none
Gerar Log RRS feed

  • Pergunta

  • Boa tarde.

    Como faço para gerar log do script abaixo?

    Ele verifica se a máquina está com pen drive plugado nas portas e envia e-mail para o admin do domínio.

    Obrigado.

    *************************************************************************
    '*********Capturando Nome do Computador, SO, Usuario, IP e Spack*************
    strComputador = "."
    Dim NomeComputador, SO, Usuario, IP, SPK, strPropriedades
    Set objWMIService = GetObject("winmgmts:\\" & strComputador & "\root\CIMV2")
    Set colItems = objWMIService.execQuery(_
    "Select * From Win32_ComputerSystem",,48)
    For Each objItem in colItems
    NomeComputador = objItem.caption
    Next
    '******************************FIM****************************************
    '**************************************************************************
    '*******************Criando leitura do computador**************************
    strPropriedades = "*"'"CSName, Caption, OSType, Version, OSProductSuite, BuildNumber, ProductType, OSLanguage, CSDVersion, InstallDate, RegisteredUser, Organization, SerialNumber, WindowsDirectory, SystemDirectory"
    objClass = "Win32_OperatingSystem"
    strQuery = "SELECT " & strPropriedades & " FROM " & objClass
    Set colOS = objWMIService.ExecQuery(strQuery, , wbemFlagReturnImmediately + wbemFlagForwardOnly)
    For Each objItem in colOS
    SPK = (objItem.CSDVersion)
    SO = (objItem.Caption)
    Next
        '--- Usuario----
    objClass = "Win32_ComputerSystem"
    strQuery = "SELECT " & strPropriedades & " FROM " & objClass
    Set colSys = objWMIService.ExecQuery(strQuery, , wbemFlagReturnImmediately + wbemFlagForwardOnly)
    For Each objItem in colSys
    Usuario =  (objItem.UserName)
    Next
        '--- Identificação da placa de rede
    strPropriedades = "Description, MACAddress, IPAddress, IPSubnet, DefaultIPGateway, DNSServerSearchOrder, DNSDomain, DNSDomainSuffixSearchOrder, DHCPEnabled, DHCPServer, WINSPrimaryServer, WINSSecondaryServer, ServiceName"
    objClass = "Win32_NetworkAdapterConfiguration"
    strQuery = "SELECT " & strPropriedades & " FROM " & objClass & " WHERE IPEnabled = True AND ServiceName <> 'AsyncMac' AND ServiceName <> 'VMnetx' AND ServiceName <> 'VMnetadapter' AND ServiceName <> 'Rasl2tp' AND ServiceName <> 'PptpMiniport' AND ServiceName <> 'Raspti' AND ServiceName <> 'NDISWan' AND ServiceName <> 'RasPppoe' AND ServiceName <> 'NdisIP' AND ServiceName <> ''"
    Set colAdapters = objWMIService.ExecQuery(strQuery, , wbemFlagReturnImmediately + wbemFlagForwardOnly)
        '-----rede
    For Each objItem in colAdapters
        '----- IP
    IP_Address = objItem.IPAddress
    IP = (IP_Address(i))
    Next
    Set objShell = CreateObject("WScript.Shell")
    '********************************FIM****************************************
    '****************************************************************************
    '*********************Criando Conexao com o Regedit****************************
    const HKEY_LOCAL_MACHINE = &H80000002
    strKeyPath = "SYSTEM\CurrentControlSet\Services\USBSTOR"
    Set oReg=GetObject( _
    "winmgmts:{impersonationLevel=impersonate}!\\" & _
    strComputador & "\root\default:StdRegProv")
    '****************************FIM DA CONEXAO*******************************
    '****************************************************************************
    '*****************************Formatando a Data******************************
    Dim dataAtual, dataFormatada
    dataAtual = now ( )
    dataFormatada = FormatDateTime(dataAtual, 1)
    '****************************************************************************

    '######################################################################
    '######################################################################
    '######################################################################
    '###################################################
    '###########CONFIGURAÇÃO DA CONTA DE EMAIL##################
        'para enviar para mais de um email, adicione ponto-e-virgula
        'e coloque os emails que deseja em EnviarPara              
                                                 
    EnviarPara= "email@dominio.com.br;email2@dominio.com.br"            
    UserEmail="email@dominio.com.br"                                    
    MinhaSenha="senhaemail"                                         
    MeuSMTP="smtp.dominio.com.br"                                  
    MinhaPorta=587                                                 
                                                     
    '######################################################################
    '######################################################################
    '######################################################################
    '######################################################################
    '########### Nome dos Computadores Para USB Desbloqueado ##################
        '-----para adicionar mais computadores,                    
        '-----basta     digitar 'or NomeComputador=" nome pc para desbloqueio"_'       
        '-----antes da palavra then     

           
    ' if NomeComputador= "Rodrigo-PC"_
    ' or NomeComputador= "COMPUTADOR1"_'
    ' or NomeComputador= "COMPUTADOR2"_
    ' or NomeComputador= "COMPUTADOR4"_
    ' then                               
    '######################################################################
    '######################################################################


