

« 2025/2 »

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28

클라이언트 로그 위치
32bit : %WINDIR%\System32\CCM\Logs
64bit : %WINDIR%\SysWOW64\CCM\Logs

서버 로그 위치
Server Log : <INSTALL_PATH>\Logs
Site Role Log : %ProgramFiles%\SMS_CCM\Logs

SCCM Toolkit을 이용해서 분석하면 좀 더 쉽게 분석이 가능하다.

-클라이언트 로그 파일-
CAS - Content Access Service. Maintains the local package cache.
Ccmexec.log - Records activities of the client and the SMS Agent Host service.
CertificateMaintenance.log - Maintains certificates for Active Directory directory service and management points.
ClientIDManagerStartup.log - Creates and maintains the client GUID.
ClientLocation.log - Site assignment tasks.
ContentTransferManager.log - Schedules the Background Intelligent Transfer Service (BITS) or the Server Message Block (SMB) to download or to access SMS packages.
DataTransferService.log - Records all BITS communication for policy or package access.
Execmgr.log - Records advertisements that run.
FileBITS.log - Records all SMB package access tasks.
Fsinvprovider.log (renamed to FileSystemFile.log in all SMS 2003 Service Packs) - Windows Management Instrumentation (WMI) provider for software inventory and file collection.
InventoryAgent.log - Creates discovery data records (DDRs) and hardware and software inventory records.
LocationServices.log - Finds management points and distribution points.
Mifprovider.log - The WMI provider for .MIF files.
Mtrmgr.log - Monitors all software metering processes.
PolicyAgent.log - Requests policies by using the Data Transfer service.
PolicyAgentProvider.log - Records policy changes.
PolicyEvaluator.log - Records new policy settings.
Remctrl.log - Logs when the remote control component (WUSER32) starts.
Scheduler.log - Records schedule tasks for all client operations.
Smscliui.log - Records usage of the Systems Management tool in Control Panel.
StatusAgent.log - Logs status messages that are created by the client components.
SWMTRReportGen.log - Generates a usage data report that is collected by the metering agent. (This data is logged in Mtrmgr.log.)

-서버 로그 파일-
Ccm.log - Client Configuration Manager tasks.
Cidm.log - Records changes to the client settings by the Client Install Data Manager (CIDM).
Colleval.log - Logs when collections are created, changed, and deleted by the Collection Evaluator.
Compsumm.log - Records Component Status Summarizer tasks.
Cscnfsvc.log - Records Courier Sender confirmation service tasks.
Dataldr.log - Processes Management Information Format (MIF) files and hardware inventory in the Configuration Manager 2007 database.
Ddm.log - Saves DDR information to the Configuration Manager 2007 database by the Discovery Data Manager.
Despool.log - Records incoming site-to-site communication transfers.
Distmgr.log - Records package creation, compression, delta replication, and information updates.
Hman.log - Records site configuration changes, and publishes site information in Active Directory Domain Services.
Inboxast.log - Records files that are moved from the management point to the corresponding SMS\INBOXES folder.
Inboxmgr.log - Records file maintenance.
Invproc.log - Records the processing of delta MIF files for the Dataloader component from client inventory files.
Mpcontrol.log - Records the registration of the management point with WINS. Records the availability of the management point every 10 minutes.
Mpfdm.log - Management point component that moves client files to the corresponding SMS\INBOXES folder.
MPMSI.log - Management point .msi installation log.
MPSetup.log - Records the management point installation wrapper process.
Ntsvrdis.log - Configuration Manager 2007 server discovery.
Offermgr.log - Records advertisement updates.
Offersum.log - Records summarization of advertisement status messages.
Policypv.log - Records updates to the client policies to reflect changes to client settings or advertisements.
Replmgr.log - Records the replication of files between the site server components and the Scheduler component.
Rsetup.log - Reporting point setup log.
Sched.log - Records site-to-site job and package replication.
Sender.log - Records files that are sent to other child and parent sites.
Sinvproc.log - Records client software inventory data processing to the site database in Microsoft SQL Server.
Sitecomp.log - Records maintenance of the installed site components.
Sitectrl.log - Records site setting changes to the Sitectrl.ct0 file.
Sitestat.log - Records the monitoring process of all site systems.
Smsdbmon.log - Records database changes.
Smsexec.log - Records processing of all site server component threads.
Smsprov.log - Records WMI provider access to the site database.
SMSReportingInstall.log - Records the Reporting Point installation. This component starts the installation tasks and processes configuration changes.
SMSSHVSetup.log - Records the success or failure (with failure reason) of installing the System Health Validator point.
Srvacct.log - Records the maintenance of accounts when the site uses standard security.
Statmgr.log - Writes all status messages to the database.
Swmproc.log - Processes metering files and maintains settings.

