WMI jimycaosyset com http teacher allok com tw

WMI 實務應用範例 曹祖聖 台灣微軟資深講師 jimycao@syset. com http: //teacher. allok. com. tw MCP, MCP+I, MCSA, MCSE, MCDBA, MCAD, MCSD, MCT, MVP

解答 Set obj. Service = Get. Object("winmgmts: \Server. A") Do While True Set col. Settings = obj. Service. Exec. Query( _ "Select * from Win 32_Server. Connection") For Each obj in col. Settings WScript. Echo obj. Computer. Name & ", " & obj. User. Nam Next WScript. Sleep(10000) Loop 5/60

取得目前使用者的 LDAP 路徑 Set obj. ADSys. Info = Create. Object("ADSystem. Info") WScript. Echo "目前使用者 LDAP 路徑: " & _ obj. ADSys. Info. User. Name 9/60

取得目前使用者所屬的群組 Set obj. ADSys. Info = Create. Object("ADSystem. Info") str. User = obj. ADSys. Info. User. Name S = str. USer & vb. Cr. Lf & "屬於以下群組: " & vb. Cr. Lf Set obj. User = Get. Object("LDAP: //" & str. User) If Is. Array(obj. User. Member. Of) Then For Each group in obj. User. Member. Of Set obj. Group = Get. Object("LDAP: //" & group) S = S & obj. Group. CN & vb. Cr. Lf Next Else S = S & obj. User. Member. Of End If WScript. Echo S 10/60

取得目前使用者所屬的群組 Set obj. ADSys. Info = Create. Object("ADSystem. Info") str. User = obj. ADSys. Info. User. Name S = str. USer & vb. Cr. Lf & "屬於以下群組: " & vb. Cr. Lf Set obj. User = Get. Object("LDAP: //" & str. User) For Each group in obj. User. Groups S = S & group. CN & vb. Cr. Lf Next WScript. Echo S 11/60

取得組織單位下使用者的群組 Set obj. Users = Get. Object("LDAP: //OU=RD, DC=mcg, DC=com obj. Users. Filter = Array("User") For Each obj In obj. Users S = obj. Ads. Path & vb. Cr. Lf & "屬於以下群組: " & vb. Cr. Lf vb. Cr. L For Each group In obj. Groups S = S & group. CN & vb. Cr. Lf Next WScript. Echo S Next 12/60

取得某一群組的成員 Set obj = Get. Object( _ "LDAP: //CN=Rd. Managers, OU=RD, DC=mcg, DC=com" S = obj. Ads. Path & vb. Cr. Lf & "的成員: " & vb. Cr. Lf For Each mem In obj. Members S = S & mem. CN & vb. Cr. Lf Next WScript. Echo S 13/60

使用者是否為本機系統管理員 Set obj. Network = Create. Object("Wscript. Network") str. Computer = obj. Network. Computer. Name str. User = obj. Network. User. Name Set obj. Group = Get. Object( _ "Win. NT: //" & str. Computer & "/Administrators") For Each obj. User in obj. Group. Members If obj. User. Name = str. User Then Wscript. Echo str. User & " 是本機系統管理員。" End If Next 14/60

新增使用者到本機群組 str. Computer = "Server. C" str. Domain = "MCG" str. User = "user 1" Set obj. Group = Get. Object( _ "Win. NT: //" & str. Computer & "/Administrators") Set obj. User = Get. Object( _ "Win. NT: //" & str. Domain & "/" & str. User) obj. Group. Add(obj. User. ADs. Path) 15/60

變更使用者密碼 變更本機使用者的密碼 Set obj. User = Get. Object("Win. NT: //Server. C/user 1") obj. User. Set. Password("Pa$$word!") 變更網域使用者的密碼 Set obj. User = Get. Object( _ "LDAP: //CN=user 1, OU=RD, DC=mcg, DC=com") obj. User. Set. Password("Pa$$word!") 16/60

Active Directory 是個資料庫 ! Active Directory 本來就是個資料庫 所以 … 可以用 ADO 來存取它 ? ! 是的 ! 透過 Active Directory ADO Provider 名稱: ADs. DSOObject 連線字串: Active Directory Provider 19/60