        '----realiza o desbloqueio caso o nome do computador estiver na lista
    oReg.CreateKey HKEY_LOCAL_MACHINE, strKeyPath
    objShell.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR\Start", "3","REG_DWORD"
    objShell.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR\ImagePath", "system32\DRIVERS\USBSTOR.SYS","REG_SZ"

        '---adiciona permissão para o usuario acessar os arquivos de instalacao de pendrive
    objShell.Run("%COMSPEC% /c Echo S| cacls C:\windows\inf\usbstor.inf /P " & Usuario &":f")
    objShell.Run("%COMSPEC% /c Echo S| cacls C:\windows\inf\usbstor.pnf /P " & Usuario &":f")

    msgbox("Computador com Privilégios Para Utilização de Pen-Drive: " & NomeComputer &" logado com o Usuario: "& Usuario &", USB Desbloqueado!!!")
    else
        '----realiza o bloqueio caso o nome do computador nao estiver na lista
    oReg.CreateKey HKEY_LOCAL_MACHINE, strKeyPath
    objShell.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR\Start", "4","REG_DWORD"
    objShell.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR\ImagePath", "system32\DRIVERS\USBSTORAGE.SYS","REG_SZ"

        '---remove a permissão para o usuario acessar os arquivos de instalacao de pendrive
    objShell.Run("%COMSPEC% /c Echo S| cacls C:\windows\inf\usbstor.inf /P " & Usuario &":n")
    objShell.Run("%COMSPEC% /c Echo S| cacls C:\windows\inf\usbstor.pnf /P " & Usuario &":n")

        '----monitorando a porta USB caso o computador nao esteja na lista de desbloqueado
    strComputer = "."
    Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

    Set colMonitoredEvents = objWMIService.ExecNotificationQuery("SELECT * FROM __InstanceCreationEvent WITHIN 10 WHERE Targetinstance ISA 'Win32_PNPEntity' and TargetInstance.DeviceId like '%USBStor%'")
    Do
    Set objLatestEvent = colMonitoredEvents.NextEvent
    Notifier(objLatestEvent.TargetInstance)
    Loop


        '----se identificar o uso de pendrive mesmo ja tendo realizado o bloqueio, envia a informacao via email
    Sub Notifier(object)

        '---obtem conexao com email
    Set objNet = CreateObject("Wscript.Network")

        '---Informações para corpo do Email
    SendMailWithoutSSL _
    EnviarPara, _
    "Falha na Segurança, Uso de Pendrive no Computador " & NomeComputador, _
    UserEmail, _
    "O Usuario "& Usuario &" conectou um Pendrive no Computador " & NomeComputador & " Sistema Operacional: " & SO & " " & SPK & " IP: " & IP, _
    MeuSMTP, _
    MinhaPorta, _
    UserEmail, _
    MinhaSenha

        '---informa o usuario que o uso do pendrive esta sendo informado ao Administrador do Sistema
    msgbox("Foi Detectado Utilização de Pendrive, você não tem autorização, Enviando Informação ao Administrador do Sistema!")
    End Sub


        '----envia a informação via email
    Sub SendMailWithoutSSL(strDestination, strTitle, strFrom, strMessage, strSMTP, intPort, strUsername, strPassword)
    set oMessage = CreateObject("CDO.Message")
    set oConf = CreateObject("CDO.Configuration")
    Set oFields = oConf.Fields
        '----obtem instancia para envio das informacoes via email
    oFields.Item("http://schemas.microsoft.com/cdo/configuration/smtpserver") = strSMTP
    oFields.Item("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = intPort
    oFields.Item("http://schemas.microsoft.com/cdo/configuration/smtpauthenticate") = 1 'cdoBasic: usuario e senh em texto simples
    oFields.Item("http://schemas.microsoft.com/cdo/configuration/sendusername") = strUsername
    oFields.Item("http://schemas.microsoft.com/cdo/configuration/sendpassword") = strPassword
    oFields.Item("http://schemas.microsoft.com/cdo/configuration/Smtpusessl") = false
    oFields.Item("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2 '1: Usar SMTP Local; 2: Usando Porta; 3: Usando o Exchange
    oFields.Update
    oMessage.Fields.Item("urn:schemas:mailheader:to") = strDestination
    oMessage.Fields.Item("urn:schemas:mailheader:from") = strFrom
    oMessage.Fields.Item("urn:schemas:mailheader:sender") = strFrom
    oMessage.Fields.Item("urn:schemas:mailheader:subject")= strTitle
    oMessage.Fields.Item("urn:schemas:mailheader:x-mailer") = "Informe sobre Pendrive!"
    oMessage.Fields.Update
    oMessage.Configuration = oConf
    oMessage.TextBody = strMessage
    oMessage.Send
    End Sub
    end if


    Magalhães

    sexta-feira, 12 de maio de 2017 19:14