Microsoft has a less known technology called HTA (HTML Application). Basically, it gives scripts a GUI front end using HTML notation. I have known HTA for years, but I never get around to try it. While I was thinking about writing a script to check running processes on a computer, I thought it would be nice if I can write it using HTA. Here is my experiment.
As a system administrator, I often need to check user’s machine for malicious programs. The manual process is like this. I open up Task Manager and look for anything I am not familiar. When I identify those suspicious processes, I then open up a web browser to check the processes. The two sites I use regularly are ProcessLibrary.com and Google. I need to enter the process name manually and the whole process is tedious.
The idea is this, I want to write a simple script to list all processes running on a computer. I want to present the results in an HTML table with links to ProcessLibrary and Google. If I need to check a particular process, I just click the corresponding link without manually entering the process name.
Before I began writing the script, I found one script from ScriptingGuys on MSN groups. The original script shows processes running on a local computer. I modified it so that it can check remote computers and I also added links to find process information on ProcessLibrary.com and Google.
Here is the link to the script. 
WordPress.com doesn’t allow upload of .hta file, so the file was uploaded as a word document file with .doc extension. Click the link and save the file as checkprocess.doc . Then change the name to checkprocess.hta , and you are ready to try it.
To run it, double click on the file just like the other applications. It brings up a window like this.
You can enter a remote computer name in the text box, or you can just click the Run Script button to check the local computer. It then fill out the lower part of the window with processes.
To check a particular process information, click on the Search links next to it. The application would bring up a browser with the search results.
I am playing around with WQL today. For a longest time, I couldn’t get this query to work.
Set colFiles = objWMIService.ExecQuery ("SELECT * FROM CIM_DataFile" & _
" WHERE Drive = 'c:' AND Extension = 'mdb' And Path = '\\windows\\' ")
Have you noticed anything wrong with the query? It’s the Path! I found that you need to use double back slash instead of single back slash. So, the correct Query should be like this.
Set colFiles = objWMIService.ExecQuery ("SELECT * FROM CIM_DataFile" & _
" WHERE Drive = 'c:' AND Extension = 'mdb' And Path = '\\\\windows\\\\' ")
Also, I found that if you have “!=” in your query, the query runs very very slowly.
Someone at the newsgroup asked this question. This is the VBScript that I wrote to accomplish this.
Dim objExcel
Set objExcel = WScript.CreateObject("Excel.Application")
objExcel.Visible = TRUE
objExcel.Workbooks.Open "C:\\bintest.xls"
objExcel.Workbooks(1).Activate
objExcel.Workbooks(1).Worksheets(1).Range("A1").Select
Dim sLinkAddress
sLinkAddress = "http://www.google.com"
objExcel.Workbooks(1).Worksheets(1).Hyperlinks.Add _
objExcel.Selection, sLinkAddress
objExcel.Workbooks(1).SaveAs "C:\\bintest.xls"
objExcel.Quit
set objExcel = nothing
Function Found(strTarget, strPattern)
Dim regEx
Set regEx = New RegExp
regEx.Pattern = strPattern
regEx.IgnoreCase = False
Found = regEx.Test(strTarget)
set regEx = Nothing
End Function
dtDate = "5/2/2005"
strSearchFolder = "C:Windows"
Set objFSO = CreateObject("Scripting.FileSystemObject")
WScript.Echo "File(s) last accessed on: " & dtDate & " in: " & strSearchFolder
EnumAndCheckFiles objFSO.GetFolder(strSearchFolder), dtDate
Sub EnumAndCheckFiles(objFolder, dtDate)
Set objFiles = objFolder.Files
For Each objFile in objFiles
CheckFile objFile, dtDate
Next
For Each objSubfolder in objFolder.SubFolders
EnumAndCheckFiles objSubfolder, dtDate
Next
End Sub
Sub CheckFile(objFile, dtDate)
If DateDiff("d", objFile.DateLastAccessed, dtDate) = 0 Then
WScript.Echo objFile.Path
End if
End Sub