建立 AD ADO Provider 連線 使用 Windows 整合驗證 Set obj. Connection = Create. Object("ADODB. Connection") obj. Connection. Provider = "ADs. DSOObject" obj. Connection. Open "Active Directory Provider" Set obj. Command = Create. Object("ADODB. Command") Set obj. Command. Active. Connection = obj. Connection 20/60

建立 AD ADO Provider 連線 使用指定使用者與密碼 Set obj. Connection = Create. Object("ADODB. Connection") obj. Connection. Provider = "ADs. DSOObject" obj. Connection. Properties("User ID") = "Administrator" obj. Connection. Properties("Password") = “Pa$$word!" obj. Connection. Properties("Encrypt Password") = TRUE obj. Connection. Properties("ADSI Flag") = 1 obj. Connection. Open "Active Directory Provider" Set obj. Command = Create. Object("ADODB. Command") Set obj. Command. Active. Connection = obj. Connection 21/60

建立 AD ADO Provider 連線 連線屬性 (Properties) 屬性 說明 User ID 使用者帳號，可以是 user 1、MCGuser 1、 user 1@mcg. com Passwor 密碼 d Encrypt 是否要加密密碼 Passwor d ADSI Flag 22/60 ADS_SECURE_AUTHENTICATION (1). 要求安全驗證 ADS_USE_ENCRYPTION (2). 要求 ADSI 加密傳輸的 資料 ADS_USE_SIGNING (40). 檢查資料完整性 (也要設 1) ADS_USE_SEALING (80). 使用 Kerberos 加密資料 (

Searchscope 屬性 AD 是樹狀結構的資料庫 必須設定搜尋的範圍 使用 Searchscope 屬性: Const ADS_SCOPE_BASE = 0 Const ADS_SCOPE_ONELEVEL = 1 Const ADS_SCOPE_SUBTREE = 2 obj. Command. Properties(“Searchscope") = _ ADS_SCOPE_BASE 24/60

ADS_SCOPE_BASE = 0 25/60

ADS_SCOPE_ONELEVEL = 1 26/60

ADS_SCOPE_SUBTREE = 2 27/60

Sort On 屬性 設定排序方式 obj. Command. Properties("Sort On") = "SN" 不能做一層以上的排序 28/60

查詢語法 設定 Command 物件的 Command. Text 屬 性 類似存取資料庫的 SQL 語法 obj. Command. Text = _ "SELECT Name FROM 'LDAP: //DC=mcg, DC=com' " & "WHERE object. Category='user'" 注意大小寫，而且不能用 SELECT * FROM … 但是，別想太多 … 29/60 你不能用 INSERT, UPDATE, DELETE 語法 !

查詢語法 (範例) obj. Command. Text = _ "SELECT CN, Department, Title FROM " & _ "'LDAP: //DC=mcg, DC=com' " & _ "WHERE object. Category='user'" obj. Command. Text = _ "SELECT CN, Department, Title FROM " & _ "'LDAP: //dc=fabrikam, dc=com' " & _ "WHERE object. Category='user' " & _ "OR object. Category='computer'" 30/60

列出網域所有使用者 obj. Command. Text = _ "SELECT Name FROM 'LDAP: //DC=mcg, DC=com' " & "WHERE object. Category='user'" Set RS = obj. Command. Execute Do While Not RS. EOF S = S & RS("Name") & vb. Cr. Lf RS. Move. Next Loop WScript. Echo S 32/60

使用者帳戶所屬的組織單位 obj. Command. Text = _ "SELECT distinguished. Name FROM 'LDAP: //DC=mcg, DC=com' "WHERE object. Category='user' " & _ "AND s. AMAccount. Name='user 1'" Set RS = obj. Command. Execute Do Until RS. EOF str. DN = RS("distinguished. Name") arr. Path = Split(str. DN, ", ") int. Length = Len(arr. Path(1)) int. Name. Length = int. Length - 3 Wscript. Echo Right(arr. Path(1), int. Name. Length) RS. Move. Next Loop 33/60 ' RS("distinguished. Name"). Value --> CN=user 1, OU=RD, DC=mcg, DC=co ' arr. Path(1) --> OU=RD

