I need to verify if a chrome extension is installed or not installed on remote computers.
Extension id is unique value like that "234aljksdfklja3idffklsasf".
I need to search "HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings"
direction for extension id "234aljksdfklja3idffklsasf"
How to do that?
i think i will use code below but i need some help
WMIC /NameSpace:\root\default Class StdRegProv ....
Instead of WMIC, you should use the REG cmd, it's made to do this.
The HKCU is whatever the user running the command's registry key is.
Reg allows you to load and check the registry keys of any users not just the one running the command, even users who have not logged in since the last reboot.
Since this is a chrome extension you may need to check every used on the system to see if each has it enabled individually.
Alternatively there is probably an HKLM key that corresponds to the extension being installed, if all you want to know is if it's present at all so it can be removed.
Reg also allows you to query your computers through the network.
One issue you will have if you need to check every user's registry for the key is you need to know what the user's SIDs present on the systen are.
This is findable by querying HKLM, but I am on mobile and can't recall how without getting on my computer later to do this.
Alternatively you can also just load the reg hive file by looping the fire tory structure of the remote machine and loading each user.dat file through the reg command which is much simpler but then the code must execute on each remote machine through a login script or GPO script push.
Basically you can use reg in this manner on a local machine to check the reg of the user you are running as (HKCU)
(reg query "HKCU\SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings" /s | FIND /I "234aljksdfklja3idffklsasf") && Echo.FOUND 234aljksdfklja3idffklsasf
Of course to run on another computer it's fairly simple to do, but HKCU will be the reg of the admin user you ran the command as with access to that other system, or you can try HKLM to see if that setting exists on the local machine key, which the following checks HKLM instead.
(reg query \\[Computer_Name_or_IP_Address]\hklm\SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings /s | FIND /I "234aljksdfklja3idffklsasf") && Echo.FOUND 234aljksdfklja3idffklsasf
You could loop a set of computer names/IPs and check each using the above command inside the loop like so:
FOR %A IN (
Computer_A
192.168.12.13
192.168.12.31
Computer_C
) DO (
(
reg query \\%~A\hklm\SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings /s | FIND /I "234aljksdfklja3idffklsasf"
) && Echo.%~A -- FOUND 234aljksdfklja3idffklsasf || ECHO.%~A -- Key Not Found!
)
If you need to check the actual HKCU of every used on the system then you need to load each reg hive on the system and check it, this is true if you use WMIC as well, and Reg is faster.
From the MS reg page:
reg query <KeyName> [{/v <ValueName> | /ve}] [/s] [/se <Separator>] [/f <Data>] [{/k | /d}] [/c] [/e] [/t <Type>] [/z]
i got one more solution to this situation. But only works if extension is packed. Btw this solution also doesnt solve my problem because my extension is unpacked.
Packeted extensions are stored "AppData\Local\Google\Chrome\User Data\Default\Extensions".
wmic /node:remoteip datafile where "name='C:\Users\username\AppData\Local\Google\Chrome\User Data\Default\Extensions\extensionid\1.0.4_0\manifest.json'"
if extension installed command returns manifest.json file specs.
I got the solution;
wmic /node:ipaddr /NAMESPACE:"\\root\DEFAULT" class stdregprov call GetStringValue ^&H80000001,"SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings","extensionid"
On localhost, it works but on remote computers access denied.
Related
I am working on an application that requires my users to share their fully-qualified-domain-name of their windows machine.
To help my users to extract their machine's FQDN, I want to share simple command line steps that they can copy/paste and execute on their terminals to get the result.
I was thinking of below command to extract local machine's FQDN:
echo %COMPUTERNAME%.%USERDNSDOMAIN%
But there are few problems of this command.
It gives output in ALL CAPS. (I can live with it)
It gives incorrect output if the variable is not set.
For example:
If USERDNSDOMAIN value is not set, then, you'll get following output:
echo %COMPUTERNAME%.%USERDNSDOMAIN% //<- Run this on cmd prompt
ClientComputerName.%USERDNSDOMAIN% //<- wrong output: Notice '%USERDNSDOMAIN%' is appended in o/p
Is there any way to stop echoing a variable if it's value is not set?
Please note that I want to extract "fully qualified domain name" of my windows machine through CMD prompt only.
You can get the FQDN name using PowerShell.
=== Get-FQDN.bat
#ECHO OFF
FOR /F %%A IN ('powershell -NoLogo -NoProfile -Command ^
"([System.Net.Dns]::GetHostByName($Env:COMPUTERNAME)).HostName"') DO (
SET "THEFQDN=%%A"
)
ECHO %THEFQDN%
If you have multiple users, then you surely have some way to get programs and batch files installed on them. Once this batch file script is installed into a directory on the user's PATH, it is a one-line command.
