signed

QiShunwang

“诚信为本、客户至上”

vbs AD日志开启脚本nableKerbLog的脚本

2021/5/14 20:45:17   来源:
Dim wsObj
Set wsObj = CreateObject("Wscript.Shell")

' Add the LogLevel Value to Kerberos Key in Registry.
On Error Resume Next 
WScript.Echo "Enabling Kerberos Logging..."
wsObj.RegWrite "HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics\1 Knowledge Consistency Checker",3,"REG_DWORD"
wsObj.RegWrite "HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics\2 Security Events",3,"REG_DWORD"
wsObj.RegWrite "HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics\3 ExDS Interface Events",3,"REG_DWORD"
wsObj.RegWrite "HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics\4 MAPI Interface Events",3,"REG_DWORD"
wsObj.RegWrite "HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics\5 Replication Events",3,"REG_DWORD"
wsObj.RegWrite "HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics\6 Garbage Collection",3,"REG_DWORD"
wsObj.RegWrite "HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics\7 Internal Configuration",3,"REG_DWORD"
wsObj.RegWrite "HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics\8 Directory Access",3,"REG_DWORD"
wsObj.RegWrite "HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics\9 Internal Processing",3,"REG_DWORD"
wsObj.RegWrite "HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics\10 Performance Counters",3,"REG_DWORD"
wsObj.RegWrite "HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics\11 Initialization/Termination",3,"REG_DWORD"
wsObj.RegWrite "HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics\12 Service Control",3,"REG_DWORD"
wsObj.RegWrite "HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics\13 Name Resolution",3,"REG_DWORD"
wsObj.RegWrite "HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics\14 Backup",3,"REG_DWORD"
wsObj.RegWrite "HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics\15 Field Engineering",3,"REG_DWORD"
wsObj.RegWrite "HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics\16 LDAP Interface Events",3,"REG_DWORD"
wsObj.RegWrite "HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics\17 Setup",3,"REG_DWORD"
wsObj.RegWrite "HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics\18 Global Catalog",3,"REG_DWORD"
wsObj.RegWrite "HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics\19 Inter-site Messaging",3,"REG_DWORD"
wsObj.RegWrite "HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics\20 Group Caching",3,"REG_DWORD"
wsObj.RegWrite "HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics\21 Linked-Value Replication",3,"REG_DWORD"
wsObj.RegWrite "HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics\22 DS RPC Client",3,"REG_DWORD"
wsObj.RegWrite "HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics\23 DS RPC Server",3,"REG_DWORD"
wsObj.RegWrite "HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics\24 DS Schema",3,"REG_DWORD"
Set wsObj = Nothing 
WScript.Echo "-=[Complete!]=-"