I am attempting to write a batch script to delete a registry key for a user profile. The user profile will always have the same name, but the key is different for every computer and increments each time the username is created, even though the previous one was deleted.
I'm guessing that it would require some type of for loop to identify the key value for the ProfileImagePath as C:\Users\Username.
I know wildcards don't work so reg delete 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-*' /f won't work.
I'm aware of some PS scripts that can do this, but I would like to keep this in a batch file.
Here's a single line example of the methodology I'd suggest, (which will not become obsolete when WMIC.exe is removed from Windows 11).
#For /F "EOL= Delims=" %%G In ('%SystemRoot%\System32\reg.exe Query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" /S /F "C:\Users\Username" /D /E 2^>NUL ^| %SystemRoot%\System32\find.exe "S-1-5-21-"') Do #%SystemRoot%\System32\reg.exe Delete "%%G" /V "ProfileImagePath" /F 1>NUL 2>&1
Please take account of my commented advice too.
Related
so ive been searching for the solution to this problem for awhile now, everywhere i look everyone just says "set the compsec to point to cmd"...which is super helpful cause no one actually even says how to do that.
but when i open cmd, and type "Set" and hit ENTER, it shows ComSpec=C:\Windows\system32\cmd.exe
I checked there and sure enough, cmd.exe is in there, it works just fine. But for/f still closes before performing any operation.
How do I fix this?
#echo off
for /f "tokens=2*" %%a in ('dir /b /s findstr "Find Me Testing"') do set "AppPath=%%~b"
set "AppPath=%AppPath%"
echo %AppPath%
for /f "tokens=2*" %%a in ('dir /b /s /a-d ^| findstr "Find Me Testing"') do set "AppPath=%%~b"
set "AppPath=%AppPath%"
echo %AppPath%
pause
for /f "usebackq" %a in ('dir /b /s /a-d ^| findstr "To Be Deleted.me"') do set fileLocation=%~pa
echo %fileLocation%
pause
pause
stop
pause
wait 50
As you can see I've been testing various methods of doing what I want.
I lay good odds that your problem is with the cmd.exe autorun feature.
If you open a command session and enter cmd /?, then at about the 5th paragraph you will see the following:
If /D was NOT specified on the command line, then when CMD.EXE starts, it
looks for the following REG_SZ/REG_EXPAND_SZ registry variables, and if
either or both are present, they are executed first.
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\AutoRun
and/or
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun
I'd be willing to bet that one of those two registry settings is set to a command or script that is causing your problem. Edit your registry and remove those settings, and your problem should go away.
You can see a similar story about a user having trouble with FOR /F at https://blogs.msdn.microsoft.com/oldnewthing/20071121-00/?p=24433.
The FOR /F command executes your commands within your IN('....') clause via a new cmd.exe process, and that process will always run any autorun setting that may be present. Unfortunately it is impossible to disable this FOR /F "feature" - I think this is a horrible design flaw.
Windows pipes also use child cmd.exe processes - one for each side of the pipe. But the pipe instantiation of cmd.exe includes the /D option, so autorun is disabled. You can see this by running the following command from the command line:
echo %^cmdcmdline% | findstr "^"
On my machine it produces the following:
C:\WINDOWS\system32\cmd.exe /S /D /c" echo %cmdcmdline% "
Now do the equivalent with FOR /F (on a healthy machine)
for /f "delims=" %a in ('echo %^cmdcmdline%') do #echo %a
My machine produces:
C:\WINDOWS\system32\cmd.exe /c echo %cmdcmdline%
No /D option :(
Hello People of StackoverFlow,
I am trying to query the follow registry location(every folder in here)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
In there are random numbers like so:
{071c9b48-7c32-4621-a0ac-3f809523288f}
In each of these random numbers, I need to check if the key 'DisplayName' that is in each of these locations contains a certain text, lets say 'OverFlow'.
I've done some querys but not like this, if anyone can help that would be great!
EDIT: I've made some progress but am encountering a problem( I have done alot of research...)