Get-FQDN
1st, please note that the "USER DNS Domain" is NOT the domain the computer is joined to, it is the domain the USER who is logged in belongs to.
If you log in as a user from a trusted domain, or a child or parent domain, then it will display that domain.
So, if you log in as a LOCAL account it will be blank (likely you are running into this)
There is a fairly simple way to get the actual computer domain however, by using NLTest. (For the like of me I could never figure out why Microsoft didn't pre-populate a variable with this info.)
At the CMD Line simply dump this into the command prompt (I believe you will need to run with admin privileges but I haven't tested):
FOR /F "tokens=3" %_ IN ('nltest /DOMAIN_TRUSTS /PRIMARY ^|FIND /I "0:"') DO #(ECHO.%COMPUTERNAME%.%_)
The result will be in all caps because that is how Microsoft displays this info.
Here is an example output:
MYLAPTOP.USERS.MYDOMAIN.LOCAL
But on-re-read you want something the users know how to do themselves, so ymmv if you could just send a reference email, or hand it to them each time they need it.
If you just wan this info and other info easily available you could use BGInfo or other options like that to set the desktop background.
Alternatively you could change the logon scripts to generate a simple text file with all the info each time the user logs on, and placed in a certain folder you tell them to look in.
I searched all over and haven't found this answer yet.
I have a script to set up user accounts and windows customizations for new or reimaged computers. I'm mapping drive via a RUNONCE registry entry, and I'm having trouble. This local network is a Workgroup, not a domain, all PC's running Win7Pro or Win10Pro. The office manager's PC is the local file server, and I'm attempting to map a drive to it from the other computers.
Here is the portion of the RUNONCE batch file I'm having an issue with:
:PROMPTFORPMHOSTNAME
ECHO This PC was identified during InitialSetup as a Leasing Office PC.
ECHO This PC's Host Name is %computername%.
ECHO.
SET /P PMHOSTNAME="Enter the Property Manager PC Hostname: "
:MAPDRIVE
ECHO - Map M Drive
NET USE M: /delete >nul 2>&1
NET USE M: \\%PMHOSTNAME%\Data >nul 2>&1
NET USE M: \\%PMHOSTNAME%\Data /user:%computername%\[username] [password] /persistent:yes
NET USE /persistent:yes >nul 2>&1
TIMEOUT /T 5 /NOBREAK >nul 2>&1
In my scenario, the initial script uses a local admin account to create a user account via NET USER, then places the RUNONCE in the registry. After a reboot, I enter the newly created account, and the RUNONCE runs as planned.
The issue is that the RUNONCE is being run as administrator. So when it mapped the drives, it does so under the administrator-level and not the user-level. It says that the drive has been mapped successfully, but it doesn't show up.
I'm able to replicate this by running CMD in two instances, once as admin, and once as user. When I map the drive as admin, it says it's successful and doesn't show up in Explorer. When I map the drive as user, it's successful and shows as it should.
So I need to know how to get the RUNONCE to run as the logged in user so this mapped properly. Or show what in the hell I'm doing wrong and what I'm missing that should be obvious and just isn't given my current level of frustration. :P
Thanks so much everyone! I really appreciate your help in advance. :)
Persistent network drive mappings are always registered by Windows per user account and the network drives are connected only when the user logs in and are automatically disconnected on user logs out.
There are two RunOnce registry keys as described by the Microsoft documentation page Run and RunOnce Registry Keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
On 64-bit Windows there are even two more RunOnce keys as above are for 64-bit applications and below are for 32-bit applications which does not matter for this task:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
It is no good idea to use HKLM or HKCU of the administrator account on using the administrator account to register the batch file to be executed once for persistent mapping the share to drive letter M.
Better would be registering the batch file under
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
And the batch file uses reg delete for deleting itself from
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
But this works only if the user account on which the persistent drive mapping should be done once is not already created when registering the batch file in default user account registry hive.
I would be also possible not using RunOnce at all and create instead a shortcut (*.lnk) file in the directory read from registry with reg query from value Startup under registry key
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
And the batch file on execution deletes the shortcut file in the startup directory of the current user account, i.e. in directory read from registry with reg query from value Startup under registry key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
This approach, also working only with user account on which to execute the batch file does not already exist, is perhaps even better than running the batch file via RunOnce as the shortcut file can contain properties like window height and width suitable for this task.
By the way: The command line
NET USE M: \\%PMHOSTNAME%\Data /user:%computername%\[username] [password] /persistent:yes
is enough to create the drive mapping and enable persistent saving of all network drive connections in registry for current user account. The line above and the line below this line are counterproductive in worst case.
