Changing dword value in HKEY_USERS - vbscript

I've been trying to use VBScript to change a DWORD Value in HKEY_USERS. It can find the value and tell me what it is, but it will not change the value.
Const HKEY_USERS = &H80000003
strComputer = "."
Set oReg = GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv")
strKeyPath = ".DEFAULT\Software\Microsoft\Office\Outlook\Addins\Flowscape.Outlook.AddIn"
strValueName = "LoadBehavior"
oReg.SetDWORDValue HKEY_USERS, strKeyPath, strValueName, 3
If Err = 0 Then
oReg.GetDWORDValue HKEY_USERS, strKeyPath, strValueName, dwValue
WScript.Echo "HKEY_USERS\...\LoadBehavior is set to " & dwValue
Else
WScript.Echo "Error changing dword value" & Err.Number
End If
This other script for changing DWORD Value in HKEY_CURRENT_USER works fine.
Const HKEY_CURRENT_USER = &H80000001
strComputer = "."
Set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _
strComputer & "\root\default:StdRegProv")
strKeyPath = "Software\Microsoft\Office\Outlook\Addins\Flowscape.Outlook.AddIn"
strValueName = "LoadBehavior"
oReg.SetDWORDValue HKEY_CURRENT_USER, strKeyPath, strValueName, 3
If Err = 0 Then
oReg.GetDWORDValue HKEY_CURRENT_USER, strKeyPath, strValueName, dwValue
WScript.Echo "HKEY_CURRENT_USER\...\LoadBehavior set to " & dwValue
Else
WScript.Echo "Error changing dword value" & Err.Number
End If

Related

Read Windows Registry value into array

I have to read Windows Registry value into array in VBA. Value has type REG_MULTI_SZ.
Const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set objReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _
strComputer & "\root\default:StdRegProv")
strKeyPath = "SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages"
strValueName = "Sources"
Return = objReg.GetMultiStringValue(HKEY_LOCAL_MACHINE, strKeyPath, _
strValueName, arrValues)
If (Return = 0) And (Err.Number = 0) Then
'Treat the multistring value as a collection of strings
'separated by spaces and output
For Each strValue In arrValues
WScript.Echo strValue
Next
Else
WScript.Echo "GetMultiStringValue failed. Error = " & Err.Number
End If
It gives an error with number 0 and no description. Any clue?
According to your screenshot your key is "Authentication Packages", not "Sources".
Change this:
strKeyPath = "SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages"
strValueName = "Sources"
into this:
strKeyPath = "SYSTEM\CurrentControlSet\Control\Lsa"
strValueName = "Authentication Packages"
It was a simple error. The working code is here.
const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set objReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\"& strComputer & "\root\default:StdRegProv")
strKeyPath = "SYSTEM\CurrentControlSet\Control\Lsa"
strValueName = "Authentication Packages"
Return = objReg.GetMultiStringValue(HKEY_LOCAL_MACHINE,strKeyPath, strValueName,arrValues)
WScript.Echo "GetMultiStringValue. Return = " & Return
If (Return = 0) And (Err.Number = 0) Then
' Treat the multistring value as a collection of strings
' separated by spaces and output
For Each strValue In arrValues
WScript.Echo strValue
Next
Else
Wscript.Echo "GetMultiStringValue failed. Error = " & Err.Number
End If