-관리 콘솔 로그 파일-
RepairWizard.log - Records errors, warnings, and information about the process of running the Repair Wizard.
ResourceExplorer.log - Records errors, warnings, and information about running the Resource Explorer.
SMSAdminUI.log - Records the local Configuration Manager 2007 console tasks when you connect to Configuration Manager 2007 sites.

-관리 포인트 로그 파일-
MP_Ddr.log - Records the conversion of XML.ddr records from clients, and copies them to the site server.
MP_GetAuth.log - Records the status of the site management points.
MP_GetPolicy.log - Records policy information.
MP_Hinv.log - Converts XML hardware inventory records from clients and copies the files to the site server.
MP_Location.log - Records location manager tasks.
MP_Policy.log - Records policy communication.
MP_Relay.log - Copies files that are collected from the client.
MP_Retry.log - Records the hardware inventory retry processes.
MP_Sinv.log - Converts XML hardware inventory records from clients and copies them to the site server.
MP_Status.log - Converts XML.svf status message files from clients and copies them to the site server.

-모바일 장치 관리 로그 파일-
DmClientHealth.log - Records the GUIDs of all the mobile device clients that are communicating with the Device Management Point.
DmClientRegistration.log - Records registration requests from and responses to the mobile device client in Native mode.
DmpDatastore.log - Records all the site database connections and queries made by the Device Management Point.
DmpDiscovery.log - Records all the discovery data from the mobile device clients on the Device Management Point.
DmpFileCollection.log - Records mobile device file collection data from mobile device clients on the Device Management Point.
DmpHardware.log - Records hardware inventory data from mobile device clients on the Device Management Point.
DmpIsapi.log - Records mobile device communication data from device clients on the Device Management Point.
dmpMSI.log - Records the MSI data for Device Management Point setup.
DMPSetup.log - Records the mobile device management setup process.
DmpSoftware.log - Records mobile device software distribution data from mobile device clients on the Device Management Point.
DmpStatus.log - Records mobile device status messages data from mobile device clients on the Device Management Point.
FspIsapi.log - Records Fallback Status Point communication data from mobile device clients and client computers on the Fallback Status Point.

-모바일 장비 클라이언트 로그 파일-
DmCertEnroll.log - Records certificate enrollment data on mobile device clients.
DMCertResp.htm (in \temp) - Records HTML response from the certificate server when the mobile device Enroller program requests a client authentication certificate on mobile device clients.
DmClientSetup.log - Records client setup data on mobile device clients.
DmClientXfer.log - Records client transfer data for Windows Mobile Device Center and ActiveSync deployments.
DmCommonInstaller.log - Records client transfer file installation for setting up mobile device client transfer files on client computers.
DmInstaller.log - Records whether DMInstaller correctly calls DmClientSetup and whether DmClientSetup exits with success or failure on mobile device clients.
DmInvExtension.log - Records Inventory Extension file installation for setting up Inventory Extension files on client computers.
DmSvc.log - Records mobile device management service data on mobile device clients.

