更改服务帐户密码
2 P% ]! s: A6 m7 q/ B4 Q# l0 z/ e5 ?1 u ]6 J
描述
; X: v! Q1 m4 s8 Q T4 P2 _更改在假定的服务帐户 Netsvc 下运行的任何服务的服务帐户密码。
3 r' P' S; ~' ]
脚本代码
. K7 U N8 n+ Y9 }+ {- B- |* k; LstrComputer = "."Set objWMIService = GetObject("winmgmts:" _& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")Set colServiceList = objWMIService.ExecQuery _("Select * from Win32_Service")For Each objservice in colServiceListIf objService.Startname = ".\netsvc" ThenerrReturn = objService.Change( , , , , , , , "password") End If Next配置服务错误控制代码
) T" j6 ?% {' |. Q描述. I, S/ J# l. T# F
将所有的自动启动服务配置为在服务启动失败时发出警报。
0 F- @+ o& B4 |7 C
脚本代码
' o) P6 f3 P* \- V' aConst NORMAL_ERROR_CONTROL = 2strComputer = "."Set objWMIService = GetObject("winmgmts:" _& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")Set colServiceList = objWMIService.ExecQuery _("Select * from Win32_Service where ErrorControl = 'Ignore'")For Each objService in colServiceListerrReturn = objService.Change( , , , NORMAL_ERROR_CONTROL) Next配置服务启动选项
d. `/ L3 D2 q9 z4 Y5 l; C描述# b L- s ?; l! G! i I) g' f
禁用所有配置为手动启动的服务。除了别的之外,这会使得 Power User 不能启动这些服务。
2 W( f/ w5 L5 s. f
脚本代码
% D Q7 J+ d6 \: g- H7 gstrComputer = "."Set objWMIService = GetObject("winmgmts:" _& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")Set colServiceList = objWMIService.ExecQuery _("Select * from Win32_Service where StartMode = 'Manual'")For Each objService in colServiceListerrReturnCode = objService.Change( , , , , "Disabled") Next确定在某个进程中运行的服务
. I8 W( Y3 c, R
描述
$ L; q; |. l! |" I7 y返回在 Services.exe 进程中运行的服务的列表。
4 _4 b+ D: u$ c4 T
脚本代码8 B& e/ {+ @( p$ W5 I; @
strComputer = "."Set objWMIService = GetObject("winmgmts:" _& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")Set colListOfServices = objWMIService.ExecQuery _("Select * from Win32_Service")For Each objService in colListOfServicesIf objService.PathName = "C:\WINDOWS\system32\services.exe" ThenWscript.Echo objService.DisplayNameEnd IfNext确定在所有进程中运行的服务
8 }9 I% E5 p! i) e L8 f: r
描述
: v) f. F j7 t+ e3 n- N! y9 w返回进程列表以及当前在每个进程中运行的所有服务。
! a! l/ D e# ~/ k3 P6 ~
脚本代码
; y! ^+ w \' _% |% U, A% Sset objIdDictionary = CreateObject("Scripting.Dictionary")strComputer = "."Set objWMIService = GetObject("winmgmts:" _& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")Set colServices = objWMIService.ExecQuery _("Select * from Win32_Service Where State <> 'Stopped'")For Each objService in colServicesIf objIdDictionary.Exists(objService.ProcessID) ThenElseobjIdDictionary.Add objService.ProcessID, objService.ProcessIDEnd IfNextcolProcessIDs = objIdDictionary.ItemsFor i = 0 to objIdDictionary.Count - 1Set colServices = objWMIService.ExecQuery _("Select * from Win32_Service Where ProcessID = '" & _colProcessIDs(i) & "'")Wscript.Echo "Process ID: " & colProcessIDs(i)For Each objService in colServicesWscript.Echo VbTab & objService.DisplayName NextNext确定可以暂停的服务
3 ^1 p$ c8 E5 {2 N; a# c) _2 n描述+ _6 E5 w* F" f/ ^1 n2 P* A2 J+ K
返回可以暂停的服务的列表。
/ b$ R& A5 }* ]$ \) a脚本代码5 K3 A) Y2 c" p" W5 W: h5 ~; c
