categorize, fix and extend windows log files cleanup
This commit is contained in:
undergroundwires
@@ -207,48 +207,136 @@ actions:
|
||||
del /q /s /f "%USERPROFILE%\Local Settings\Application Data\Apple Computer\Safari\Cache.db"
|
||||
del /q /s /f "%USERPROFILE%\Local Settings\Application Data\Safari\WebpageIcons.db"
|
||||
-
|
||||
category: Clear windows logs & caches
|
||||
category: Clear Windows logs & caches
|
||||
children:
|
||||
-
|
||||
name: Clear thumbnail cache
|
||||
recommend: false
|
||||
code: del /f /s /q /a %LocalAppData%\Microsoft\Windows\Explorer\*.db
|
||||
-
|
||||
name: Clear Windows log files
|
||||
category: Clear Windows log files
|
||||
children:
|
||||
-
|
||||
category: Clear Windows Update logs
|
||||
children:
|
||||
-
|
||||
name: Clear Windows update and SFC scan logs
|
||||
docs: https://answers.microsoft.com/en-us/windows/forum/all/cwindowslogscbs/fe4e359a-bcb9-4988-954d-563ef83bac1c
|
||||
recommend: true
|
||||
code: del /f /q %SystemRoot%\Temp\CBS\*
|
||||
-
|
||||
name: Clear Windows Update Medic Service logs
|
||||
recommend: true
|
||||
docs: https://answers.microsoft.com/en-us/windows/forum/all/what-is-this-waasmedic-and-why-it-required-to/e5e55a95-d5bb-4bf4-a7ce-4783df371de4
|
||||
code: |-
|
||||
takeown /f %SystemRoot%\Logs\waasmedic /r /d y
|
||||
icacls %SystemRoot%\Logs\waasmedic /grant administrators:F /t
|
||||
rd /s /q %SystemRoot%\Logs\waasmedic
|
||||
-
|
||||
name: Clear Cryptographic Services Traces
|
||||
recommend: true
|
||||
docs: https://www.thewindowsclub.com/catroot-catroot2-folder-reset-windows
|
||||
code: |-
|
||||
del /f /q %SystemRoot%\System32\catroot2\dberr.txt
|
||||
del /f /q %SystemRoot%\System32\catroot2.log
|
||||
del /f /q %SystemRoot%\System32\catroot2.jrs
|
||||
del /f /q %SystemRoot%\System32\catroot2.edb
|
||||
del /f /q %SystemRoot%\System32\catroot2.chk
|
||||
-
|
||||
name: Windows Update Events Logs
|
||||
recommend: false
|
||||
code: del /f /q "%SystemRoot%\Logs\SIH\*"
|
||||
-
|
||||
name: Windows Update Logs
|
||||
recommend: false
|
||||
code: del /f /q "%SystemRoot%\Traces\WindowsUpdate\*"
|
||||
-
|
||||
name: Clear Optional Component Manager and COM+ components logs
|
||||
recommend: true
|
||||
code: del /f /q %SystemRoot%\comsetup.log
|
||||
-
|
||||
name: Clear Distributed Transaction Coordinator logs
|
||||
recommend: true
|
||||
code: del /f /q %SystemRoot%\DtcInstall.log
|
||||
-
|
||||
name: Clear Pending File Rename Operations logs
|
||||
recommend: false
|
||||
code: del /f /q %SystemRoot%\PFRO.log
|
||||
-
|
||||
name: Clear Windows Deployment Upgrade Process Logs
|
||||
recommend: true
|
||||
code: |-
|
||||
del /f /q %SystemRoot%\Temp\CBS\*
|
||||
del /f /q %SystemRoot%\comsetup.log
|
||||
del /f /q %SystemRoot%\DtcInstall.log
|
||||
del /f /q %SystemRoot%\PFRO.log
|
||||
del /f /q %SystemRoot%\setupact.log
|
||||
del /f /q %SystemRoot%\setuperr.log
|
||||
del /f /q %SystemRoot%\Debug\PASSWD.LOG
|
||||
del /f /q %SystemRoot%\security\Traces\*.log
|
||||
del /f /q %SystemRoot%\security\Traces\*.old
|
||||
del /f /q %SystemRoot%\SoftwareDistribution\ReportingEvents.log
|
||||
del /f /q %SystemRoot%\Traces\CBS\*
|
||||
del /f /q %SystemRoot%\Traces\DISM\*
|
||||
del /f /q %SystemRoot%\Traces\NetSetup\*
|
||||
del /f /q %SystemRoot%\Traces\SIH\*
|
||||
del /f /q %SystemRoot%\Traces\waasmedic\*
|
||||
del /f /q %SystemRoot%\Traces\WindowsUpdate\*
|
||||
del /f /q %LOCALAPPDATA%\Microsoft\Windows\WebCache\*.log
|
||||
del /f /q /s %SystemRoot%\Microsoft.NET\Framework\*.log
|
||||
-
|
||||
name: Clear Windows Setup Logs
|
||||
recommend: true
|
||||
docs: https://support.microsoft.com/en-gb/help/927521/windows-vista-windows-7-windows-server-2008-r2-windows-8-1-and-windows
|
||||
code: |-
|
||||
del /f /q %SystemRoot%\setupapi.log
|
||||
del /f /q %SystemRoot%\Panther\*
|
||||
del /f /q %SystemRoot%\inf\setupapi.app.log
|
||||
del /f /q %SystemRoot%\inf\setupapi.dev.log
|
||||
del /f /q %SystemRoot%\inf\setupapi.offline.log
|
||||
del /f /q %SystemRoot%\Panther\*
|
||||
del /f /q %localappdata%\Microsoft\CLR_v4.0\UsageTraces\*