-운영체제 배포 로그 파일-
CCMSetup.log - Provides information about client-based operating system actions.
CreateTSMedia.log - Provides information about task sequence media when it is created. This log is generated on the computer running the Configuration Manager 2007 administrator console.
DriverCatalog.log - Provides information about device drivers that have been imported into the driver catalog.
MP_ClientIDManager.log - Provides information about the Configuration Manager 2007 management point when it responds to Configuration Manager 2007 client ID requests from boot media or PXE. This log is generated on the Configuration Manager 2007 management point.
MP_DriverManager.log - Provides information about the Configuration Manager 2007 management point when it responds to a request from the Auto Apply Driver task sequence action. This log is generated on the Configuration Manager 2007 management point.
MP_Location.log - Provides information about the Configuration Manager 2007 management point when it responds to request state store or release state store requests from the state migration point. This log is generated on the Configuration Manager 2007 management point.
Pxecontrol.log - Provides information about the PXE Control Manager.
PXEMsi.log - Provides information about the PXE service point and is generated when the PXE service point site server has been created.
PXESetup.log - Provides information about the PXE service point and is generated when the PXE service point site server has been created.
Setupact.log Setupapi.log Setuperr.log Provide information about Windows Sysprep and setup logs.
SmpIsapi.log - Provides information about the state migration point Configuration Manager 2007 client request responses.
Smpmgr.log - Provides information about the results of state migration point health checks and configuration changes.
SmpMSI.log - Provides information about the state migration point and is generated when the state migration point site server has been created.
Smsprov.log - Provides information about the SMS provider.
Smspxe.log - Provides information about the Configuration Manager 2007 PXE service point.
SMSSMPSetup.log - Provides information about the state migration point and is generated when the state migration point site server has been created.
Smsts.log - General location for all operating system deployment and task sequence log events.
TaskSequenceProvider.log - Provides information about task sequences when they are imported, exported, or edited.
USMT Log loadstate.log - Provides information about the User State Migration Tool (USMT) regarding the restore of user state data.
USMT Log scanstate.log - Provides information about the USMT regarding the capture of user state data.

-네트워크 접근 보호(NAP) 로그 파일-
Ccmcca.log - Logs the processing of compliance evaluation based on Configuration Manager NAP policy processing and contains the processing of remediation for each software update required for compliance.
CIAgent.log - Tracks the process of remediation and compliance. However, the software updates log file, *Updateshandler.log - provides more informative details on installing the software updates required for compliance.
locationservices.log - Used by other Configuration Manager features (for example, information about the client’s assigned site) but also contains information specific to Network Access Protection when the client is in remediation. It records the names of the required remediation servers (management point, software update point, and distribution points that host content required for compliance), which are also sent in the client statement of health.
SDMAgent.log - Shared with the Configuration Manager feature desired configuration management and contains the tracking process of remediation and compliance. However, the software updates log file, Updateshandler.log, provides more informative details about installing the software updates required for compliance.
SMSSha.log - The main log file for the Configuration Manager Network Access Protection client and contains a merged statement of health information from the two Configuration Manager components: location services (LS) and the configuration compliance agent (CCA). This log file also contains information about the interactions between the Configuration Manager System Health Agent and the operating system NAP agent, and also between the Configuration Manager System Health Agent and both the configuration compliance agent and the location services. It provides information about whether the NAP agent successfully initialized, the statement of health data, and the statement of health response.

-시스템 상태 검사 포인트 로그 파일-
Ccmperf.log -Contains information about the initialization of the System Health Validator point performance counters.
SmsSHV.log - The main log file for the System Health Validator point; logs the basic operations of the System Health Validator service, such as the initialization progress.
SmsSHVADCacheClient.log - Contains information about retrieving Configuration Manager health state references from Active Directory Domain Services.
SmsSHVCacheStore.log - Contains information about the cache store used to hold the Configuration Manager NAP health state references retrieved from Active Directory Domain Services, such as reading from the store and purging entries from the local cache store file. The cache store is not configurable.
SmsSHVRegistrySettings.log - Records any dynamic changes to the System Health Validator component configuration while the service is running.
SmsSHVQuarValidator.log - Records client statement of health information and processing operations. To obtain full information, change the registry key LogLevel from 1 to 0 in the following location:HKLM\SOFTWARE\Microsoft\SMSSHV\Logging\@GLOBAL

-DCM(Desired Configuration Management) 로그 파일-
ciagent.log - Provides information about downloading, storing, and accessing assigned configuration baselines.
dcmagent.log - Provides high-level information about the evaluation of assigned configuration baselines and desired configuration management processes.
discovery.log - Provides detailed information about the Service Modeling Language (SML) processes.
sdmagent.log - Provides information about downloading, storing, and accessing configuration item content.
sdmdiscagent.log - Provides high-level information about the evaluation process for the objects and settings configured in the referenced configuration items.

-Wake On LAN(WOL) 로그 파일-
Wolmgr.log - Contains information about wake-up procedures such as when to wake up advertisements or deployments that are configured for Wake On LAN.
WolCmgr.log - Contains information about which clients need to be sent wake-up packets, the number of wake-up packets sent, and the number of wake-up packets retried.

