Hi could any one point me in the right direction to create Vbscript to query computer name and then write the query result to registry HKLM\software\test dword or string
this is what i have got so far i just dont know how to link the query then add the query result to the registry -thanks in advance
Const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _
strComputer & "\root\default:StdRegProv")
strKeyPath = "SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName"
strValueName = "ComputerName"
oReg.GetExpandedStringValue HKEY_LOCAL_MACHINE,strKeyPath, _
strValueName,strValue
From Help https://www.microsoft.com/en-au/download/details.aspx?id=2764
Computername
Set WshNetwork = WScript.CreateObject("WScript.Network")
WScript.Echo "Domain = " & WshNetwork.UserDomain
WScript.Echo "Computer Name = " & WshNetwork.ComputerName
WScript.Echo "User Name = " & WshNetwork.UserName
Write Registry
Set WshShell = WScript.CreateObject("WScript.Shell")
WshShell.RegWrite "HKCU\Software\ACME\FortuneTeller\", 1, "REG_BINARY"
Related
I am working on a script to pull the value in the key
HKCurrentUser\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Desktop
Currently all it is returning is:
C:\WINDOWS\system32\config\systemprofile\Desktop
When I want/think it should return:
%USERPROFILE%\Desktop
Below is the script that is pulling the infomration from the key and as far as I can tell it should be pulling the correct information. Just wondering if someone can enlighten me as to what I am missing. It also returns the computer name and the logged in username which both return correctly. This is going to be run on quite a few machines remotely.
'These are the constants for the following KEYS'
Const HKClassesRoot = &H80000000 'HKEY_CLASSES_ROOT
Const HKCurrentUser = &H80000001 'HKEY_CURRENT_USER
Const HKLocalMachine = &H80000002 'HKEY_LOCAL_MACHINE
Const HKUsers = &H80000003 'HKEY_USERS
Const HKCurrentConfig = &H80000005 'HKEY_CURRENT_CONFIG
'Setup objects to interact with here'
Set wshShell = WScript.CreateObject("Wscript.Shell")
strComputer = wshShell.ExpandEnvironmentStrings("%COMPUTERNAME%")
Set objRegistry = GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv")
Set objNetwork = CreateObject("Wscript.Network")
Set objFSO = CreateObject("Scripting.FileSystemObject")
'Define variable to store the current user and then pull the current user
Dim currentUser
strCurrentUser = objNetwork.UserName
'find the data in the string we want to get the value from'
strKeyPath = "SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\"
strValueName = "Desktop"
'pull the info and store it in strValue'
objRegistry.GetStringValue HKCurrentUser,strKeyPath,strValueName,strValue
'setup for output of data to the file'
Dim strSpacer
Dim strData
strSpace = "+-------------------------------------------------------------------------------------------------------------------------+"
strData = "| " & strComputer & " == " & strCurrentUser & " == " & strValue & " |"
Dim strFileName
strFileName = "\\server\share\" & strCurrentUser & ".txt"
Set objFile = objFSO.OpenTextFile(strFileName,8,true)
objFile.write vbCrLf & strSpace & vbCrLf
objFile.write strData & vbCrLf
objFile.write strSpace & vbCrLf
'Close file'
objFile.Close
After review I found the answer to my own question. I was reading the registry incorrectly for what I was doing.
strRegkey = "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Desktop"
strDataValue = wshShell.RegRead(strRegKey)
this returns the value stored currently in the key.
I suspect that the environment variable %USERPROFILE% from the registry value gets expanded to the profile of the user running the WMI service (LOCAL SYSTEM). GetStringValue seems to behave the same as GetExpandedStringValue when reading REG_EXPAND_SZ values.
I need help with a VBScript that will recursively search the Windows HKU registry hive for a DWORD value. It would be helpful if the script could ignore the system accounts only looking in the S-1-5-21* keys. I MUST accomplish this using the HKU hive and not the HKCU hive because the program I plan to use to run the script runs in the context of system. No way around that.
