0

Code snippets : Windows : Importing Event Logs to Database

-

Code snippet from old archives. It shows how to import Windows event log entries to database. Important is to setup database and table accordingly, so it contains apropriate columns.

Set objConn = CreateObject("ADODB.Connection")
Set objRS = CreateObject("ADODB.Recordset")
objConn.Open "DSN=EventLogs;"
objRS.CursorLocation = 3
objRS.Open "SELECT * FROM tblEventLog" , objConn, 3, 3
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colRetrievedEvents = objWMIService.ExecQuery _
("Select Category, CategoryString, ComputerName, Data, EventCode, _
EventIdentifier, EventType, LogFile, Message, RecordNumber, SourceName, _
TimeGenerated, TimeWritten, Type, User from Win32_NTLogEvent")
For Each objEvent in colRetrievedEvents
objRS.AddNew
objRS("el_Category") = objEvent.Category
objRS("el_CategoryString") = objEvent.CategoryString
objRS("el_ComputerName") = objEvent.ComputerName
objRS("el_Data") = objEvent.Data
objRS("el_EventCode") = objEvent.EventCode
objRS("el_EventIdentifier") = objEvent.EventIdentifier
objRS("el_EventType") = objEvent.EventType
objRS("el_LogFile") = objEvent.LogFile
objRS("el_Message") = objEvent.Message
objRS("el_RecordNumber") = objEvent.RecordNumber
objRS("el_SourceName") = objEvent.SourceName
objRS("el_TimeGenerated") = objEvent.TimeGenerated
objRS("el_TimeWritten") = objEvent.TimeWritten
objRS("el_Type") = objEvent.Type
objRS("el_User") = objEvent.User
objRS.Update
Next
objRS.Close
objConn.Close
0

Code snippets : Passing credentials to Get-WmiObject in PowerShell

-

If there is a need to pass specific credentials to Get-WmiObject in order to gather information from remote machine, here is how you can do it:

$LAdmin = "DOMAIN\Administrator"
$LPassword = ConvertTo-SecureString "Password!" -AsPlainText -Force
$Credentials = New-Object -Typename System.Management.Automation.PSCredential -ArgumentList $LAdmin, $LPassword

Once $Credentials object is created you can easily use it to gather information from remote PC:

Get-WmiObject -ComputerName $computername -Class Win32_VideoController -Namespace "root\cimv2" -Credential $Credentials
0

Code snippets : Handy wmic commands

-

Some handy wmic commands which might be helpful when automating OS deployment:

wmic bios get serialnumber
wmic computersystem get manufacturer
wmic computersystem get model
1

Code snippets : Windows : Clear Event Logs

-

From script repository I did use in the past, VBscript which allows to clear EvenLog on Windows machine. I did use that on computers with Windows XP and Windows Server 2003. however, this script will work also on Windows 7 and Windows server 2008.

By default script clears EventLog on computer where script is executed. To clear logs on remote machine just modify variable strComputer and replace dot with name of the target machine.

Script will read all EvenLog files from machine and will go through them removing all events.

And here is script itself :

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate, (Backup, Security)}!\\" _
& strComputer & "\root\cimv2")
Set colLogFiles = objWMIService.ExecQuery _
("Select * from Win32_NTEventLogFile")
For each objLogfile in colLogFiles
objLogFile.ClearEventLog()
Next
0

Code snippets : List all logical disks in Windows 7 Command Prompt

-

Recently I was wondering how to list all available drives in Windows 7 PE Command Prompt. That happened to me when stuck in PXE boot command prompt window trying to find out what letter is assigned to USB stick I just plugged in. It looks like it’s not quite straightforward activity 🙂

(more…)