Below is what I have so far:
#echo off
setlocal
:RemoveCVCP
set PythonReg=
for /f "tokens=1" %%A in ('reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall /s /v "DisplayName" ^| find "Python"') do set "PythonReg=%%A"
if %ERRORLEVEL% neq 0 (
GOTO RemovePyCP)
echo %PythonReg%
endlocal
pause
What I'm trying to do is loop through 'KLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall', and look at the 'DisplayName' key, if the data contains 'Python' then delete it. and keep going till there are no longer any more.
Right Now I am testing this with an echo, but it will evetually delete it.
(I'm just using python as an example, I have already removed everything else that is related to the software I'm trying to remove, this is the last location.)
Thanks, Michael
First, list all values that contain python, two lines will be printed for each entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E43BBAEB-4914-44C6-88C0-E7A1DBD20A91}
DisplayName REG_SZ Some application title with python in its name
then delete those keys where the printed value name is DisplayName:
#echo off
setlocal enableDelayedExpansion
for /f "tokens=1,2*" %%A in ('^
reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall /s /d /f "python"^
') do (
if "%%A"=="DisplayName" (
echo Deleting %%C
reg delete !key! /f
) else (
set str=%%A
if "!str:~0,4!"=="HKEY" set key=%%A
)
)
pause
This code assumes there are no spaces in the key name.
First time posting so go easy on me. :)
I need to delete a registry that begins with 'MikePike' for example.
It needs to check if anything that has this in its name, because 'MikePike' will contain numbers after it, in no specific order. I cant just delete 'MikePike' because it would be different every time.
This needs to be done in a .bat file as I'm trying to make my teams' job easier, and we cannot install any additional software.
I did look at using wildcards but not sure if you can use this for registry edits.
Below is a snippet of what I have in my .bat:
`REGEDIT4
REGEDIT.EXE /E C:/rs-pkgs/REGTEST.REG
REGEDIT.EXE /E c:/rs-pkgs/SEARCHREG.REG
#echo off
pushd "%temp%"
makecab /D RptFileName=~.rpt /D InfFileName=~.inf /f nul >nul
for /f "tokens=3-7" %%a in ('find /i "makecab"^<~.rpt') do (
set "current-date=%%e%%b%%c"
set "current-time=%%d"
set "weekday=%%a"
set "dateandtime=%%e%%b%%c-%%d
)
del ~.*
popd
echo Todays date is the following: %weekday% %current-date% %current- time%
rename C:\rs-pkgs\REGTEST.REG %current-date%.REG
reg delete HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\GxEvMgrC(Instance001) /f
reg delete HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\GxClusPlugIn (234435) (7532)'
The last reg key will have random numbers in it, I have hit brick wall... :(
Any help is greatly appreciated, and will save countless hours :D
Thanks, Michael
#echo off
for /f %%a in ('
reg query "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services" ^|
find "GxClusPlugIn"
') do (
set "regs=%%a"
)
echo %regs%
reg delete "%regs%"
I'm trying to delete certain registry values. I've used the code (by "rojo").
This code works perfectly if you define the exact key. For example, I want to delete Logon.vbs from the Run key. If I also want to delete Logoff.vbs, it seems I cannot use *.vbs to delete those two. How would I do that (deleting multiple keys with the same extension)?
A related question is how to delete a key that holds certain data. For example, I have a key named Logon which contains data to C:\Windows\Logon.vbs. I want that key deleted as well. When using the example above, this did not work.
I have permission(s) on those keys, so that's not the issue. What am I missing or doing wrong?
As an example I've provided a screenshot where example (1) is represented by the red color and (2) by blue. Screenshot:
The code in my first example would look like:
#echo off
setlocal
set "DisableScripts=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
rem get only the first token of each line of "reg query"
for /f %%I in (
'reg query "%DisableScripts%"'
) do (
echo(%%I | findstr /i "Logon.vbs" >NUL && (
rem (if "findstr" didn't exit with an abnormal error code)
echo Deleting item %%I
reg delete "%DisableScripts%" /v "%%I" /f
)
This deletes the key "Logon.vbs" just fine. However, I also want to delete "Logoff.vbs". I have tried with "*.vbs", but to no avail.