Thank you.
Const HKCU = &H80000001
Const HKLM = &H80000002
Const HKU = &H80000003
strComputer = "."
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _
strComputer & "\root\default:StdRegProv")
'Read the HKEY_CURRENT_USER hive, registry path, and valuename to retrieve settings
strKeyPath = "Software\Policies\Microsoft\Windows\System\Power"
strValueName = "PromptPasswordOnResume"
oReg.GetDWORDValue HKCU,strKeyPath,strValueName,dwValue
'Return a failure exit code if entry does not exist
If IsNull(dwValue) Then
Wscript.Echo "The value is either Null or could not be found in the registry."
WScript.Quit 1
'Return a failure exit code if value does not equal STIG setting
ElseIf dwValue <> 1 Then
Wscript.Echo "This is a finding. ", strValueName,"=", dwValue
WScript.Quit 1
'Return a passing exit code if value matches STIG setting
ElseIf dwValue = 1 Then
Wscript.Echo "This is not a finding. "
WScript.Quit 0
End If
All this is what I ultimately came up with to resolve my issue.
Const HKEY_CURRENT_USER = &H80000001
Const HKEY_LOCAL_MACHINE = &H80000002
Const HKEY_USERS = &H80000003
'Set the local computer as the target
strComputer = "."
'set the objRegistry Object
Set objRegistry = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\default:StdRegProv")
'Enumerate All subkeys in HKEY_USERS
objRegistry.EnumKey HKEY_USERS, "", arrSubkeys
'Define variables
strKeyPath = "\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments"
strValueName = "HideZoneInfoOnProperties"
strSID = "S-1-5-21-\d*-\d*-\d*-\d{4,5}\\"
strValue = 1
f = True
For Each i in arrSubKeys
Set objRegExp = New RegExp
objRegExp.IgnoreCase = True
objRegExp.Global = True
objRegExp.Pattern = strSID
Set colMatches = objRegExp.Execute(i + strKeyPath)
For Each objMatch In colMatches
objRegistry.GetDWORDValue HKEY_USERS,i + strKeyPath,strValueName,dwValue
If IsNull(dwValue) Then
WScript.Echo "This is a finding, the key " & i + strKeyPath & "\" & strValueName & " does not exist."
f = False
ElseIf dwValue <> strValue Then
WScript.Echo "This is a finding, the " & i + strKeyPath & "\" & strValueName & ": " & dwValue & " does not equal REG_DWORD = " & strValue & "."
f = False
ElseIf dwValue = strValue Then
WScript.Echo "This is not a finding " & i + strKeyPath & "\" & strValueName & " = " & dwValue
End If
Next
Next
If f Then
WScript.Quit 0
Else
WScript.Quit 1
End If
You don't need recursion here. Simply iterate over the subkeys of HKEY_USERS and (try to) read the value. The return code of GetDWORDValue() will indicate whether or not the value could be read.
Const HKEY_USERS = &h80000003
subkey = "Software\Policies\Microsoft\Windows\System\Power"
name = "PromptPasswordOnResume"
computer = "."
Set reg = GetObject("winmgmts://" & computer & "/root/default:StdRegProv")
reg.EnumKey HKEY_USERS, "", sidList
For Each sid In sidList
key = sid & "\" & subkey
rc = reg.GetDWORDValue(HKEY_USERS, key, name, val)
If rc = 0 Then
If val = 1 Then
WScript.Echo "OK"
WScript.Quit 0
Else
WScript.Echo "Not OK"
WScript.Quit 1
End If
End If
Next
I am not sure if i got you right. If it is that you want to search in the HKU not in the HKCU, then the point is that an account in HKU is mapped to HKCU. Like in your case S-1-5-21* will be mapped to HKCU. You can check it by modifying an entry in HKCU and that will be reflected in HKU(S-1-5-21*) and vice-a-versa.
I am attempting to create an application that will allow me to input a username and switch that user's default printer by modifying the registry under HKEY_USERS\UserSID. I cannot seem write values to that section of the registry though. Perhaps it's a Windows limitation? Here's the code I have so far.
