Discrepancy REG QUERY local vs remote computer batch script - windows

I'm writing a batch script to update a software package (uninstall old
version/ install new one). This needs to be done over the network as
there are 500 PCs to update. One of the first steps before uninstalling is checking wether that software is installed or not. In order to check that
I query the registry:
reg query "HKLM\SOFTWARE\A.E.T Europe B.V."
This query gives adecuate results when running in local (for testing purposes), but when I run it remotely (they way it will be
ran) returns wrong results.
reg query "\\I301\HKLM\SOFTWARE\A.E.T Europe B.V."
returns 0 if i run that line locally. But if I log into I301 and run the
query locally returns 1, being the truth that A.E.T Europe B.V. shows up under the Wow6432Node branch in the windows registry.
Why is that???
Thanks in advance!

If there is on 64-bit Windows just the key
HKLM\SOFTWARE\Wow6432Node\A.E.T Europe B.V.
but no key
HKLM\SOFTWARE\A.E.T Europe B.V.
the reason for the different result is caused most likely by which version of reg.exe is executed from batch file or command line.
The key is not found if 64-bit %SystemRoot%\System32\reg.exe is executed on processing the batch file or running the command by 64-bit %SystemRoot%\System32\cmd.exe on using the line
reg query "\\I301\HKLM\SOFTWARE\A.E.T Europe B.V."
But the key is found if 32-bit %SystemRoot%\SysWOW64\reg.exe is executed on processing the batch file or running the command by 32-bit %SystemRoot%\SysWOW64\cmd.exe on using the line
reg query "HKLM\SOFTWARE\A.E.T Europe B.V."
because for the 32-bit applications the registry access to HKLM\SOFTWARE is redirected to HKLM\SOFTWARE\Wow6432Node by registry redirector.
Check both possible key locations:
#echo off
%SystemRoot%\System32\ping.exe -n 1 I301 >nul
if errorlevel 1 (
echo Computer with name I301 is not available in network.
goto :EOF
)
%SystemRoot%\System32\reg.exe query "\\I301\HKLM\SOFTWARE\A.E.T Europe B.V." >nul 2>&1
if not errorlevel 1 goto Installed
%SystemRoot%\System32\reg.exe query "\\I301\HKLM\SOFTWARE\Wow6432Node\A.E.T Europe B.V." >nul 2>&1
if not errorlevel 1 goto Installed
echo A.E.T Europe B.V. is not installed.
goto :EOF
:Installed
echo A.E.T Europe B.V. is installed already.
See also the Microsoft documentation pages:
File System Redirector
WOW64 Implementation Details
Registry Keys Affected by WOW64

Good answer by Mofi. On 64 bit systems you might also consider using
/reg:32 & /reg:64
See REG QUERY /?
You can sometimes get into trouble if you are launching CMD.exe from another app. If that app is a 32 bit app it will launch the 32 bit version of CMD.exe

Thanks Mofi and RGuggisberg,
Found out about everything Mofi said (and RGuggisberg complemented) later on the day. Since I couldn't make it work I tried checking for the Uninstall entry in the registry, thinking it would be there and only there. After getting again similar results I did a bit more googling and found out about Windows having two trees in the registry: one for 32 bits applications and another for 64 bits. The hint was given by:
http://ss64.com/nt/reg.html
At the end it shows up the two options that RGuggisber mentions /reg:32 & /reg:64. Looked them up and found about the existence of both registries.
https://msdn.microsoft.com/es-es/library/windows/desktop/ms724072%28v=vs.85%29.aspx
Tried same query (for uninstalled) BUT using /reg:64 and found the key I was looking for. Tried with /reg:32 and indeed could not find it. The machine I was running the script from runs Windows 7 32-bits. The remote machine Windows 8.1 64 bits.

Related

How to only run WMIC if it has already been installed?