strComputer = "."Set objWMIService = GetObject("winmgmts:" _& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")Set colServices = objWMIService.ExecQuery _("Select * from Win32_Service Where AcceptPause = True")For Each objService in colServicesWscript.Echo objService.DisplayName Next确定可以停止的服务
& { o& ^. \, S+ P
描述
. \; m0 j+ o! _: {1 E返回可以停止的服务的列表。
1 ~( _3 u% _) _1 l/ \" U, ~脚本代码. C0 }7 x9 v- ^1 i
strComputer = "."Set objWMIService = GetObject("winmgmts:" _& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")Set colServices = objWMIService.ExecQuery _("Select * from Win32_Service Where AcceptStop = True")For Each objService in colServicesWscript.Echo objService.DisplayName Next枚举单个服务的前项服务
. q% m1 t- k- g$ T$ _描述+ L7 x% y, E2 ]1 d; S0 E3 R( e: v p
枚举必须在启动 SMTP 服务之前运行的所有服务。
/ [# {. T1 N* b1 ?7 h7 g1 Y
脚本代码
6 N5 h5 n; y5 V( ?" ]strComputer = "."Set objWMIService = GetObject("winmgmts:" _& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")Set colServiceList = objWMIService.ExecQuery("Associators of " _ & "{Win32_service.Name='SMTPSVC'} Where " _& "AssocClass=Win32_DependentService " & "Role=Dependent") For Each objService in colServiceListWscript.Echo objService.DisplayName Next枚举单个服务的依赖服务
% s* ]6 R6 m8 A! _. {6 x6 v! u
描述
2 P3 U& Z* Z p# F% s+ m3 F枚举不能在启动 Rasman 服务之前启动的所有服务。
( [8 c4 t, e2 E8 T" t i' `脚本代码' x$ q7 n, S& \) d! a# j
strComputer = "."Set objWMIService = GetObject("winmgmts:" _& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")Set colServiceList = objWMIService.ExecQuery("Associators of " _& "{Win32_Service.Name='rasman'} Where " _& "AssocClass=Win32_DependentService " & "Role=Antecedent" )For Each objService in colServiceListWscript.Echo objService.DisplayName Next枚举所有服务的依赖服务
2 c. ?4 _ D6 g* u6 Q9 W; Q3 t A描述
8 c& Q8 r; K* b# h8 c枚举所有安装在
计算机上的服务的依赖服务。
1 i9 k: g7 H' ~
脚本代码
" w% c6 E3 g8 h/ E, KConst ForAppending = 8Set objFSO = CreateObject("Scripting.FileSystemObject")Set objLogFile = _objFSO.OpenTextFile("C:\Scripts\Service_Dependencies.csv", _ForAppending, True)objLogFile.Write("Service Dependencies") objLogFile.WriteLinestrComputer = "."Set objWMIService = GetObject("winmgmts:" & _"{impersonationLevel=Impersonate}!\\" & strComputer & "\root\cimv2")Set colServices = objWMIService.ExecQuery("Select * from Win32_Service")For Each objService in colServicesstrServiceRegistryName = objService.NamestrServiceDisplayName = objService.DisplayNameSet colDependentServices = objWMIService.ExecQuery("Associators of " & _"{Win32_Service.Name='" & strServiceRegistryName & "'} " & _"Where AssocClass=Win32_DependentService Role=Antecedent")If colDependentServices.Count = 0 ThenobjLogFile.Write(strServiceDisplayName & ",None")objLogFile.WriteLineElseobjLogFile.Write(strServiceDisplayName & ",")For Each objDependentService in colDependentServicesobjLogFile.Write(objDependentService.DisplayName & ",")NextobjLogFile.WriteLineEnd IfNextobjLogFile.Close枚举非活动服务
, \1 e, e: V6 [/ Z1 d& S' P
描述/ H: I2 H9 q& S+ g2 ^; s J
返回安装在计算机上目前已经停止的所有服务的列表。
' j, ^" H4 D3 h+ M# S4 i脚本代码