Dim strComputer = "."
Dim objWMIService As Object = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Dim theUsername As String = TextBox1.Text
Dim theDomain As String = TextBox2.Text
Dim objAccount As Object = objWMIService.Get("Win32_UserAccount.Name='" & theUsername & "',Domain='" & theDomain & "'")
Dim theport As RegistryKey
theport = Registry.CurrentUser.OpenSubKey("Software\\Microsoft\\Windows NT\\CurrentVersion\\Devices")
Dim val As Object = theport.GetValue(ListBox1.SelectedItem)
theport.Close()
Dim theSid As String = objAccount.sid
Dim theKey As RegistryKey = Registry.Users.OpenSubKey(theSid + "\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows", True)
I don't think that there is some Windows limitation, because I wrote to HKEY_USERS\SIDs many times. But I used for this purpose the vbscript. Also I should warn you that you can only read&write to Users registry if they are logged. For not logged users - use the ActiveSetup.
There is my script on vbs which writes some registry to all logged users. Hope you could adapt it to VB.NET.
Option Explicit
Const HKEY_USERS = &H80000003
Dim objReg, objWMI, colSessions, objSession, colList, colUsers, objUser, Domain, UserName, objUserAccount, SID, WshShell
Set WshShell = CreateObject("WScript.Shell")
Set objReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")
Set objWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
Set colSessions = objWMI.ExecQuery("Select * from Win32_LogonSession Where LogonType = 2 Or LogonType = 10")
If colSessions.Count <> 0 Then
For Each objSession in colSessions
Set colUsers = objWMI.ExecQuery("Associators of " & "{Win32_LogonSession.LogonId=" & objSession.LogonId & "} " & "Where AssocClass=Win32_LoggedOnUser Role=Dependent" )
For Each objUser in colUsers
Domain = objUser.Domain : UserName = objUser.Name
Set objUserAccount = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2:Win32_UserAccount.Domain='" & Domain & "',Name='" & UserName & "'")
SID = objUserAccount.SID
objReg.CreateKey HKEY_USERS, SID & "\Control Panel\Desktop"
objReg.SetStringValue HKEY_USERS, SID & "\Control Panel\Desktop", "Example", "1"
objReg.SetDwordValue HKEY_USERS, SID & "\Control Panel\Desktop", "Example", "2"
Next
Next
End If
I have the following code. I am trying to get the information on whether or not the remote computer I am connecting to is 32-bit or 64 bit. I tried doing it at the last snippet of this code but it didn't work. Here is the error (I changed the remote system name):
WshShell.RegRead: Invalid root in registry key
"\*remotesystem*\HKEY_LOCAL_MACHINE\SYSTEM\CurrentCon
trolSet\Control\Session Manager\Environment\PROCESSOR_ARCHITECTURE".
Option Explicit
Dim objWMISrvc,strRemoteComputer,colOSItems,objItem,args,OsType
'String variables
Dim strName,strCaption,strVersion,strCSDVer,strSerial,WshShell
'Adding this in to transfer FQDN variable to this script from ASP.net
Set args = WScript.Arguments
strRemoteComputer = args.Item(0)
Set objWMISrvc = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strRemoteComputer & "\root\cimv2")
CheckOSType objWMISrvc
Sub CheckOSType( objWMISrvc )
Set colOSItems = objWMISrvc.ExecQuery("Select * from Win32_OperatingSystem",,48)
For Each objItem in colOSItems
strName = objItem.CSName
'strDesc = objItem.Description
'strManufac = objItem.Manufacturer
strCaption = objItem.Caption
strVersion = objItem.Version
strCSDVer = objItem.CSDVersion
strSerial = objItem.SerialNumber
Next
Set WshShell = CreateObject("WScript.Shell")
OsType = WshShell.RegRead("\\" & strRemoteComputer & "\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\PROCESSOR_ARCHITECTURE")
If OsType = "x86" then
WScript.Echo "Windows 32bit system detected"
elseif OsType = "AMD64" then
WScript.Echo "Windows 64bit system detected"
end if
End Sub
You can do this directly from WMI without reading the registry. Just loop through your computer names with this script. It returns either "32" or "64".
strComputer = "."
