我正在尝试编写一个可以通过 Kace K1000 推送并在我们网络中的机器后台运行的 vbscript,以检测用户何时插入他们的闪存驱动器/外部驱动器并检查它们是否已加密。
如果驱动器未加密,则发送提示/消息,告知用户加密驱动器。如果驱动器已加密,则不执行任何操作,照常进行。我使用的操作系统是 Windows 7 和 10。
我目前拥有的脚本是:
strComputer = "."
//check instant event for usb detection
Set wmi = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set wmiEvent = wmi.ExecNotificationQuery("select * from __InstanceOperationEvent within 1 where TargetInstance ISA 'Win32_PnPEntity' and TargetInstance.Description='USB Mass Storage Device'")
//check to see if the drive is encrypted
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2\Security\MicrosoftVolumeEncryption")
Set colItems = objWMIService.ExecQuery( _
"SELECT * FROM Win32_EncryptableVolume",,48)
While True
Case "__InstanceCreationEvent"
For Each objItem in colItems
If objItem.ProtectionStatus = 0 then
Wscript.Echo "Unencrypted drive is detected, please encrypt drive " & objItem.DriveLetter
else
end if
Next
Wend
我知道它目前无法正常工作,而且我对 vbscript 和 wmi 还很陌生,所以任何帮助都非常有用。在决定寻求帮助之前,我通过谷歌搜索找到了脚本。
如果你们还有其他方法可以实现我所尝试的功能,那也很好。我们使用 kace k1000 来管理我们的机器,所以我需要能够在那里推送脚本。
谢谢
答案1
以下(部分注释)脚本在 Windows 环境中运行,我无法预见卡斯 k1000相互作用:
option explicit
On Error GoTo 0
Dim strResult, strComputer, wmi, wmiEvent , objWMIService, objItem, colItems, objEventObject
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer _
& "\ROOT\CIMV2\Security\MicrosoftVolumeEncryption") ' requires elevation
Set wmi = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
' //check instant event for Logical Disk detection
Set wmiEvent = wmi.ExecNotificationQuery( _
"select * from __InstanceOperationEvent within 1 " _
& "where TargetInstance ISA 'Win32_LogicalDisk'")
While True
'' tell the script to wait until the next event of interest occurs
Set objEventObject = wmiEvent.NextEvent()
Select Case objEventObject.Path_.Class
Case "__InstanceCreationEvent"
'//check to see if the drive is encrypted
Set colItems = objWMIService.ExecQuery( _
"SELECT * FROM Win32_EncryptableVolume",,48)
For Each objItem in colItems
If objItem.ProtectionStatus = 0 then
strResult = strResult & vbNewLine & ":" & _
objEventObject.TargetInstance.Description & _
": Unencrypted drive " & objItem.DriveLetter
End If
Next
Case "__InstanceDeletionEvent" '' merely for debugging
strResult = strResult & vbNewLine & ":" & _
objEventObject.TargetInstance.Description & ": An event was just deleted"
End Select
If strResult <> "" Then Wscript.Echo Wscript.ScriptName & vbNewLine & strResult
strResult = ""
Wend
'' REMARK ''
'' //check instant event for usb detection
'' -- unsuccessful as `TargetInstance.Description` could vary for different drives
' Set wmiEvent = wmi.ExecNotificationQuery( _
' "select * from __InstanceOperationEvent within 1 " _
' & "where TargetInstance ISA 'Win32_PnPEntity'" _
' & " and ( TargetInstance.Description='USB Mass Storage Device'" _
' & " or TargetInstance.Description='USB Flash Memory'" _
' & " or TargetInstance.Description='Disk drive')")
以下是详尽的解释:如何仅使用一个脚本来监控不同类型的事件和如何确定可移动驱动器何时连接