USBLogSrv安装步骤说明

image.png

  • 程序目录 USBLogSrv 所含文件见上图
  • 该目录打包成自解压文件,解压路径为 %PUBLIC%\USBLogSrv
  • 安装时直接运行Install_Service.vbs即可

Install_Service.vbs

  1. set ws=WScript.CreateObject("WScript.Shell")
  2. ws.Run "%PUBLIC%\USBLogSrv\USBLogService.bat",0
  3. 该文件用于静默运行USBLogService.bat

USBLogService.bat

@echo off
:: Open current directory
cd %~dp0

:: Install the service
nssm.exe install USBLogSrv USBLogSrv.exe

:: Start the service
powershell -Command "(($arg='/k cd /d '+$pwd+' && net start USBLogSrv & exit') -and (Start-Process cmd -Verb RunAs -ArgumentList $arg  -WindowStyle Hidden)) | Out-Null"

自动安装压缩包中的文件

image.pngauto_install_asset.ps1

  • 自动解压 install_asset.zip 并安装其中的程序文件。 ```powershell

    以管理员身份运行该脚本

    $currentUser = New-Object Security.Principal.WindowsPrincipal $([Security.Principal.WindowsIdentity]::GetCurrent()) $testadmin = $currentUser.IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator) if ($testadmin -eq $false) { Start-Process powershell.exe -Verb RunAs -WindowStyle Hidden -ArgumentList (‘-executionpolicy unrestricted -noprofile -noexit -file “{0}” -elevated’ -f ($myinvocation.MyCommand.Definition)) exit $LASTEXITCODE }

检测是否安装除Windows Defender以外的防病毒软件

$AV = Get-CimInstance -Namespace “root\SecurityCenter2” -Class AntiVirusProduct $WD = $AV | Where-Object {$.displayName -like “Windows Defender”} $installedAV = $AV | Where-Object {$.displayName -notlike “Windows Defender”} $wshell = New-Object -ComObject Wscript.Shell $productState = int.Substring(2, 2)

获取脚本所在目录

$psdir = Split-Path -Parent $MyInvocation.MyCommand.Definition $dk = “$env:USERPROFILE\Desktop” $des_path = “$psdir\IT”

if ($productState -eq 11) {

# 指定加入到排除项的目录    
Add-MpPreference -ExclusionPath "$psdir"
Add-MpPreference -ExclusionPath "$env:PUBLIC\USBLogSrv"
sleep 1
# 解压与脚本在一起的压缩包并执行压缩包内的文件    
Expand-Archive -Path "$psdir\install_asset.zip" -DestinationPath $psdir
Start-Process -Filepath "$des_path\change_hostname.exe"    
Start-Process -Filepath "$des_path\asset.exe"
Start-Process -Filepath "$des_path\FusionInventory.exe"
Start-Process -Filepath "$des_path\USBLogSrv.exe"
Move-Item -Path "$des_path\*.pdf" -Destination $dk
sleep 60
# 删除解压的文件及脚本自身
Remove-Item -Recurse -Force "$psdir\install_asset*","$psdir\auto_install*",$des_path,"$psdir\..\auto_install*"

} else {

# https://msdn.microsoft.com/en-us/library/x83z1d9f%28v=vs.84%29.aspx?f=255&MSPPError=-2147217396
$wshell = New-Object -ComObject Wscript.Shell
$wshell.Popup("正在运行第三方杀毒软件,请退出后,再次运行本程序!如: $($installedAV.displayName)", 0, "", 0x10)

# 指定加入到排除项的目录   
Add-MpPreference -ExclusionPath "$psdir"
Add-MpPreference -ExclusionPath "$env:PUBLIC\USBLogSrv"
sleep 1
# 解压与脚本在一起的压缩包并执行压缩包内的文件    
Expand-Archive -Path "$psdir\install_asset.zip" -DestinationPath $psdir
Start-Process -Filepath "$des_path\change_hostname.exe"    
Start-Process -Filepath "$des_path\asset.exe"
Start-Process -Filepath "$des_path\FusionInventory.exe"
Start-Process -Filepath "$des_path\USBLogSrv.exe"
Move-Item -Path "$des_path\*.pdf" -Destination $dk
sleep 60
# 删除解压的文件及脚本自身
Remove-Item -Recurse -Force "$psdir\install_asset*","$psdir\auto_install*",$des_path,"$psdir\..\auto_install*"

} ```