-소프트웨어 업데이트 서버 로그 파일-
ciamgr.log - Provides information about the addition, deletion, and modification of software update configuration items.
distmgr.log - Provides information about the replication of software update deployment packages.
objreplmgr.log - Provides information about the replication of software updates notification files from a parent to child sites.
PatchDownloader.log - Provides information about the process for downloading software updates from the update source specified in the software updates metadata to the download destination on the site server.
replmgr.log - Provides information about the process for replicating files between sites.
smsdbmon.log - Provides information about when software update configuration items are inserted, updated, or deleted from the site server database and creates notification files for software updates components.
SUPSetup - Provides information about the software update point installation. When the software update point installation completes, Installation was successful is written to this log file.
WCM.log - Provides information about the software update point configuration and connecting to the Windows Server Update Services (WSUS) server for subscribed update categories, classifications, and languages.
WSUSCtrl.log - Provides information about the configuration, database connectivity, and health of the WSUS server for the site.
wsyncmgr.log -Provides information about the software updates synchronization process.

-WSUS 서버 로그 파일-
Change.log - Provides information about the WSUS server database information that has changed.
SoftwareDistribution.log - Provides information about the software updates that are synchronized from the configured update source to the WSUS server database.

-소프트웨어 업데이트 클라이언트 컴퓨터 로그 파일-
CAS.log - Provides information about the process of downloading software updates to the local cache and cache management.
CIAgent.log - Provides information about processing configuration items, including software updates.
LocationServices.log - Provides information about the location of the WSUS server when a scan is initiated on the client.
PatchDownloader.log - Provides information about the process for downloading software updates from the update source to the download destination on the site server. This log is only on the client computer configured as the synchronization host for the Inventory Tool for Microsoft Updates.
PolicyAgent.log - Provides information about the process for downloading, compiling, and deleting policies on client computers.
PolicyEvaluator - Provides information about the process for evaluating policies on client computers, including policies from software updates.
RebootCoordinator.log - Provides information about the process for coordinating system restarts on client computers after software update installations.
ScanAgent.log - Provides information about the scan requests for software updates, what tool is requested for the scan, the WSUS location, and so on.
ScanWrapper - Provides information about the prerequisite checks and the scan process initialization for the Inventory Tool for Microsoft Updates on Systems Management Server (SMS) 2003 clients.
SdmAgent.log - Provides information about the process for verifying and decompressing packages that contain configuration item information for software updates.
ServiceWindowManager.log - Provides information about the process for evaluating configured maintenance windows.
smscliUI.log - Provides information about the Configuration Manager Control Panel user interactions, such as initiating a Software Updates Scan Cycle from the Configuration Manager Properties dialog box, opening the Program Download Monitor, and so on.
SmsWusHandler - Provides information about the scan process for the Inventory Tool for Microsoft Updates on SMS 2003 client computers.
StateMessage.log - Provides information about when software updates state messages are created and sent to the management point.
UpdatesDeployment.log - Provides information about the deployment on the client, including software update activation, evaluation, and enforcement. Verbose logging shows additional information about the interaction with the client user interface.
UpdatesHandler.log - Provides information about software update compliance scanning and about the download and installation of software updates on the client.
UpdatesStore.log - Provides information about the compliance status for the software updates that were assessed during the compliance scan cycle.
WUAHandler.log - Provides information about when the Windows Update Agent on the client searches for software updates.
WUSSyncXML.log - Provides information about the Inventory Tool for the Microsoft Updates synchronization process. This log is only on the client computer configured as the synchronization host for the Inventory Tool for Microsoft Updates.

-윈도우 업데이트 에이전트 로그 파일-
WindowsUpdate.log - Provides information about when the Windows Update Agent connects to the WSUS server and retrieves the software updates for compliance assessment and whether there are updates to the agent components.

Posted by 커널64
2009. 3. 18. 21:28

SCCM Toolkit SystemCenter2009. 3. 18. 21:28

Client Spy - 소프트웨어 배포, 인벤토리, 소프트웨어 미터링 트러블슈팅
Policy Spy - 정책 뷰어, 정책 관련 트러블슈팅
Trace32 - Configuration 서버/클라이언트의 로그 뷰어(분석)
Security Configuration Wizard Template for Configuration Manager 2007 - SCW Template
DCM Model Verification - Desired Configuration Management 검증 및 아이템 테스트
DCM Digest Conversion - SMS 2003에서 생성한 DCM을 SCCM 2007 용으로 변환

Posted by 커널64

arguement => Process1.exe,Process2.exe,Process3.exe......