g9 n z( R8 EstrComputer = "."Set objWMIService = GetObject("winmgmts:" & _"{impersonationLevel=Impersonate}!\\" & strComputer & "\root\cimv2")Set colStoppedServices = objWMIService.ExecQuery _("SELECT DisplayName,State FROM Win32_Service WHERE State <> 'Running'")For Each objService in colStoppedServicesWscript.Echo objService.DisplayName & " = " & objService.StateNext枚举服务加载顺序组
5 h* Y r" Z" L; ~
描述) @- p# ~. c8 j& \9 r) e5 T$ \
返回计算机上的所有服务加载顺序组的列表以及它们的加载顺序。
4 U. ^* \* J; N7 b: G
有关在这段代码中使用的 Win32_LoadOrderGroup 类别的更多信息,请单击
此处。
$ k; T% }0 F2 J9 d; S
支持平台
6 D- B' \- |5 l% m8 Q0 W0 l# C6 ZWindows Server 2003
7 O- z" ?$ p. W a1 j | 是
$ \. E/ l, A- Q/ o |
Windows XP
* @- C0 e0 {) r( I+ O7 \( J/ v | 是
b3 o! p4 k# a0 g9 C* z |
Windows 2000
9 `3 r+ c6 N' t | 是! A% q! G0 E! F, n: l/ N; U1 z
|
Windows NT 4.0
0 `$ z" e. d9 Y2 ^8 |& t | 是,需要安装 WMI
0 B! E$ T1 G; D" C) [ |
6 w2 t- ^; r. p3 x( O
脚本代码: R" U: s/ g1 p5 L2 U
On Error Resume NextstrComputer = "."Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")Set colItems = objWMIService.ExecQuery("Select * from Win32_LoadOrderGroup")For Each objItem in colItems Wscript.Echo "Driver Enabled: " & objItem.DriverEnabled Wscript.Echo "Group Order: " & objItem.GroupOrder Wscript.Echo "Name: " & objItem.Name Wscript.EchoNext监视服务性能
/ }# I6 W' D# I4 O7 K U+ F0 k
描述6 b& `0 R {9 X/ G; q3 u/ W; R* \
使用已格式化的性能计数器检索 DHCP Server 服务的性能数据。需要 Windows XP 或 Windows Server 2003。
9 F% ^4 O. i3 z6 N1 |/ V3 c脚本代码: E( E. a: h4 ^- c% c6 ?- j& {
strComputer = "."Set objWMIService = GetObject("winmgmts:" _& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")set objRefresher = CreateObject("WbemScripting.SWbemRefresher")Set colDHCPServer = objRefresher.AddEnum _(objWMIService, "win32_PerfFormattedData_DHCPServer_DHCPServer"). _ObjectSetobjRefresher.RefreshFor i = 1 to 60For Each objDHCPServer in colDHCPServerWscript.Echo "Acknowledgements per second: " & _objDHCPServer.AcksPerSecWscript.Echo "Declines per second: " & _objDHCPServer.DeclinesPerSecWscript.Echo "Discovers per second: " & _objDHCPServer.DiscoversPerSecWscript.Echo "Informs per second: " & objDHCPServer.InformsPerSecWscript.Echo "Offers per second: " & objDHCPServer.OffersPerSecWscript.Echo "Releases per second: " & _objDHCPServer.ReleasesPerSecWscript.Echo "Requests per second: " & _objDHCPServer.RequestsPerSecNextWscript.Sleep 10000objRefresher.RefreshNext暂停在某个特定帐户下运行的服务
4 n. b1 M( ?* L" d' H4 O描述
/ l2 `( U. R) g* ?暂停在假定的服务帐户 Netsvc 下运行的所有服务。
' @3 ]# }3 M2 W L+ R: \/ g
脚本代码
, i7 `# Y( w8 A2 A5 _- zstrComputer = "."Set objWMIService = GetObject("winmgmts:" _& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")Set colServices = objWMIService.ExecQuery _("Select * from Win32_Service")For each objService in colServices If objService.StartName = ".\netsvc" ThenerrReturnCode = objService.PauseService()End IfNext删除服务
4 k4 v: O6 |' ]8 T' a- j. Y描述; V# Z1 a" [1 a0 J
删除名为 DbService 的假定服务。
& N7 ` n8 s8 H, E! y- b. P4 v1 R
脚本代码. Q6 P$ C Z) m& G
strComputer = "."Set objWMIService = GetObject("winmgmts:" _& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")Set colListOfServices = objWMIService.ExecQuery _("Select * from Win32_Service Where Name = 'DbService'")For Each objService in colListOfServicesobjService.StopService()objService.Delete()Next恢复暂停的自动启动服务