vbscript issue for removing trusted site

I have a script to add the trusted sites to IE.
Const HKEY_CURRENT_USER = &H80000001
strComputer = "."
Set objReg=GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv")
strKeyPath = "Software\Microsoft\Windows\CurrentVersion\Internet Settings\" _
& "ZoneMap\Domains\" & "https://www.google.com"
objReg.CreateKey HKEY_CURRENT_USER, strKeyPath
strValueName = "*"
dwValue = 2
objReg.SetDWORDValue HKEY_CURRENT_USER, strKeyPath, strValueName, dwValue
The trusted sites are added successfully. But there is a problem here....
I am not able to remove the trusted sites added through the script which is a serious problem
Thanks in advance.
'**************************************************************************
'VBScript to remove all IE opened tab urls from the Trusted Site list
'***************************************************************************
Dim Windows
Dim tabUrl
On Error Resume Next
Const HKEY_CURRENT_USER = &H80000001
Set Shell = CreateObject("Shell.Application")
Set Windows = CreateObject(Shell.Windows)
For Each Window In Shell.Windows
If InStr(1, Window.FullName, "iexplore.exe", vbTextCompare) > 0 Then
tabUrl = Window.LocationUrl
Msgbox tabUrl
strComputer = "."
Set objReg=GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv")
strKeyPath = "Software\Microsoft\Windows\CurrentVersion\Internet Settings\" & "ZoneMap\Domains\" &tabUrl
objReg.DeleteKey HKEY_CURRENT_USER, strKeyPath
strValueName = "*"
dwValue = 2
objReg.SetDWORDValue HKEY_CURRENT_USER, strKeyPath, strValueName, dwValue
End If
Next
The Scripting Guys article tells you how to delete keys and tells you why delete sometimes doesn't work

How to delete array of registry keys and their subkeys

I am trying to delete array of registry keys and their subkeys.
Following is my code
Function DeleteSubkeys(strKeyPath)
Msgbox"DeleteSubkeys starts "
Dim strComputer,arrSubkeys
Const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set objRegistry = GetObject("winmgmts:\\" & _
strComputer & "\root\default:StdRegProv")
objRegistry.EnumKey HKEY_LOCAL_MACHINE, strKeyPath, arrSubkeys
If IsArray(arrSubkeys) Then
For Each strSubkey In arrSubkeys
DeleteSubkeys HKEY_LOCAL_MACHINE, strKeyPath & "\" & strSubkey
Next
End If
objRegistry.DeleteKey HKEY_LOCAL_MACHINE, strKeyPath
Msgbox"DeleteSubkeys ends "
DeleteSubkeys= null
End Function
Msgbox"Main starts "
dim Regkey
Regkey = Array(_
"SOFTWARE\Wow6432Node\Myproj\test1",_
"SOFTWARE\Wow6432Node\Myproj\test2"_
)
Msgbox"Outside foreach "
For Each strRegKey IN Regkey
Msgbox"Inside foreach "
DeleteSubkeys strRegKey
Next
Msgbox"Main ends "
But it fails to call function DeleteSubKeys which is invoked inside forach. What am i missing here?