Object : Process
Counter : NumberOfProcess
Instance : $Data/Property[@Name='ProcessName']$
Value : $Data/Property[@Name='PerfValue']$


Option Explicit

Dim intResponse, strProcess, bLogPerformanceEvent, bGenerateSuccessEvent, bLogPerformanceData
Dim oAPI, oArgs, cProcessResult, oMOMBag, sProcess, propertyBag, perfValue
Dim ProcessName
Set oArgs = WScript.Arguments
Set oAPI = CreateObject("MOM.ScriptAPI")
If oArgs.Count < 1 Then
Call oAPI.LogScriptEvent("getProcessNUM.vbs", 10101, EVENT_TYPE_ERROR, "getProcessNUM script was called with fewer than one arguement.")
WScript.Quit -1
End If

strProcess = Split(oArgs.Item(0), ",")
For Each sProcess In strProcess

Sub getProcessNUM(ProcessName)
Set cProcessResult = GetObject("winmgmts://./root/cimv2").ExecQuery("SELECT * FROM Win32_Process WHERE name = '" & ProcessName & "'")
perfValue= 0.0
perfValue= cdbl(cProcessResult.count)
Set propertyBag = oAPI.CreatePropertyBag()
propertyBag.AddValue "ProcessName", ProcessName
propertyBag.AddValue "PerfValue", PerfValue
Call oAPI.Return(propertyBag)
Set cProcessResult = Nothing
End Sub

Posted by 커널64
2009. 3. 18. 11:44

SCOM 2007 CrossPlatform Extension Overview SystemCenter2009. 3. 18. 11:44

사용자 삽입 이미지

developed by the OpenBSD Project, provides for secure communication between two systems, and delivers authentication, authorization, and confidentiality services. Operations Manager 2007 uses OpenSSH in several ways:
- During deployment, the secure copy (scp) capability of OpenSSH is used to securely copy the Ops Mgr Cross Plat agent to the target machine, and then initiate the agent and any required supporting processes (such as OpenPegasus and WS_Management) should they not be operational.
- During operations, should there be an issue with any of the supporting processes or should the agent process fail, Operations Manager 2007 can communicate with the managed system through OpenSSH and restart the failed service.
Posted by 커널64
2009. 3. 16. 14:31

SNMPUTIL.exe Etc.2009. 3. 16. 14:31

Posted by 커널64
2009. 3. 9. 19:19

DPM SRT(System Recovery Tools) 정보 SystemCenter2009. 3. 9. 19:19

128-bit MD5 암호화 알고리즘으로 계산된 고유한 데이터 주소에 오직 한 개의 파일을 저장하는 방법을 사용한다.
이는 만약 비슷한 여러 대의 서버가 있는 경우 첫 번째 서버의 백업은 원본 서버의 데이터와 같은 양을 차지하지만 다른 서버들은 단지 2%~5%의 공간만 필요로 하게 되는 것을 의미한다.

SRT로 복구하기 전에 우선 복구 스케쥴을 설정해야 한다. 이 스케쥴은 얼마나 자주 백업을 수행할 것인지(복구 지점을 만들 것인지)를 정한다.
복구 세트는 복구 지점에 어떠한 데이터를 저장할 것인지를 정의한다. SRT는 기본적으로 다음 두 개의 복구 세트를 포함한다.
- System Volumes (시스템 파일, 시스템 세팅, 부트 파일)
- Disk Layout (디스크 정보(마스터 부트 코드, 파티션 테이블, 파티션과 볼륨 정보))
Posted by 커널64
2009. 3. 6. 22:39

SCOM 2007 Report 관련 쿼리 (보고서) SystemCenter2009. 3. 6. 22:39

' 성능 카운터 리스트 쿼리
SELECT ObjectName, CounterName, MultiInstanceInd FROM vPerformanceRule ORDER BY ObjectName

' Windows 컴퓨터 리스트 쿼리
SELECT Name FROM dbo.vManagedEntity WHERE ManagedEntityTypeRowId = '22' ORDER BY Name

' 성능 정보 쿼리 (데이터웨어하우스)
EXEC SP_PerfViewDaily '2009-02-01', '2009-02-20', 'Processor', '% Processor Time', 'Server1'


