I am hacking some VBScript to attempt to determine the user that installed a program.
If I can get it going, I can add this to OAv2.
The script is below.
I get an unhelpful error and haven't managed to get it going.
If anyone can help, it would be most appreciated.
You can save it as blah.vbs and run it with "cscript blah.vbs".
It should dump any software it finds an entry for in the App Log - title, who installed it and when.
It should only dump the first entry it finds. IE - if you have installed, removed and installed a given piece of software, it may well have multiple entries in the Application Event Log.
Again, any help much appreciated.
strComputer = "."
const HKEY_LOCAL_MACHINE = &H80000002
set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\default:StdRegProv")
set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery("SELECT Message, User, TimeGenerated FROM Win32_NTLogEvent where logfile = 'Application' and eventcode = '11707'",,48)
strKeyPath = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
oReg.EnumKey HKEY_LOCAL_MACHINE,strKeyPath,arrSubKeys
for each subkey In arrSubKeys
newpath = strKeyPath & "\" & subkey
newkey = "DisplayName"
oReg.GetStringValue HKEY_LOCAL_MACHINE, newpath, newkey, strValue
if strValue <> "" then
package_name = strValue
for each objItem in colItems
mess1 = split(objItem.Message, "--")
mess2 = split(mess1(0), " ", vbTextCompare)
mess3 = split(mess2(0), "Product:")
message_retrieved = trim(mess3(1))
if (not isNull(message_retrieved)) then
if (InStr(message_retrieved, package_name) = 1) then
package_installed_by = objItem.User
package_installed_on = WMIDateStringToDate(objItem.TimeGenerated)
wscript.echo package_name & " Installed By: " & package_installed_by & " On: " & package_installed_on
exit for
else
package_installed_by = ""
package_installed_on = ""
end if
end if
next
end if
next
function WMIDateStringToDate(dtmDate)
WMIDateStringToDate = CDate(Mid(dtmDate, 5, 2) & "/" & _
Mid(dtmDate, 7, 2) & "/" & Left(dtmDate, 4) _
& " " & Mid (dtmDate, 9, 2) & ":" & Mid(dtmDate, 11, 2) & ":" & Mid(dtmDate,13, 2))
end function
Thursday, July 14, 2011
Subscribe to:
Posts (Atom)
Posts