組織單位內使用者帳戶的數目 Const ADS_SCOPE_ONELEVEL = 1 obj. Command. Properties("Searchscope") = ADS_SCOPE_ONELEVEL obj. Command. Text = _ "SELECT Name FROM 'LDAP: //OU=RD, DC=mcg, DC=com' " & _ "WHERE object. Category='user'" Set RS = obj. Command. Execute Wscript. Echo "使用者帳戶數目 = " & RS. Record. Count 34/60

列出所有服務的啟動帳號 Set obj. Service = Get. Object("winmgmts: ") Set obj. Col = obj. Service. Exec. Query("SELECT * FROM Win 32_Service") For Each obj In obj. Col S = S & obj. Display. Name & " ( " & obj. Start. Name & " )" & vb. Cr. L Next WScript. Echo S 37/60

列出某一帳號啟動的服務 User. Name = ". \Sql. Admin" ' WQL 語法中 符號要用 \ 代替 Set obj. Service = Get. Object("winmgmts: ") Set obj. Col = obj. Service. Exec. Query( _ "SELECT * FROM Win 32_Service WHERE " & _ Start. Name='" & User. Name & "'") S = "以下都是用 " & User. Name & " 帳戶啟動的服務: " & vb. Cr. Lf For Each obj In obj. Col S = S & obj. Display. Name & vb. Cr. Lf Next WScript. Echo S 38/60

修改某帳號啟動服務的密碼 Old. User. Name = ". \Sql. Admin" ' WQL 語法中 符號要用 \ 代替 New. User. Name = ". jimycao" New. Password = "Pa$$word!" Set obj. Service = Get. Object("winmgmts: ") Set obj. Col = obj. Service. Exec. Query( _ "SELECT * FROM Win 32_Service WHERE " & _ Start. Name='" & Old. User. Name & "'") 39/60 For Each obj In obj. Col If New. User. Name = "" Then obj. Change , , , , New. Password Else obj. Change , , , New. User. Name, New. Password End If S = S & obj. Display. Name & vb. Cr. Lf Next

修改電腦名稱 New. Computer. Name = "T 40" Set obj. Service = Get. Object("winmgmts: {(shutdown)}") Set obj. Cols = obj. Service. Instances. Of("Win 32_Computer. Sy For Each obj In obj. Cols obj. Rename New. Computer. Name Next Set obj. Cols = obj. Service. Instances. Of("Win 32_Operating. Sy For Each obj In obj. Cols obj. Reboot() Next 42/60

加入網域 New. Domain. Name = "mcg. com" User. Name = "Administrator" Password = "Pa$$word!" OU = "OU=Sales, DC=mcg, DC=com" Set obj. Service = Get. Object("winmgmts: {(shutdown)}") Set obj. Cols = obj. Service. Instances. Of("Win 32_Computer. System") For Each obj In obj. Cols obj. Join. Domain. Or. Workgroup New. Domain. Name, _ Password, User. Name, OU, 1 + 2 + 16 Next WScript. Echo "電腦已經加入 " & New. Domain. Name & " 網域。" 43/60

脫離網域 User. Name = "MCGAdministrator" Password = "Pa$$word!" Set obj. Service = Get. Object("winmgmts: {(shutdown)}") Set obj. Cols = obj. Service. Instances. Of("Win 32_Computer. System") For Each obj In obj. Cols obj. Unjoin. Domain. Or. Workgroup Password, User. Name, 4 Next WScript. Echo "電腦已經脫離網域，並加入與網域同名的 作群組。" 45/60

加入 作群組 New. Work. Group. Name = "WORKGROUP" Set obj. Service = Get. Object("winmgmts: {(shutdown)}") Set obj. Cols = obj. Service. Instances. Of("Win 32_Computer. System") For Each obj In obj. Cols obj. Join. Domain. Or. Workgroup New. Work. Group. Name, _ "Pa$$word!", "MCGAdministrator" Next WScript. Echo "電腦已經加入 作群組: " & New. Work. Group. Name 46/60