@StartDate DATETIME,
@ObjectName NCHAR(30),
@CounterName NCHAR(30),
@ServerName NCHAR(30)
Dateadd (HH, 9, vPerf.DateTime) AS DateTime ,
Round (vPerf.AverageValue, 2) AS Average,
Round (vPerf.MinValue, 2) AS Minimum,
Round (vPerf.MaxValue, 2) AS Maximum,
Round (vPerf.StandardDeviation, 2) AS StandardDeviation,
vManagedEntity.Path AS ServerName,
FROM Perf.vPerfdaily AS vPerf INNER JOIN
vPerformanceRuleInstance ON vPerformanceRuleInstance.PerformanceRuleInstanceRowId = vPerf.PerformanceRuleInstanceRowId INNER JOIN
vManagedEntity ON vPerf.ManagedEntityRowId = vManagedEntity.ManagedEntityRowId INNER JOIN
vPerformanceRule ON vPerformanceRuleInstance.RuleRowId = vPerformanceRule.RuleRowId
WHERE vPerf.DateTime >= @StartDate
AND vPerf.DateTime < @EndDate
AND (vPerformanceRule.ObjectName IN (@ObjectName))
AND (vPerformanceRule.CounterName IN (@CounterName))
/* AND (vPerformanceRuleInstance.InstanceName IN ('')) */
AND (vManagedEntity.Path IN (@ServerName))
ORDER BY  DateTime

Posted by 커널64

윈도우 2000에서는 기본적으로 논리 디스크 성능 카운터가 Disable 상태이다.
만약 LogicalDisk에 관련된 Counter 수집이 필요하다면 다음과 같은 명령으로 Enable 시켜야 한다.
명령 실행 후 재부팅을 해야 적용된다.

모든 디스크 성능 카운터 Enable

실제 드라이브에 대한 성능 카운터 Enable

논리 드라이브에 대한 성능 카운터 Enable

디스크 관련 모든 성능 카운터 Disable

실제 드라이브에 대한 성능 카운터 Disable

논리 드라이브에 대한 성능 카운터 Disable

Posted by 커널64

Rule > New > Probe based > Script(performance)

Object, Counter, Instance 적당한 값
Value: $Data/Property[@Name='Used Memory']$



Dim oAPI, oBag
Set oAPI = CreateObject("MOM.ScriptAPI")
Set oBag = oAPI.CreatePropertyBag()

strComputer = "."
Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set strFreeMemory = objWMIService.ExecQuery ("Select * from Win32_OperatingSystem")
For Each Free In strFreeMemory
valFreeMemory = Free.FreePhysicalMemory / 1024
Set strFreeMemory = Nothing

Set strTotalMemory = objWMIService.ExecQuery ("Select * from Win32_ComputerSystem")
For Each Total In strTotalMemory
valTotalMemory = Total.TotalPhysicalMemory / 1048576
Set strTotalMemory = Nothing

val = valTotalMemory - valFreeMemory

Call oBag.AddValue("Used Memory",val)
Call oAPI.Return(oBag)

Posted by 커널64
2009. 2. 20. 16:19

레지스트리 관련 VB Script (vbs) Etc.2009. 2. 20. 16:19

Checking Registry Key Access Rights
const KEY_QUERY_VALUE = &H0001
const KEY_SET_VALUE = &H0002
const KEY_CREATE_SUB_KEY = &H0004
const DELETE = &H00010000
const HKEY_LOCAL_MACHINE = &H80000002

strComputer = "."
Set StdOut = WScript.StdOut
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")

strKeyPath = "SYSTEM\CurrentControlSet"

If bHasAccessRight = True Then
StdOut.WriteLine "Have Query Value Access Rights on Key"
StdOut.WriteLine "Do Not Have Query Value Access Rights on Key"
End If

oReg.CheckAccess HKEY_LOCAL_MACHINE, strKeyPath, KEY_SET_VALUE, _
If bHasAccessRight = True Then
StdOut.WriteLine "Have Set Value Access Rights on Key"
StdOut.WriteLine "Do Not Have Set Value Access Rights on Key"
End If

If bHasAccessRight = True Then
StdOut.WriteLine "Have Create SubKey Access Rights on Key"
StdOut.WriteLine "Do Not Have Create SubKey Access Rights on Key"
End If

oReg.CheckAccess HKEY_LOCAL_MACHINE, strKeyPath, DELETE, bHasAccessRight
If bHasAccessRight = True Then
StdOut.WriteLine "Have Delete Access Rights on Key"
StdOut.WriteLine "Do Not Have Delete Access Rights on Key"
End If