I am trying to run a batch file that includes some WMIC queries on multiple versions of Windows. Windows 2003 causes the script to hang. It is most likely due to the first time that wmic is being run. The computer will normally output "Please wait while WMIC is being installed.."
Is there anyway to check if wmic is installed and if it is not, do not run it? I do not want to install WMIC on the computers I am running this on if it is not already installed. Should I just skip this query on all Windows 2003?
May be I'm wrong, but I think wmic is present at least from XP
This may help
#echo off
where /R c:\windows\ wmic.exe >nul 2>nul || (echo/ wmic.exe not found & exit/B)
rem wmic queries here
exit/B

Changing Windows 7 Wallpaper Remotely

I am trying to remotely change the wallpaper on about 50 computers that are running Win 7 in a WORKGROUP environment.
I have local admin rights to all of them plus they are running an agent (Faronics) that lets me push .bat .exe .msi .vbs and .ps1 to them remotely.
Just wondering if there was any application that lets me do that remotely or if not, what is the easiest way to get my image to these machines and set it as default wallpaper?
The wallpaper that Windows uses is in the registry under the HKCU\Control Panel\Desktop\Wallpaper key
you just can change it with the REG command.
See REG /? and then try...
reg query "HKCU\Control Panel\Desktop" /v Wallpaper
and
reg add "HKCU\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d D:\my.bmp /f
Replacing the file in the following path C:\Users\[user name]\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg is hit or miss depending upon the other desktop background settings shown on the GUI and file type.
I have been able to successfully replace the file with another .jpg file renamed TranscodedWallpaper.jpg and put in its place but the Desktop doesn't just update by itself.
You have to force it with the Rundll32.exe user32.dll,UpdatePerUserSystemParameters command.
This is also hit or miss. I have had it work several times correctly while physically on the computer but cannot get the computer to do the same remotely.
Still working on a 100% working remote solution to fully answer the question.
You can use intelliadmin network administrator to change the desktop pictures remotely on all computers at once

Find out windows version from non-privileged user command line

I need a way to find out what version of windows I'm running in using simple command line tools (no powershell). I need it to work from a non-privileged user, and I need to be able to parse out the difference between Windows XP, Vista, server 2008, and 7. I'm currently using:
wmic os get Caption but that fails when the user doesn't have permissions to run wmic.
Update:
To clarify, I need this command to not break with different service pack levels, etc. which probably rules out parsing a specific version number. Also if you look at this list of windows versions, you'll see that the numbers reported on Windows 7 and server 2008 r2 are the same.
I solved this problem by parsing the output of:
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion" /v "ProductName"
systeminfo command shows everything about the os version including service pack number and the edition you are using.
C:\>systeminfo | findstr /B /C:"OS Name" /C:"OS Version"
OS Name: Microsoft Windows 7 Enterprise
OS Version: 6.1.7601 Service Pack 1 Build 7601
Reference: Find Windows version from command prompt
You can use ver. I'm on a school computer with a non-privileged command prompt, and it gives me Microsft Windows [Version 6.1.7601]. I'm sure you'd be able to sort out Vista and XP from the number you get.
cmd displays the Windows version when started:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\Joey>_
This is also a similar line as the one ver spits out, indeed.
One option then might be
echo exit|cmd|findstr Windows
another
cmd /c ver
depending on whether you have a pipeline or not.
if not CMDEXTVERSION 2 (
echo Error: This batch requires Command Extensions version 2 or higher
exit /b 1
)
FOR /F "usebackq tokens=4 delims=] " %%I IN (`ver`) DO for /F "tokens=1,2 delims=." %%J IN ("%%I") do set WindowsVersion=%%J.%%K
if "%WindowsVersion%" LSS "6.1" (
echo Error: This batch requires Windows 7 SP1 or higher
exit /b 1
)
You can get the SysInternals and install onto your C:\ directory. After that you can then go to a command prompt and use the command PSINFO.
It is great because it lets me query any PC on the network (that I have access to). At the command prompt you type: PSINFO \exactnameofcomputer
(PSINFO whack whack exactnameofcomputer)
Then hit enter. It will take a moment or two to report back, depending on where that computer is located at.

