1

I'm having a trouble implementing with my login script from domain where it calls another batch script from a local pc. The problem is that one of the Group Policy is to restrict Batch script from running and disabling cmd.exe. Is there a way to convert my batch script to vbscript where it uses nircmd.exe to capture screenshot every one minute? Below is my batch script being called by another script from my Domain.

echo > %cd%\Synch.tmp

if exist "%cd%\Synch Center" goto :create

MKDIR "%cd%\Synch Center"

MKDIR "%cd%\Synch Center\%USERNAME%"

attrib +r +h +s "%cd%\Synch Center"

:Create

MKDIR "%cd%\Synch Center\%USERNAME%"

attrib +r +h +s "%cd%\Synch Center\%USERNAME%"

:capture

cd /d c:\system
if not exist "%cd%\Synch Center\%USERNAME%" goto :create

Synchcenter.exe savescreenshotfull "%cd%\Synch Center\%USERNAME%\%USERNAME%-
capture-%date:~10,4%%date:~7,2%%date:~4,2%_%time:~0,2%%time:~3,2%.jpg"

attrib +r +h +s "%cd%\Synch Center\%USERNAME%\%USERNAME%-capture-%date:~10,4%
%date:~7,2%%date:~4,2%_%time:~0,2%%time:~3,2%.jpg"

timeout 60

if not exist "%cd%\synch.tmp" goto :exit

goto :capture

:exit

exit

I'm hoping for answers thank you in advance!!

Hackoo
  • 18,337
  • 3
  • 40
  • 70
Leojay Alfara
  • 43
  • 1
  • 5
  • With Nircmd i think yes .I made before a vbscript like that. I will look for it and i will share to you as soon as possible ! – Hackoo Feb 22 '16 at 09:49

1 Answers1

1

From this link

  1. First you must use an external tool named NirCmd where you can download it here http://www.nirsoft.net/utils/nircmd.html

    Direct Link for NirCmd (32 bits) and Direct Link for NirCmd (64 bits)

  2. Second UnZip the file and extract the file named : NirCmdc.exe : NirCmdc in Command Line and copy it in the same folder with this vbscript : Screenshot.vbs
  3. Finally Copy and paste this vbscript in your notepad with this name : Screenshot.vbs and test it by double click on it.

Edit : on 22/02/2016 @ 15:40 

Option Explicit
If AppPrevInstance() Then WScript.Quit()
Dim Ws,fso,Command,Resultat,NirCmdc,strCurDir,UserName,outputFolderPath,outputFilePath
Set Ws = CreateObject("WScript.Shell")
Set fso = CreateObject("Scripting.FileSystemObject")
strCurDir = Ws.CurrentDirectory
UserName = Ws.ExpandEnvironmentStrings("%USERNAME%")
outputFolderPath = strCurDir &"\Synch Center\"& UserName
If Not fso.FolderExists(outputFolderPath) Then
    SmartCreateFolder(outputFolderPath)
End If
Hide DblQuote(outputFolderPath)
outputFilePath= DblQuote(outputFolderPath & "\" & UserName &"_~$currdate.dd_MM_yyyy$-~$currtime.HH_mm_ss$.jpg")
command = "nircmdc.exe savescreenshot " & outputFilePath
Do
    Resultat = Ws.Run(Command,0,False)
    Pause(1) 'Sleep for 1 minute
Loop
'********************************************************************
Sub SmartCreateFolder(strFolder)
    Dim oFSO:Set oFSO = CreateObject("Scripting.FileSystemObject")
    If oFSO.FolderExists(strFolder) Then
        Exit Sub
    Else
        SmartCreateFolder(oFSO.GetParentFolderName(strFolder))
    End If
    oFSO.CreateFolder(strFolder)
    Set oFSO = Nothing    
End Sub
'********************************************************************  
Sub Pause(Min)
    WScript.Sleep(60 * 1000 * Min)
End Sub
'********************************************************************
Function DblQuote(Str)
    DblQuote = Chr(34) & Str & Chr(34)
End Function
'********************************************************************
Sub Hide(Folder)
    Dim Command,Result,Ws
    Set Ws = CreateObject("WScript.Shell")
    Command = "Cmd /C attrib +r +h +s "& Folder &""
    Result = Ws.Run(Command,0,True)
End Sub
'*****************************************************************************
Function AppPrevInstance()  
    With GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\.\root\cimv2")  
        With .ExecQuery("SELECT * FROM Win32_Process WHERE CommandLine LIKE " & CommandLineLike(WScript.ScriptFullName) & _
            " AND CommandLine LIKE '%WScript%' OR CommandLine LIKE '%cscript%'")  
            AppPrevInstance = (.Count > 1)  
        End With  
    End With  
End Function    
'******************************************************************************
Function CommandLineLike(ProcessPath)  
    ProcessPath = Replace(ProcessPath, "\", "\\")  
    CommandLineLike = "'%" & ProcessPath & "%'"  
End Function
'******************************************************************************
Hackoo
  • 18,337
  • 3
  • 40
  • 70
  • Hello Hackoo, Thank you for the answer although im still having a problem implementing the script. There's a dialog box from Windows script host displaying error: 0xFFFFFFFF. Another thing, I need to include current username to the filename being created by the screenshot, so that I can say who's doing malicious during working hours. But still thank you for the effort! – Leojay Alfara Feb 22 '16 at 12:04
  • @LeojayAlfara I will try to modify it as soon as possible ! – Hackoo Feb 22 '16 at 12:40