我正在尝试重新创建一个环境(更具体地说,记录一个可重现的环境)。我隐隐怀疑某些已安装的东西可能破坏了相同的注册表值,并想通过重现安装各种组件的顺序来测试这一点。
但是,我无法确定安装内容的具体顺序。我找到了注册表项“HKEY_LOCAL_MACHINE_SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall”,它似乎有已安装内容的子项,并且这些子项(有时)包括 InstallDate。但是,它只具有日期解析度,因此我无法确定同一天安装的内容的顺序。
Ctime 可以改变,不是吗?所以这不行。否则,我就没主意了。
这是在 Win7 上。我是一名 Unix 爱好者,请耐心等待。
有人有主意吗?
答案1
这样就可以了。打开 Powershell:
Get-WmiObject Win32_ReliabilityRecords |
Where-Object { $_.Message.StartsWith('Windows Installer installed') } |
Select TimeGenerated,Message | FL
只要启用可靠性计数器(我相信它们在 Windows 7 上应该是默认启用的),它就会为您提供软件安装时间的完整列表。
您还可以通过以下图形方式查看这些数据:perfmon /rel
示例输出:
TimeGenerated : 20141112045116.000000-000
Message : Windows Installer installed an update. Product Name: Microsoft Office Shared MUI (English) 2013. Product Version: 15.0.4569.1506.
Product Language: 1033. Manufacturer: Microsoft Corporation. Update Name: Update for Microsoft Office 2013 (KB2881008) 64-Bit
Edition. Installation success or error status: 0.
TimeGenerated : 20141112045110.000000-000
Message : Windows Installer installed an update. Product Name: Microsoft Office Professional Plus 2013. Product Version: 15.0.4569.1506.
Product Language: 0. Manufacturer: Microsoft Corporation. Update Name: Update for Microsoft PowerPoint 2013 (KB2889936) 64-Bit
Edition. Installation success or error status: 0.
TimeGenerated : 20141112045100.000000-000
Message : Windows Installer installed an update. Product Name: Microsoft PowerPoint MUI (English) 2013. Product Version: 15.0.4569.1506.
Product Language: 1033. Manufacturer: Microsoft Corporation. Update Name: Update for Microsoft PowerPoint 2013 (KB2889936) 64-Bit
Edition. Installation success or error status: 0.
TimeGenerated : 20141111002348.000000-000
Message : Windows Installer installed the product. Product Name: EMET 5.1. Product Version: 5.1. Product Language: 1033. Manufacturer:
Microsoft Corporation. Installation success or error status: 0.
日期/时间格式让你厌烦吗?试试这个:
Get-WmiObject Win32_ReliabilityRecords |
Where-Object { $_.Message.StartsWith('Windows Installer installed') } |
Select @{n='TimeGenerated';e={[System.Management.ManagementDateTimeConverter]::ToDateTime($_.TimeGenerated )}},Message | FT -AutoSize
11/11/2014 10:51:24 PM Windows Installer installed an update. Product Name: Microsoft Office Professional Plus 2013. Product Version: 15.0.4569.15...
11/11/2014 10:51:16 PM Windows Installer installed an update. Product Name: Microsoft Office Shared MUI (English) 2013. Product Version: 15.0.4569...
11/11/2014 10:51:10 PM Windows Installer installed an update. Product Name: Microsoft Office Professional Plus 2013. Product Version: 15.0.4569.15...
11/11/2014 10:51:00 PM Windows Installer installed an update. Product Name: Microsoft PowerPoint MUI (English) 2013. Product Version: 15.0.4569.15...
11/10/2014 6:23:48 PM Windows Installer installed the product. Product Name: EMET 5.1. Product Version: 5.1. Product Language: 1033. Manufacturer...
请注意,这将列出产品安装和补丁。如果您只想捕获更新或产品安装,请调整“Windows Installer 已安装...”周围的字符串。
编辑:还有几件事需要注意。首先,这些数据是从事件日志数据中汇总而来的……因此,如果您清除了事件日志,这些数据将会消失。其次……报告的日期时间格式Get-WMIObject……Powershell 有一个名为 的较新版本的 cmdlet Get-CIMInstance,可以自动将这些日期/时间转换为更易读的格式……但 Windows 7 最初并未附带Get-CIMInstance。您需要先升级到 Powershell 3,或者只需使用我上面展示的转换技术。