& }1 {7 ]4 J o
描述7 I5 k6 c: u' g! w
重新启动已经暂停的任何自动启动服务。
' c9 i9 S$ i$ m1 b+ S7 q/ H
脚本代码
; j6 ?8 d1 }/ X. S/ P6 D' ?strComputer = "."Set objWMIService = GetObject("winmgmts:" _& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")Set colListOfServices = objWMIService.ExecQuery _("Select * from Win32_Service Where State = 'Paused' and StartMode = 'Auto'")For Each objService in colListOfServicesobjService.ResumeService()Next检索服务属性
7 |2 C/ \5 w# c/ n/ H/ }( d' I
描述
; [( }& \5 Z- k检索服务及其相关属性的完整列表。将信息保存到文本文件:C:\Scripts\Service_List.cs。
/ |8 o( `9 F' f/ Q( Z
脚本代码
3 ?# E+ I4 S, K4 qConst ForAppending = 8Set objFSO = CreateObject("Scripting.FileSystemObject")Set objLogFile = objFSO.OpenTextFile("c:\scripts\service_list.csv", _ ForAppending, True)objLogFile.Write _("System Name,Service Name,Service Type,Service State, Exit " _ & "Code,Process ID,Can Be Paused,Can Be Stopped,Caption," _ & "Description,Can Interact with Desktop,Display Name,Error " _& "Control, Executable Path Name,Service Started," _ & "Start Mode,Account Name ") objLogFile.WritelinestrComputer = "."Set objWMIService = GetObject("winmgmts:" _& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")Set colListOfServices = objWMIService.ExecQuery _("Select * from Win32_Service")For Each objService in colListOfServicesobjLogFile.Write(objService.SystemName) & "," objLogFile.Write(objService.Name) & "," objLogFile.Write(objService.ServiceType) & "," objLogFile.Write(objService.State) & "," objLogFile.Write(objService.ExitCode) & "," objLogFile.Write(objService.ProcessID) & "," objLogFile.Write(objService.AcceptPause) & "," objLogFile.Write(objService.AcceptStop) & "," objLogFile.Write(objService.Caption) & "," objLogFile.Write(objService.Description) & "," objLogFile.Write(objService.DesktopInteract) & "," objLogFile.Write(objService.DisplayName) & "," objLogFile.Write(objService.ErrorControl) & "," objLogFile.Write(objService.PathName) & "," objLogFile.Write(objService.Started) & "," objLogFile.Write(objService.StartMode) & "," objLogFile.Write(objService.StartName) & "," objLogFile.writelineNextobjLogFile.Close
4 b( C1 ?0 d6 R9 N8 C
检索服务状态
$ ^. C7 M6 e5 N: |. R
描述/ h2 j7 Y8 x: K( H2 R8 @4 z9 z
返回安装在计算机上的所有服务的列表,并且指示它们的当前状态(一般来说是正在运行还是没有运行)。
b2 U" `* a( A1 d% b
脚本代码
3 a" _& i5 ^5 n3 `& t/ ystrComputer = "."Set objWMIService = GetObject("winmgmts:" _& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")Set colRunningServices = objWMIService.ExecQuery _("Select * from Win32_Service")For Each objService in colRunningServices Wscript.Echo objService.DisplayName & VbTab & objService.StateNext从事件日志检索服务状态的改变
9 ?" D4 q: M' s @描述* D! k- G2 B( x8 j
从事件 ID 为 7036 的 System 事件日志中检索事件。任何时候只要状态发生改变就记录这些事件。需要 Windows XP 或 Windows Server 2003。
2 V, J) j3 [& a6 o# T
脚本代码