Installing a .inf file using a windows batch file

When you right click on a .inf file you have an option to "Install". I want to install a .inf file from the command line using a batch file. What is the "right" way to do this?
Thanks!
[edit]
I should clarify that I am trying to run this on Windows XP (and not Vista). Though I appriciate (and up-voted) the below answer mentioning InfDefaultInstall.exe, I believe that program was not shipped with XP.
You can find the command when looking at the HKCR\inffile\shell\Install\command registry key. On Windows XP this is
%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1
on Windows Vista and later this would be
%SystemRoot%\System32\InfDefaultInstall.exe "%1"
To use the batch file across several Windows versions you would need some trickery. You could use reg.exe to query for the key and try parsing the output (I didn't find a quick way of getting only the value from reg). If you know what platforms you're running on you could also hard-code the command lines and switch according to the Windows version (which would need another hack to find that out. %OS% doesn't tell you more than "Windows NT", unfortunately.).
rem tested/works
:inf
ver | findstr /il "Version 6." > nul
if %ERRORLEVEL%==0 goto :vista
:xp
start/wait rundll32.exe setupapi,InstallHinfSection DefaultInstall 4 %_%
goto :eof
:vista
%SystemRoot%\System32\InfDefaultInstall.exe "%_%"
:eof
Should works on any Windows system that has IE 4.0+:
RunDll32 advpack.dll,LaunchINFSection <file.inf>,DefaultInstall

Why does batch file FOR fail when iterating over command output?

I have a batch file that uses this idiom (many times) to read a registry value into an environment variable:
FOR /F "tokens=2* delims= " %%A IN ('REG QUERY "HKLM\SOFTWARE\Path\To\Key" /v ValueName') DO SET MyVariable=%%B
(There's a tab character after delims=)
This works fine on thousands of customer's computers. But on one customer's computer (running Windows Server 2003, command extensions enabled),
it fails with 'REG QUERY "HKLM\SOFTWARE\Path\To\Key" /v ValueName' is not recognized as an internal or external command, operable program or batch file.' Running the "reg query" command alone works fine. Reg.exe is present in C:\Windows\System32.
I was able to work around the problem by changing the code to
REG QUERY "HKLM\SOFTWARE\Path\To\Key" /v ValueName > temp.txt
FOR /F "tokens=2* delims= " %%A IN (temp.txt) DO SET MyVariable=%%B
This got the customer up and running, but I would like to understand why the problem occurred so I can avoid it in the future.
Slightly off the primary topic - a more direct way to get a registry value (string or DWORD) into an environment variable would also be useful.
I would check:
The customer's role on the machine - are they an admin?
Where is reg.exe on the box - is there more than one copy of copy of reg.exe in the path?
Is there any locale difference on the customer's machine from the machines where this normally works?
Basically, enumerate everything that differs between this machine and machines where it works as expected. Include service packs, domain membership, etc.
Wow, that is odd.
If the same commands work when split into two lines, then I'd guess it has something to do with the way the command gets run in a subshell in the FOR command.
If you were really dying to figure out why it's dying in this particular case, you could run commands like "SET > envvars.txt" as the FOR command and compare that with the top shell.
Or maybe start off simple and try running the REG command via CMD /C to see if that does anything?
One quick guess here, what's the values of COMSPEC and SHELL ?
I had a similar situation to this. In my case it was a bad value in COMSPEC. I fixed that and the script started working as expected.
The /F switch needs command extensions to be turned on. Usually they are turned on by default, but I'd check that. On XP systems you can turn them on doing something like
cmd /e:on
or checking the registry under
HKCU\Software\Microsoft\Command Processor\EnableExtensions
Dunno about Windows Server.
Doing help for and help cmd could provide some hints as well.

Resources