我在组策略里面启用了用户登陆审核策略,写了以下代码来查询指定天数之前的用户登陆记录。等号中间那段转换日期时间格式的代码总感觉有些臃肿,请问应该如何简化代码以提供执行效率呢?- Option Explicit
-
- Dim intIntervalDay, strLoginLog, strComputer, colLoggedEvents, objEvent
- Dim objShell, objFSO, objSWbemDateTime, objDstFile, objWMIService
-
- intIntervalDay=7 'How many days ago
- strLoginLog="C:\test\LoginList.log" 'Where to record the log
-
- Set objShell = CreateObject("WScript.Shell")
- Set objFSO = CreateObject("Scripting.FileSystemObject")
- Set objSWbemDateTime = CreateObject("WbemScripting.SWbemDateTime")
- Set objDstFile = objFSO.OpenTextFile(strLoginLog,8,True)
-
- strComputer = "."
- Set objWMIService = GetObject("winmgmts:" _
- & "{impersonationLevel=impersonate, (Security)}!\\" & strComputer & "\root\cimv2")
- Set colLoggedEvents = objWMIService.ExecQuery _
- ("Select * from Win32_NTLogEvent Where Logfile = 'Security' and EventCode = '528'")
- For Each objEvent in colLoggedEvents
- Dim dtmLocalTime, dtmEventTime, intDiffDay
- ' Wscript.Echo "Time Written: " & objEvent.TimeWritten
- ' Wscript.Echo "Computer Name: " & objEvent.ComputerName
- ' Wscript.Echo "Event Code: " & objEvent.EventCode
- ' Wscript.Echo "User: " & objEvent.User
- ' Wscript.Echo "Category: " & objEvent.Category
- ' Wscript.Echo "Message: " & objEvent.Message
- ' Wscript.Echo "Record Number: " & objEvent.RecordNumber
- ' Wscript.Echo "Source Name: " & objEvent.SourceName
- ' Wscript.Echo "Event Type: " & objEvent.Type
- ' =================================================
- objSWbemDateTime.Value = objEvent.TimeWritten
- dtmLocalTime = objSWbemDateTime.GetVarDate(true)
- dtmEventTime = CDate(dtmLocalTime)
- intDiffDay = DateDiff("d", dtmEventTime, Now)
- ' =================================================
- If (intDiffDay <= intIntervalDay) Then
- If (objEvent.User <> "NT AUTHORITY\NETWORK SERVICE") Then
- If (objEvent.User <> "NT AUTHORITY\LOCAL SERVICE") Then
- objDstFile.WriteLine objEvent.TimeWritten _
- & " " & objEvent.ComputerName _
- & " " & objEvent.EventCode _
- & " " & objEvent.User
- End If
- End If
- End If
- Next
- objDstFile.Close
- objShell.Run "notepad " & strLoginLog
复制代码
|