( ^6 E, f, f" K8 `: \3 L) a, K+ XSet dtmConvertedDate = CreateObject("WbemScripting.SWbemDateTime")strComputer = "."Set objWMIService = GetObject("winmgmts:" _& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")Set colServiceEvents = objWMIService.ExecQuery _("Select * from Win32_NTLogEvent Where Logfile = 'System' and " _& "EventCode = '7036'")For Each strEvent in colServiceEventsdtmConvertedDate.Value = strEvent.TimeWrittenWscript.Echo dtmConvertedDate.GetVarDate Wscript.Echo strEvent.MessageNext启动服务及其依赖服务
m+ {) Z3 ~. _描述
! G6 {/ I) P% t) m启动 NetDDE 服务及其所有的依赖服务。
% @& R8 C: A6 n# m) H$ I脚本代码% e; W& Y+ ^+ v
strComputer = "."Set objWMIService = GetObject("winmgmts:" _& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")Set colServiceList = objWMIService.ExecQuery _("Select * from Win32_Service where Name='NetDDE'")For each objService in colServiceListerrReturn = objService.StartService()NextWscript.Sleep 20000Set colServiceList = objWMIService.ExecQuery("Associators of " _& "{Win32_Service.Name='NetDDE'} Where " _& "AssocClass=Win32_DependentService " & "Role=Dependent" )For each objService in colServiceListobjService.StartService()Next启动已经停止的自动启动服务
9 Z/ Y R$ q, D5 ~描述% o3 k+ P/ m3 m2 n
重新启动任何已经停止的自动启动服务。
% ~" Y# e5 H# W. V" Y
脚本代码
1 j" N+ I: A2 N) ?0 xstrComputer = "."Set objWMIService = GetObject("winmgmts:" _& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")Set colListOfServices = objWMIService.ExecQuery _("Select * from Win32_Service Where State = 'Stopped' and StartMode = " _& "'Auto'")For Each objService in colListOfServicesobjService.StartService()Next停止服务及其依赖服务
# w7 X$ M4 f8 R4 I
描述
4 D3 a: h f$ k' _$ S停止 NetDDE 服务及其所有的依赖服务。
# ^+ F1 ^3 [6 [; G+ d8 ?& i脚本代码
' d% c) {7 o; n- AstrComputer = "."Set objWMIService = GetObject("winmgmts:" _& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")Set colServiceList = objWMIService.ExecQuery("Associators of " _& "{Win32_Service.Name='NetDDE'} Where " _& "AssocClass=Win32_DependentService " & "Role=Antecedent" )For each objService in colServiceListobjService.StopService()NextWscript.Sleep 20000Set colServiceList = objWMIService.ExecQuery _("Select * from Win32_Service where Name='NetDDE'")For each objService in colServiceListerrReturn = objService.StopService()Next停止在某个特定的帐户下运行的服务
. k% K& E) G, z7 E3 @: S) K" P描述8 }3 V, C; e9 x: q6 c ?
停止在假定的服务帐户 Netsvc 下运行的所有服务。
2 j$ q8 G9 o2 z. o) g" j) y) Y0 s
脚本代码
& @6 N& W# S" s0 L+ F& FstrComputer = "."Set objWMIService = GetObject("winmgmts:" _& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")Set colServices = objWMIService.ExecQuery _("Select * from win32_Service")For each objService in colServices If objService.StartName = ".\netsvc" ThenerrReturnCode = objService.StopService()End IfNext将服务帐户切换到本地服务
" n* f |; R# ^5 P4 ~
描述
8 g% k9 q( m1 x& H4 n8 f将在假定的服务帐户 Netsvc 下运行的任何服务的服务帐户更改为本地服务。
/ _: c" @% ?* s5 L% M' B+ s
脚本代码* C2 d3 t5 }+ A0 Z( P5 X! g( T
strComputer = "."Set objWMIService = GetObject("winmgmts:" _& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")Set colServices = objWMIService.ExecQuery _("Select * from Win32_Service")For each objService in colServicesIf objService.StartName = ".\netsvc" ThenerrServiceChange = objService.Change _( , , , , , , "NT AUTHORITY\LocalService" , "") End IfNext
