%==04 set MM=Aprilie
if %MM%==05 set MM=Mai
if %MM%==06 set MM=Iunie
if %MM%==07 set MM=Iulie
if %MM%==08 set MM=August
if %MM%==09 set MM=Septembrie
if %MM%==10 set MM=Octombrie
if %MM%==11 set MM=Noiembrie
if %MM%==12 set MM=Decembrie
set "today_date_time=%MM%_%YY%"
echo %today_date_time%
mkdir .\%today_date_time%
rem Set the timestamp format
wevtutil epl System %MM%_%YY%\system.evtx
wevtutil epl Application %MM%_%YY%\application.evtx
wevtutil epl Security %MM%_%YY%\security.evtx
wmic nteventlog where filename='system' cleareventlog
wmic nteventlog where filename='application' cleareventlog
wmic nteventlog where filename='security' cleareventlog
rem End of Script
根据您的评论请求,这是一个没有所有 WMIC.exe 内容的重写示例:
@Rem Start of script.
@Echo Off
SetLocal EnableExtensions
Rem End script if end user is not running with the required permissions.
%SystemRoot%\System32\reg.exe Query "HKU\S-1-5-19" 1>NUL 2>&1 || GoTo :EOF
Rem Add the current directory to the stack and make this scripts location the current directory.
PushD "%~dp0."
Rem Generate a datestamp variable with a string formatted as yy_MMMM.
Set "DateStamp="
For /F %%G In ('%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile "Get-Date -F 'yy_MMMM'" 2^>NUL') Do Set "DateStamp=%%G"
Rem End script if datestamp variable was not defined.
If Not Defined DateStamp GoTo :EOF
Rem Backup and clear event logs.
If Not Exist "%DateStamp%\" MD "%DateStamp%"
For %%G In (Application Security System) Do %SystemRoot%\System32\wevtutil.exe cl %%G /bu:"%DateStamp%\%%G.evtx"
Rem Make the previous directory in the stack the current directory.
PopD
Rem End of Script.
如果最终用户没有 运行 管理员身份,脚本将直接关闭。此外,备份文件将保存到与 运行 批处理文件相同的位置。
你好,我的脚本有问题,我想从这个脚本中得到以下内容。首先,我想创建一个文件夹,其中包含特定于我的计算机的月份,并在该文件夹中保存事件日志,但即使脚本 运行 具有管理员权限,也只保存没有安全性的应用程序事件和系统事件,什么也没有发生.下面是我的脚本
@echo off
rem Script starts here
rem Timestamp Generator
for /f "delims=" %%a in ('wmic OS Get localdatetime ^| find "."') do set "dt=%%a"
:: Format the WMIC command output in YY_MM_DD_hr_mn format
set "YY=%dt:~0,4%"
set "MM=%dt:~4,2%"
set "DD=%dt:~6,2%"
set "hr=%dt:~8,2%"
set "mn=%dt:~10,2%"
:: Format the MM (month-number) to display the month-name
if %MM%==01 set MM=Ianuarie
if %MM%==02 set MM=Februarie
if %MM%==03 set MM=Martie
if %MM%==04 set MM=Aprilie
if %MM%==05 set MM=Mai
if %MM%==06 set MM=Iunie
if %MM%==07 set MM=Iulie
if %MM%==08 set MM=August
if %MM%==09 set MM=Septembrie
if %MM%==10 set MM=Octombrie
if %MM%==11 set MM=Noiembrie
if %MM%==12 set MM=Decembrie
set "today_date_time=%MM%_%YY%"
echo %today_date_time%
mkdir .\%today_date_time%
rem Set the timestamp format
wevtutil epl System %MM%_%YY%\system.evtx
wevtutil epl Application %MM%_%YY%\application.evtx
wevtutil epl Security %MM%_%YY%\security.evtx
wmic nteventlog where filename='system' cleareventlog
wmic nteventlog where filename='application' cleareventlog
wmic nteventlog where filename='security' cleareventlog
rem End of Script
根据您的评论请求,这是一个没有所有 WMIC.exe 内容的重写示例:
@Rem Start of script.
@Echo Off
SetLocal EnableExtensions
Rem End script if end user is not running with the required permissions.
%SystemRoot%\System32\reg.exe Query "HKU\S-1-5-19" 1>NUL 2>&1 || GoTo :EOF
Rem Add the current directory to the stack and make this scripts location the current directory.
PushD "%~dp0."
Rem Generate a datestamp variable with a string formatted as yy_MMMM.
Set "DateStamp="
For /F %%G In ('%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile "Get-Date -F 'yy_MMMM'" 2^>NUL') Do Set "DateStamp=%%G"
Rem End script if datestamp variable was not defined.
If Not Defined DateStamp GoTo :EOF
Rem Backup and clear event logs.
If Not Exist "%DateStamp%\" MD "%DateStamp%"
For %%G In (Application Security System) Do %SystemRoot%\System32\wevtutil.exe cl %%G /bu:"%DateStamp%\%%G.evtx"
Rem Make the previous directory in the stack the current directory.
PopD
Rem End of Script.
如果最终用户没有 运行 管理员身份,脚本将直接关闭。此外,备份文件将保存到与 运行 批处理文件相同的位置。