Arciwizacja logów przed restartem systemu

Question

AI zaproponowało taką archiwizację logów przed czyszczeniem systemu, 
 

# === USTAWIENIA ===
$dest = "D:\ARCHIWUM_LOGOW"
New-Item -ItemType Directory -Force -Path $dest | Out-Null

# === 1. LOGI EVENT VIEWER ===
$logs = @(
    "System",
    "Application",
    "Security",
    "Microsoft-Windows-Windows Defender/Operational",
    "Microsoft-Windows-WindowsUpdateClient/Operational",
    "Microsoft-Windows-User Profile Service/Operational",
    "Microsoft-Windows-Kernel-Boot/Operational",
    "Microsoft-Windows-Kernel-Power/Operational"
)

foreach ($log in $logs) {
    $safeName = $log.Replace("/", "_")
    wevtutil epl $log "$dest\$safeName.evtx"
}

# === 2. LOGI DEFENDERA ===
$defenderPath = "C:\ProgramData\Microsoft\Windows Defender\Support"
if (Test-Path $defenderPath) {
    Copy-Item $defenderPath "$dest\Defender_Support" -Recurse -Force
}

# === 3. LOGI DISM I SFC ===
Copy-Item "C:\Windows\Logs\DISM\dism.log" "$dest\dism.log" -ErrorAction SilentlyContinue
Copy-Item "C:\Windows\Logs\CBS\CBS.log" "$dest\CBS.log" -ErrorAction SilentlyContinue

# === 4. LOGI WINDOWS UPDATE ===
$wu1 = "C:\Windows\Logs\WindowsUpdate"
$wu2 = "C:\Windows\SoftwareDistribution"
if (Test-Path $wu1) { Copy-Item $wu1 "$dest\WindowsUpdate_Logs" -Recurse -Force }
if (Test-Path $wu2) { Copy-Item $wu2 "$dest\SoftwareDistribution" -Recurse -Force }

# === 5. LOGI STEROWNIKÓW ===
Copy-Item "C:\Windows\INF\setupapi.dev.log" "$dest\setupapi.dev.log" -ErrorAction SilentlyContinue
Copy-Item "C:\Windows\INF\setupapi.app.log" "$dest\setupapi.app.log" -ErrorAction SilentlyContinue

# === 6. LISTY PROCESÓW, USŁUG, STEROWNIKÓW, ZADAŃ ===
Get-Process | Out-File "$dest\procesy.txt"
Get-Service | Out-File "$dest\uslugi.txt"
driverquery /v > "$dest\sterowniki.txt"
schtasks /query /fo LIST /v > "$dest\zadania.txt"

# === 7. EKSPORT REJESTRU ===
reg export HKLM\SOFTWARE\Microsoft\Windows "$dest\reg_hklm_software.reg" /y
reg export HKCU "$dest\reg_hkcu.reg" /y

# === 8. KOPIA PROFILU UŻYTKOWNIKA (AppData) ===
$profile = "$env:USERPROFILE\AppData"
if (Test-Path $profile) {
    Copy-Item $profile "$dest\AppData" -Recurse -Force -ErrorAction SilentlyContinue
}

# === 9. LOGI SYSTEM32 ===
$logfiles = "C:\Windows\System32\LogFiles"
if (Test-Path $logfiles) {
    Copy-Item $logfiles "$dest\System32_LogFiles" -Recurse -Force -ErrorAction SilentlyContinue
}

# === 10. SMART DYSKU ===
wmic diskdrive get model,name,serialnumber,status > "$dest\smart.txt"

# === 11. PAKOWANIE DO ZIP ===
$zipPath = "D:\ARCHIWUM_LOGOW.zip"
if (Test-Path $zipPath) { Remove-Item $zipPath -Force }
Compress-Archive -Path $dest -DestinationPath $zipPath

Write-Host "Archiwizacja zakończona. ZIP znajduje się tutaj: $zipPath"

Czy się z tym zgadzacie, bo ja po prostu nie wiem,czy to jest ok?

A uruchomienie z X:dysku :

@echo off
echo ============================================
echo   ARCHIWIZACJA LOGOW SYSTEMU (WINRE)
echo ============================================

:: Tworzenie katalogu docelowego
mkdir D:\LOGI
mkdir D:\LOGI\winevt
mkdir D:\LOGI\Defender
mkdir D:\LOGI\Logs
mkdir D:\LOGI\SoftwareDistribution
mkdir D:\LOGI\Rejestr
mkdir D:\LOGI\AppData
mkdir D:\LOGI\System32_LogFiles

echo.
echo --- 1. Kopiowanie logow Event Viewer ---
xcopy C:\Windows\System32\winevt\Logs\* D:\LOGI\winevt\ /E /H /I

echo.
echo --- 2. Kopiowanie logow Windows Defender ---
xcopy "C:\ProgramData\Microsoft\Windows Defender\Support" D:\LOGI\Defender\ /E /H /I

echo.
echo --- 3. Kopiowanie logow DISM, SFC, Windows Update ---
xcopy C:\Windows\Logs\* D:\LOGI\Logs\ /E /H /I
xcopy C:\Windows\SoftwareDistribution\* D:\LOGI\SoftwareDistribution\ /E /H /I

echo.
echo --- 4. Kopiowanie rejestru offline ---
xcopy C:\Windows\System32\Config\* D:\LOGI\Rejestr\ /E /H /I

echo.
echo --- 5. Kopiowanie AppData uzytkownika ---
xcopy C:\Users\*\AppData\* D:\LOGI\AppData\ /E /H /I

echo.
echo --- 6. Kopiowanie logow systemowych (System32\LogFiles) ---
xcopy C:\Windows\System32\LogFiles\* D:\LOGI\System32_LogFiles\ /E /H /I

echo.
echo ============================================
echo   ARCHIWIZACJA ZAKONCZONA
echo   MBR/GPT NIE ZOSTALY ZGRANE (brak dd.exe)
echo   Mozesz dodac dd.exe na pendrive i uruchomic ponownie
echo ============================================
pause

Co o tym myślicie?

Answer 1

To by miało sens jakbyś wysyłał to archiwum do jakiejś bezpiecznej chmury.