Recursive search of HKU registry hive for a DWORD value

I need help with a VBScript that will recursively search the Windows HKU registry hive for a DWORD value. It would be helpful if the script could ignore the system accounts only looking in the S-1-5-21* keys. I MUST accomplish this using the HKU hive and not the HKCU hive because the program I plan to use to run the script runs in the context of system. No way around that.
Thank you.
Const HKCU = &H80000001
Const HKLM = &H80000002
Const HKU = &H80000003
strComputer = "."
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _
strComputer & "\root\default:StdRegProv")
'Read the HKEY_CURRENT_USER hive, registry path, and valuename to retrieve settings
strKeyPath = "Software\Policies\Microsoft\Windows\System\Power"
strValueName = "PromptPasswordOnResume"
oReg.GetDWORDValue HKCU,strKeyPath,strValueName,dwValue
'Return a failure exit code if entry does not exist
If IsNull(dwValue) Then
Wscript.Echo "The value is either Null or could not be found in the registry."
WScript.Quit 1
'Return a failure exit code if value does not equal STIG setting
ElseIf dwValue <> 1 Then
Wscript.Echo "This is a finding. ", strValueName,"=", dwValue
WScript.Quit 1
'Return a passing exit code if value matches STIG setting
ElseIf dwValue = 1 Then
Wscript.Echo "This is not a finding. "
WScript.Quit 0
End If
All this is what I ultimately came up with to resolve my issue.
Const HKEY_CURRENT_USER = &H80000001
Const HKEY_LOCAL_MACHINE = &H80000002
Const HKEY_USERS = &H80000003
'Set the local computer as the target
strComputer = "."
'set the objRegistry Object
Set objRegistry = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\default:StdRegProv")
'Enumerate All subkeys in HKEY_USERS
objRegistry.EnumKey HKEY_USERS, "", arrSubkeys
'Define variables
strKeyPath = "\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments"
strValueName = "HideZoneInfoOnProperties"
strSID = "S-1-5-21-\d*-\d*-\d*-\d{4,5}\\"
strValue = 1
f = True
For Each i in arrSubKeys
Set objRegExp = New RegExp
objRegExp.IgnoreCase = True
objRegExp.Global = True
objRegExp.Pattern = strSID
Set colMatches = objRegExp.Execute(i + strKeyPath)
For Each objMatch In colMatches
objRegistry.GetDWORDValue HKEY_USERS,i + strKeyPath,strValueName,dwValue
If IsNull(dwValue) Then
WScript.Echo "This is a finding, the key " & i + strKeyPath & "\" & strValueName & " does not exist."
f = False
ElseIf dwValue <> strValue Then
WScript.Echo "This is a finding, the " & i + strKeyPath & "\" & strValueName & ": " & dwValue & " does not equal REG_DWORD = " & strValue & "."
f = False
ElseIf dwValue = strValue Then
WScript.Echo "This is not a finding " & i + strKeyPath & "\" & strValueName & " = " & dwValue
End If
Next
Next
If f Then
WScript.Quit 0
Else
WScript.Quit 1
End If
You don't need recursion here. Simply iterate over the subkeys of HKEY_USERS and (try to) read the value. The return code of GetDWORDValue() will indicate whether or not the value could be read.
Const HKEY_USERS = &h80000003
subkey = "Software\Policies\Microsoft\Windows\System\Power"
name = "PromptPasswordOnResume"
computer = "."
Set reg = GetObject("winmgmts://" & computer & "/root/default:StdRegProv")
reg.EnumKey HKEY_USERS, "", sidList
For Each sid In sidList
key = sid & "\" & subkey
rc = reg.GetDWORDValue(HKEY_USERS, key, name, val)
If rc = 0 Then
If val = 1 Then
WScript.Echo "OK"
WScript.Quit 0
Else
WScript.Echo "Not OK"
WScript.Quit 1
End If
End If
Next
I am not sure if i got you right. If it is that you want to search in the HKU not in the HKCU, then the point is that an account in HKU is mapped to HKCU. Like in your case S-1-5-21* will be mapped to HKCU. You can check it by modifying an entry in HKCU and that will be reflected in HKU(S-1-5-21*) and vice-a-versa.

How to remove a registry entry from Windows 2008/Vista

I have this script to run on Windows 2008/Vista to remove one registry key, but I can't get it to run:
Const HKEY_CLASSES_ROOT = &H80000000
strComputer = "."
strKeyPath = "Installer\Products\334A4D1453680B74CA87BEE6B7E40113"
Set objRegistry = GetObject("winmgmts:\\" & _
strComputer & "\root\default:StdRegProv")
DeleteSubkeys HKEY_CLASSES_ROOT, strKeypath
Private Sub DeleteSubkeys(HKEY_CURRENT_USER, strKeyPath)
strComputer = "."
Set objRegistry = GetObject("winmgmts:\\" & _
strComputer & "\root\default:StdRegProv")
objRegistry.EnumKey HKEY_CURRENT_USER, strKeyPath, arrSubkeys
If IsArray(arrSubkeys) Then
For Each strSubkey In arrSubkeys
DeleteSubkeys HKEY_CURRENT_USER, strKeyPath & "\" & strSubkey
Next
End If
objRegistry.DeleteKey HKEY_CURRENT_USER, strKeyPath
End Sub
Any idea why?
Are you running this as an admin user? Despite your use of HKEY_CURRENT_USER as a param name, you're trying to delete from HKEY_CLASSES_ROOT, which would normally require elevated access.

Resources