Please note that the option /PERSISTENT:YES changes the registry value SaveConnections under registry key HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Network\Persistent Connections to the string value yes which results in remembering from now on all network connections under registry key HKEY_CURRENT_USER\Network. The option /PERSISTENT:YES can be omitted if the registry value SaveConnections has already the string value yes on using NET USE to create the network connection and store it in Windows registry hive for current user.
For the deletion use:
%SystemRoot%\System32\net.exe USE M: /DELETE /YES 2>nul
It is better to specify in a batch file external Windows commands like NET with their fully qualified file names for a more fail-safe and faster execution because in this case the Windows command processor does not need to search for the file with name net in current directory and next in one directory after the other listed in value of environment variable PATH having a file extension listed in value of environment variable PATHEXT.
I have a PLC running windows embedded standard where I make some installations and modifications specific to my company's software as part of our installation process (which is all manual today). I'm now in the process of automating this procedure.
I want to set the Date and time properties->internet time server to pool.ntp.org through a batch file or similar. The command
w32tm
is not recognized.
I've tried using the command
net time /setsntp:pool.ntp.org
which returns
the command completed succefully..
Using the command
net time /querysntp
also returns
The current SNTP value is: pool.ntp.org
The command completed successfully.
But these changes are not reflected when I manually check them under Date and time properties->internet time server, not even after a restart. So I'm left wondering if the command I'm using is actually working? Is there another way to accomplish this?
EDIT:
The following .bat file works. The changes in the registry alone only added the server to the list and made it default but it didn't enable syncing.
REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\Servers /v "0" /t REG_SZ /d "pool.ntp.org" /f
REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\Servers /ve /d "0" /f
NET TIME /setsntp:pool.ntp.org
Have a look in regedit under the following path;
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\Servers
Add your server(s) into that folder as String Values - or you could modify the default MS provided ones if you prefer. Check what you 'default' server is (mine shows as 0) as that's the one Windows will use first, and put at the top of the list in the time settings.
If you delete the default MS servers and add your own ensure you have at least 2 servers in the list or when you try & access the 'Time & Date' setting / Internet time setting tab within the clock it will crash and never display the list.
If you want to configre any special ntp options then have a look at this path;
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time
Restart the 'Windows Time' service and you should be good to go. There is no reason you couldn't script this either through a .bat or power shell.
I am working with our End User Computing team to automate our domain migrations. We are using a method that involves changing permissions (including "Replace permission entries on all child objects with entries shown here that apply to child objects") on the local user folder and HKCU in regedit.
I was able to automate most of the steps with a simple batch script. For the local folder permissions I used icacls:
icacls C:\Users\%localprofile% /grant %domainuser%#contoso.com:(OI)(CI)F /T
And for the registry I used SetACL:
"C:\Win7ProfileTool\SetACL\64 bit\SetACL.exe" -on "hkcu" -ot reg -actn ace -ace "n:%domainuser%#contoso.com;p:full"
"C:\Win7ProfileTool\SetACL\64 bit\SetACL.exe" -on "hkcu" -ot reg -actn setprot -op dacl:np;sacl:np
If I follow the method manually, it works without a problem. When I run my script I get an error about not loading the profile (and a temp created / booted).
I believe I have narrowed it down to my 2 SetACL lines, but I don't know exactly what parameters are needed to emulate "Replace permission entries on all child objects with entries shown here that apply to child objects."
My googlefu led me to an icacls solution that can't be used in RegEdit and I've been poking around on SetACL's help page (specifically the set-protection-flags, but I'm not sure of the "protection" value)
Today I plan on taking a look into the Reset Children flag - but I'm not sure if I'm even on the right path.
tl;dr How do I emulate the Advanced Security tab checkbox "Replace permission entries on..." via CMD using SetACL.
I'm running setacl over batch file to set registry and it works like a charm. Maybe the way you command causing trouble. The way I use (with admin privileges)
setacl.exe -on "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.%vfilext%\UserChoice" -ot reg -actn clear -clr dacl -silent
To be more specific and failproof. The version I use is 3.0.6 from this page
Googling has yielded three methods of running a script at login so far:
Putting it into startup folder
Add a task to the task scheduler
Add it to the logon script in the group policy manager
Unfortunately, the software that I am using to configure VMs runs windows setup again in order to apply its settings to the VM after creating a clone of the template. This process seems to remove the changes to those areas. So, are there any other methods to set a script to run at logon?
There is a method through the Windows Registry.
The keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run - Runs programs for all users.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run - Runs programs for current user.
To make a script run using these registry keys, you just need to create a REG_SZ value inside them, its values must contain the path to the script. The value name doesn't matters.
You can check the values using Windows Registry Editor (Regedit.exe) or using reg query command:
reg query HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
You can also make these values using reg add command:
reg add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v ValueName /t REG_SZ /d Path_to_script
You will need administrative privileges to add values.