強迫登出使用者 Set obj. WMIService = Get. Object("winmgmts: \Server. C") Set obj. Col = obj. WMIService. Exec. Query _ ("Select * from Win 32_Operating. System") For Each obj In obj. Col obj. Win 32 Shutdown 0 Next 47/60 ' 0 表示登出

強迫鎖定電腦 Set obj. Shell = Create. Object("Wscript. Shell") obj. Shell. Run "%windir%System 32rundll 32. exe " & _ "user 32. dll, Lock. Work. Station" Const Overwrite. Existing = TRUE Set obj. Shell = Create. Object("Wscript. Shell") obj. Shell. Run "cmd. exe /c copy c: lock. vbs \Server. CC$scr Set obj. Service = Get. Object("winmgmts: \Server. C") Set obj = obj. Service. Get("Win 32_Process") obj. Create "cscript c: scriptslock. vbs", null, int. Proces 48/60

測試網路連線 (Ping) str. Computer = "192. 168. 99. 1" Set obj. WMIService = Get. Object("winmgmts: ") Set col. Items = obj. WMIService. Exec. Query( _ "Select * from Win 32_Ping. Status " & _ "Where Address='" & str. Computer & "'") For Each obj in col. Items If obj. Status. Code = 0 Then WScript. Echo "成功 !" Else WScript. Echo "失敗 !" End If Next 51/60

依照規則變更檔名 ' 將 C: Photos 資料夾中的 SANY 4958. JPG 更名為 Boston_4958. JPG Set obj. Service = Get. Object("winmgmts: ") Set col. Files = obj. Service. Exec. Query( _ "ASSOCIATORS OF {Win 32_Directory. Name='C: Photos'} " & _ "WHERE Result. Class=CIM_Data. File") For Each obj. File In col. Files str. End = Right(obj. File. Name, 8) ' 取得最後 8 個字 str. New. Name = obj. File. Drive & obj. File. Path & "Boston_" & str. End obj. File. Rename str. New. Name Next 52/60

列出電腦中最大的 10 個檔案 ' 以下指令碼需要安裝 Log. Parser ' http: //www. microsoft. com/technet/scriptcenter/tools/logparser/default Set obj. Log. Parser = Create. Object("MSUtil. Log. Query") Set obj. Input. Format = Create. Object("MSUtil. Log. Query. File. System. Input. F Create. Object("MSUtil. Log. Query. File. System. Input obj. Input. Format. Recurse = -1 ' 遞迴呼叫 Set obj. Output. Format = Create. Object("MSUtil. Log. Query. Native. Output. Fo Create. Object("MSUtil. Log. Query. Native. Output. F obj. Output. Format. rtp = -1 ' 不要每列出一筆資料就暫停 str. Query = "SELECT TOP 10 Path, Size FROM 'C: *. *, D: *. *' " & _ "ORDER BY Size DESC" obj. Log. Parser. Execute. Batch str. Query, obj. Input. Format, obj. Output. Form 53/60

參考資訊 #1 聖哥的資訊站 http: //teacher. allok. com. tw Tech. Net Script Center http: //www. microsoft. com/technet /scriptcenter/default. mspx CDO 範例 http: //www. microsoft. com/technet/prodtec hnol /exchange/2000/maintain/ex 2 kwsh. m spx 56/60 Windows Server 2003 命令列 具

參考資訊 #2 WMI Providers http: //msdn. microsoft. com/library/default. a sp? url=/library/en-us/wmisdk/wmi /operating_system_availability_of_wmi_co mponents. asp Scriptomatic Tool http: //www. microsoft. com/technet/commu nity/scriptcenter/tools/wmimatic. mspx 本場次投影片與範例程式碼 http: //teacher. allok. com. tw 57/60

認證考試 85 折網站 http: //www. pearsonvue. com/ms http: //www. prometric. com/microsoft 85 折認證考證卷代碼 ITPTAW 有效期限： 2006/9/30 59/60