Reading a Binary Registry Value

const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set StdOut = WScript.StdOut
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")

strKeyPath = "SOFTWARE\Microsoft\Windows NT\CurrentVersion"
strValueName = "LicenseInfo"

oReg.GetBinaryValue HKEY_LOCAL_MACHINE,strKeyPath,_
For i = lBound(strValue) to uBound(strValue)
 StdOut.WriteLine  strValue(i)


Reading an Expanded String Value
const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set StdOut = WScript.StdOut
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")

strKeyPath = "SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon"
strValueName = "UIHost"
oReg.GetExpandedStringValue HKEY_LOCAL_MACHINE,strKeyPath,_

StdOut.WriteLine  "The Windows logon UI host is: " & strValue


Reading a MultiString Value
const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set StdOut = WScript.StdOut
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")

strKeyPath = "SYSTEM\CurrentControlSet\Services\Eventlog\System"
strValueName = "Sources"

oReg.GetMultiStringValue HKEY_LOCAL_MACHINE,strKeyPath,_
For Each strValue In arrValues
 StdOut.WriteLine  strValue


Reading String and DWORD Values
const HKEY_CURRENT_USER = &H80000001
const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set StdOut = WScript.StdOut
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")

strKeyPath = "Console"
strValueName = "HistoryBufferSize"
oReg.GetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName,dwValue
StdOut.WriteLine "Current History Buffer Size: " & dwValue

strKeyPath = "SOFTWARE\Microsoft\Windows Script Host\Settings"
strValueName = "TrustPolicy"
oReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue
StdOut.WriteLine "Current WSH Trust Policy Value: " & strValue


Creating Expanded String Values
const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")

strKeyPath = "SOFTWARE\Key Name"
strValueName = "Expanded String Value Name"

strValue = "%PATHEXT%"
oReg.SetExpandedStringValue _


Creating a Registry Key
const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set StdOut = WScript.StdOut

Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")

strKeyPath = "SOFTWARE\Key Name"
oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath


Creating String and DWORD Values
const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set StdOut = WScript.StdOut
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")

strKeyPath = "SOFTWARE\Key Name"
strValueName = "String Value Name"
strValue = "string value"

oReg.SetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue

strValueName = "DWORD Value Name"
dwValue = 82

oReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue


Deleting Registry Values
const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")

strKeyPath = "SOFTWARE\Key Name"
strDWORDValueName = "DWORD Value Name"
strExpandedStringValueName = "Expanded String Value Name"
strMultiStringValueName = "Multi String Value Name"
strStringValueName = "String Value Name"

oReg.DeleteValue HKEY_LOCAL_MACHINE,strKeyPath,strDWORDValueName
oReg.DeleteValue HKEY_LOCAL_MACHINE,strKeyPath,strExpandedStringValueName
oReg.DeleteValue HKEY_LOCAL_MACHINE,strKeyPath,strMultiStringValueName
oReg.DeleteValue HKEY_LOCAL_MACHINE,strKeyPath,strStringValueName


Enumerating Registry Properties
On Error Resume Next
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery("Select * from Win32_Registry")
For Each objItem in colItems
Wscript.Echo "Current Size: " & objItem.CurrentSize
Wscript.Echo "Description: " & objItem.Description
Wscript.Echo "Install Date: " & objItem.InstallDate
Wscript.Echo "Maximum Size: " & objItem.MaximumSize
Wscript.Echo "Name: " & objItem.Name
Wscript.Echo "Proposed Size: " & objItem.ProposedSize


Enumerating Registry Values and Types
const HKEY_LOCAL_MACHINE = &H80000002
const REG_SZ = 1
const REG_EXPAND_SZ = 2
const REG_BINARY = 3
const REG_DWORD = 4
const REG_MULTI_SZ = 7
strComputer = "."
Set StdOut = WScript.StdOut
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")

strKeyPath = "SYSTEM\Key Name"

oReg.EnumValues HKEY_LOCAL_MACHINE, strKeyPath,_
arrValueNames, arrValueTypes

For i=0 To UBound(arrValueNames)
StdOut.WriteLine "Value Name: " & arrValueNames(i)
Select Case arrValueTypes(i)
 Case REG_SZ
  StdOut.WriteLine "Data Type: String"
  StdOut.WriteLine "Data Type: Expanded String"
  StdOut.WriteLine "Data Type: Binary"
  StdOut.WriteLine "Data Type: DWORD"
  StdOut.WriteLine "Data Type: Multi String"
End Select

Posted by 커널64