Set objWMIService = GetObject("winmgmt:\\" & strComputer & "\root\cimv2")
Set colProcessors = objWMIService.ExecQuery("Select * from Win32_Processor")
For Each objProcessor in colProcessors
WScript.Echo objProcessor.AddressWidth 'or objProcessor.DataWidth
Exit For
Next
To read the registry of as remote machine you must use the the StdRegProv WMI class
Check this sample
const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set oReg=GetObject( _
"winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")
strKeyPath = "SYSTEM\CurrentControlSet\Control\Session Manager\Environment"
strValueName = "PROCESSOR_ARCHITECTURE"
oReg.GetStringValue _
HKEY_LOCAL_MACHINE,strKeyPath,strValueName,OsType
WScript.Echo OsType
I am trying to get the computer name from the registry and write it to a file. At this point, my function call for obtaining the computer name from registry isn't working. Any advice would be appreciated.
Option Explicit
On Error Resume Next
Dim regComputerName, ComputerName
Set objShell = WScript.CreateObject("WScript.Shell")
Set objFileSystem = CreateObject("Scripting.FileSystemObject")
regComputerName = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName\Computername"
ComputerName = obj.shell.RegRead(regComputerName)
oWrite.WriteLine(ComputerName,C:\text)
Reading registry values is error prone and may require elevated privileges in Windows 7. There's another way of getting the computer name, very similar to what you are doing right now:
Set objNetwork = WScript.CreateObject("WScript.Network")
ComputerName = objNetwork.ComputerName
MsgBox ComputerName
Also, the last line in your script: oWrite.WriteLine(ComputerName,C:\text) will not work for 2 reasons:
C:\text has to be in quotes, like this: "C:\text.txt"
In VB, only a function that results a value can be called with parenthesis. Call WriteLine like this instead: oWrite.WriteLine ComputerName, "C:\text.txt"
Finally, are you sure you are not referring to VBScript instead of VB in your question?
Your code is not working because of an error in this line:
ComputerName = obj.shell.RegRead(regComputerName)
Instead of obj.shell you should be referencing objShell. It should look like this:
Set objShell = WScript.CreateObject("WScript.Shell")
strRegKey = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName\Computername"
strComputerName = objShell.RegRead(strRegKey)
WScript.Echo strComputerName
However, there are much more reliable ways of getting the computer name without having to deal with the registry.
From WSH (as suggested above)
Set WshNetwork = WScript.CreateObject("WScript.Network")
strComputerName = WshNetwork.ComputerName
WScript.Echo "Computer Name: " & strComputerName
From an environmental variable...
Set wshShell = WScript.CreateObject("WScript.Shell")
strComputerName = wshShell.ExpandEnvironmentStrings("%COMPUTERNAME%")
WScript.Echo "Computer Name: " & strComputerName
From WMI...
strcomputer = "."
Set objWMISvc = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = objWMISvc.ExecQuery("Select * from Win32_ComputerSystem",, 48)
For Each objItem in colItems
strComputerName = objItem.Name
WScript.Echo "Computer Name: " & strComputerName
Next
From ADSI...
Set objSysInfo = CreateObject("WinNTSystemInfo")
strComputerName = objSysInfo.ComputerName
WScript.Echo "Computer Name: " & strComputerName
From ADSI (only works for domain members)...
Set objSysInfo = CreateObject("ADSystemInfo")
strComputerName = objSysInfo.ComputerName
WScript.Echo "Computer Name: " & strComputerName
...and one last way for Windows XP users only...
Set objPC = CreateObject("Shell.LocalMachine")
strComputerName = objPC.MachineName
WScript.Echo "Computer Name: " & strComputerName