|
||||
del /f /q %localappdata%\Microsoft\CLR_v4.0_32\UsageTraces\*
|
||||
del /f /q %localappdata%\Microsoft\Windows\WebCache\*
|
||||
del /f /q %SystemRoot%\System32\catroot2\dberr.txt
|
||||
del /f /q %SystemRoot%\System32\LogFiles\WMI\*.etl
|
||||
del /f /q %SystemRoot%\System32\LogFiles\setupcln\*
|
||||
del /f /q %SystemRoot%\appcompat\Programs\Install\*
|
||||
del /f /q %SystemRoot%\SoftwareDistribution\DataStore\Traces\*.log
|
||||
del /f /q %SystemRoot%\Performance\WinSAT\winsat.log
|
||||
del /f /q %SystemRoot%\ServiceProfiles\LocalService\AppData\Local\Temp\*.log
|
||||
rd /s /q "%localappdata%\Microsoft\Windows\Traces"
|
||||
-
|
||||
name: Clear Windows System Assessment Tool logs
|
||||
recommend: true
|
||||
docs: https://docs.microsoft.com/en-us/windows/win32/winsat/windows-system-assessment-tool-portal
|
||||
code: del /f /q %SystemRoot%\Performance\WinSAT\winsat.log
|
||||
-
|
||||
name: Clear Password change events
|
||||
recommend: true
|
||||
code: del /f /q %SystemRoot%\debug\PASSWD.LOG
|
||||
-
|
||||
name: Clear user web cache database
|
||||
recommend: true
|
||||
docs: https://support.microsoft.com/en-gb/help/4056823/performance-issue-with-custom-default-user-profile
|
||||
code: del /f /q %localappdata%\Microsoft\Windows\WebCache\*.*
|
||||
-
|
||||
name: Clear system temp folder when noone is logged in
|
||||
recommend: true
|
||||
code: del /f /q %SystemRoot%\ServiceProfiles\LocalService\AppData\Local\Temp\*.*
|
||||
-
|
||||
name: Clear DISM (Deployment Image Servicing and Management) Logs
|
||||
recommend: true
|
||||
docs: https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/deployment-troubleshooting-and-log-files
|
||||
code: |-
|
||||
del /f /q %SystemRoot%\Logs\CBS\CBS.log
|
||||
del /f /q %SystemRoot%\Logs\DISM\DISM.log
|
||||
-
|
||||
name: Clear WUAgent (Windows Update History) logs
|
||||
recommend: false
|
||||
docs: https://social.technet.microsoft.com/Forums/ie/en-US/f5744a18-d4ca-4631-8324-878b9225251d/windowssoftwaredistribution-folder-cleanup-automation?forum=winserverwsus
|
||||
code: |-
|
||||
setlocal EnableDelayedExpansion
|
||||
SET /A wuau_service_running=0
|
||||
SC queryex "wuauserv"|Find "STATE"|Find /v "RUNNING">Nul||(
|
||||
SET /A wuau_service_running=1
|
||||
net stop wuauserv
|
||||
)
|
||||
del /q /s /f "%SystemRoot%\SoftwareDistribution"
|
||||
IF !wuau_service_running! == 1 (
|
||||
net start wuauserv
|
||||
)
|
||||
endlocal
|
||||
-
|
||||
name: Clear Server-initiated Healing Events Logs
|
||||
recommend: false
|
||||
code: del /f /q "%SystemRoot%\Logs\SIH\*"
|
||||
-
|
||||
name: Common Language Runtime Logs
|
||||
recommend: true
|
||||
code: |-
|
||||
del /f /q "%LocalAppData%\Microsoft\CLR_v4.0\UsageTraces\*"
|
||||
del /f /q "%LocalAppData%\Microsoft\CLR_v4.0_32\UsageTraces\*"
|
||||
-
|
||||
name: Network Setup Service Events Logs
|
||||
recommend: true
|
||||
code: del /f /q "%SystemRoot%\Logs\NetSetup\*"
|
||||
-
|
||||
name: Disk Cleanup tool (Cleanmgr.exe) Logs
|
||||
recommend: false
|
||||
code: del /f /q "%SystemRoot%\System32\LogFiles\setupcln\*"
|
||||
-
|
||||
name: Clear Windows temp files
|
||||
recommend: true
|
||||
@@ -264,7 +352,13 @@ actions:
|
||||
name: Clear Event Logs in Event Viewer
|
||||
recommend: false
|
||||
docs: https://serverfault.com/questions/407838/do-windows-events-from-the-windows-event-log-have-sensitive-information
|
||||
code: for /f "tokens=*" %%G in ('wevtutil.exe el') DO (wevtutil.exe cl %1 "%%G")
|
||||
code: |-
|
||||
REM https://social.technet.microsoft.com/Forums/en-US/f6788f7d-7d04-41f1-a64e-3af9f700e4bd/failed-to-clear-log-microsoftwindowsliveidoperational-access-is-denied?forum=win10itprogeneral
|
||||
wevtutil sl Microsoft-Windows-LiveId/Operational /ca:O:BAG:SYD:(A;;0x1;;;SY)(A;;0x5;;;BA)(A;;0x1;;;LA)
|
||||
for /f "tokens=*" %%i in ('wevtutil.exe el') DO (
|
||||
echo Deleting event log: "%%i"
|
||||
wevtutil.exe cl %1 "%%i"
|
||||
)
|
||||
-
|
||||
name: Clear credentials from Windows Credential Manager
|
||||
recommend: false
|
||||
|
||||
Reference in New Issue
Block a user