The code above does also not delete the "Script" value where the Data contains Logon.vbs. I suppose I would somehow have to use the /d switch for that...
Code for the first example:
for /f %%a in ('reg query "%DisableScripts%" /s^|findstr /ic:"\.vbs "') do echo reg delete "%DisableScripts%" /v "%%~a" /f
Code for the second example:
for /f %%a in ('reg query "%DisableScripts%" /s^|findstr /eic:"C:\\logon\.vbs"') do echo reg delete "%DisableScripts%" /v "%%~a" /f
Please note the Regex expressions "\.vbs " and "C:\\logon\.vbs". Use a command line with administrator permissions.
Okay, so I'm not sure how I missed this. Of course you have to append % .... Below the code to delete all VBS files under the \Run key:
#echo off
setlocal
set "DisableScripts=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
rem get only the first token of each line of "reg query"
for /f %%I in (
'reg query "%DisableScripts%"'
) do (
echo(%%I | findstr /i "%*.vbs" >NUL && (
rem (if "findstr" didn't exit with an abnormal error code)
echo Deleting item %%I
reg delete "%DisableScripts%" /v "%%I" /f
)
(
I'll be checking later on how to delete certain data from the Data field and post back here.
I'm trying to query a particular registry folder (or whatever you want to call it) to obtain some information.
Particularly the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall folder contains a list of installed software.
The issue is that each software is identified through a random key value like {0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D} instead of the actual software (like Skype).
This makes it hard to find the Skype identifier because I need to loop through everything inside this Uninstall folder and check whether the DisplayName value corresponds to Skype (or whatever other application name).
I need to use batch syntax... this is what I have so far but it doesn't behave the same on different computers, maybe I get different variables assigned based on some erroneous formatting of the reg output? I don't know. Can I use a data structure to contain whatever reg outputs? Anything would work.
#echo off
for /f "tokens=*" %%a in ('reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall') do (
for /f "tokens=2,* delims= " %%b in ('reg query %%a /v Publisher') do (
IF "%%c" == "Skype Technologies S.A." (
for /f "tokens=2,* delims= " %%d in ('reg query %%a /v UninstallString') do (
echo %%e
)
)
)
)
Is there a cleaner and safer way to achieve this in batch?
It seems me more easy to use
reg QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall /f "Skype Technologies S.A." /s
as a basis for your batch file. It produces a simple output like following
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D103C4BA-F905-437A-8049-DB24763BBE36}
Publisher REG_SZ Skype Technologies S.A.
End of search: 1 match(es) found.
This batch loop through items under the Uninstall key and search for the defined software name e.g. Skype. Once it located the software and the full key, it will then use it to search and print out DisplayName and UninstallString as shown in Output below.
Note:
For some software e.g. Skype, Notepad++ the key may not contain a GUID e.g. {BEB5FB69-4080-466F-96C4-F15DF271718B}. This batch is able to find software with or without a GUID
It can return multiple software if the name is too short
Use %x86GUID% variable to search 32 bit software and %x64GUID% for 64 bit software
.
#echo off
setlocal ENABLEDELAYEDEXPANSION
set SoftwareName=Skype
set x86GUID=HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall
set x64GUID=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
REM It's faster to first locate the software GUID, then search it's Name, Version & UninstallString
for /f "delims=" %%P in ('reg query "%x86GUID%" /s /f "%SoftwareName%" 2^>nul ^| findstr "Uninstall\\%SoftwareName% Uninstall\\{"') do (
echo %%P
for /f "tokens=2*" %%A in ('reg query "%%P" /v "DisplayName" 2^>nul ^|findstr "DisplayName"') do echo Found: %%B
for /f "tokens=2*" %%A in ('reg query "%%P" /v "UninstallString" 2^>nul ^|findstr "UninstallString"') do echo %%B
)
endlocal
Output
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Skype_is1
DisplayName: Skype version 8.64
UninstallString: "C:\Program Files (x86)\Microsoft\Skype for Desktop\unins000.exe"