How to retrieve everything below a given registry key? - vbscript

I have one script retrieve all registry values in a specific key (Ex: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ASP.NET), but I need consult in making that search recursive. I need print all registry and subkeys below this key (Ex: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ASP.NET)
Example for my script:
For Each strSubkey In arrSubKeys
Set objHtml=fso.Opentextfile(strComputer & ".txt",intForWriting,Createfile)
strValue = Null
strSubKeyPath = pathKeyReg & "\" & strSubkey
objRegistry.EnumValues hDefKey, strSubKeyPath, arrValueNames, arrTypes
For i = LBound(arrValueNames) To UBound(arrValueNames)
strValueName = arrValueNames(i)
Select Case arrTypes(i)
Case REG_SZ
objRegistry.GetStringValue hDefKey, strSubKeyPath, strValueName, strValue
objHtml.WriteLine strSubKeyPath & vbTab & strValueName & vbTab & "(REG_SZ)" & vbTab & strValue
' Show a REG_EXPAND_SZ value
Case REG_EXPAND_SZ
objRegistry.GetExpandedStringValue hDefKey, strSubKeyPath, strValueName, strValue
objHtml.Write strSubKeyPath & vbTab & strValueName & vbTab & "(REG_EXPAND_SZ)" & vbTab & strValue
End Select
Next
Next

You need to recurse into subkeys for that. Wrap your code in a procedure and add code that enumerates the subkeys of the current key and calls itself for each subkey.
Sub RecurseKey(key)
'enumerate values (your existing code)
objRegistry.EnumValues hDefKey, key, names, types
If Not IsNull(names) Then
For i = 0 To UBound(names)
name = names(i)
Select Case types(i)
Case REG_SZ
...
Case REG_EXPAND_SZ
...
Case ...
End Select
Next
End If
'enumerate subkeys and recurse
objRegistry.EnumKey hDefKey, key, subKeys
If Not IsNull(subKeys) Then
For Each sk In subKeys
RecurseKey key & "\" & sk '<-- recursion happens here
Next
End If
End Sub

Related

Script to delete user accounts from Profile list on Windows 8.1

The following code is meant to delete all user accounts from HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
Code:
On Error Resume Next
Const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set objRegistry=GetObject("winmgmts:\\" & _
strComputer & "\root\default:StdRegProv")
strKeyPath = "SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList"
objRegistry.EnumKey HKEY_LOCAL_MACHINE, strKeyPath, arrSubkeys
For Each objSubkey In arrSubkeys
strValueName = "ProfileImagePath"
strSubPath = strKeyPath & "\" & objSubkey
objRegistry.GetExpandedStringValue HKEY_LOCAL_MACHINE,strSubPath,strValueName,strValue
strPath=Left(strvalue,Len(strvalue)-Len(Right(strvalue,Len(strvalue)-9)))
strID=Right(strvalue,Len(strvalue)-9)
if ((strPath="C:\Users\") and (strID<>"rcadmin")) then
return=objRegistry.DeleteKey(HKEY_LOCAL_MACHINE, strSubPath)
end if
Next
wscript.echo "Done"
If I replace "return=objRegistry.DeleteKey(HKEY_LOCAL_MACHINE, strSubPath)" with "wscript.echo strID", it displays what I expect. So all I need to do now is delete the string "strSubPath" from "HKEY_LOCAL_MACHINE". And this is the part that I can not get right.
An example of the output of
wscript.echo strSubPath" is "SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList"\S-1-5-21-3469983464-63224933-1422604425-8029
What am I missing?

Iterate through Registry Subfolders

I want to get all values of a registry path include the values of its subfolders. Right now i read the values of a single folder by this:
const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")
strKeyPath = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
oReg.EnumKey HKEY_LOCAL_MACHINE, strKeyPath, arrSubKeys
For Each subkey In arrSubKeys
msgbox subkey ' Just for debugging
Next
This works great, but in addition i need to get a list of the folder's subfolders.
I want to get a result (only the content is important, not the formatting and no need to write it into a file) like the this would command gives me:
regedit /e c:\testfile.reg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Is there a way to do this in vbs or do i need to use the regedit command from windows, with an Wscript.Shell call.
You need to recurse into the subkeys. Try this:
Const HKEY_LOCAL_MACHINE = &H80000002
strKeyPath = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
Sub EnumerateKeys(hive, key)
WScript.Echo key
reg.EnumKey hive, key, arrSubKeys
If Not IsNull(arrSubKeys) Then
For Each subkey In arrSubKeys
EnumerateKeys hive, key & "\" & subkey
Next
End If
End Sub
Set reg = GetObject("winmgmts://./root/default:StdRegProv")
EnumerateKeys HKEY_LOCAL_MACHINE, strKeyPath
In addition i found a realy good example on the web:
' Constants (taken from WinReg.h)
'
Const HKEY_CLASSES_ROOT = &H80000000
Const HKEY_CURRENT_USER = &H80000001
Const HKEY_LOCAL_MACHINE = &H80000002
Const HKEY_USERS = &H80000003
Const REG_SZ = 1
Const REG_EXPAND_SZ = 2
Const REG_BINARY = 3
Const REG_DWORD = 4
Const REG_MULTI_SZ = 7
' Chose computer name, registry tree and key path
'
strComputer = "." ' Use . for current machine
hDefKey = HKEY_LOCAL_MACHINE
strKeyPath = "SOFTWARE\Microsoft\Cryptography\Defaults\Provider"
' Connect to registry provider on target machine with current user
'
Set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\default:StdRegProv")
' Enum the subkeys of the key path we've chosen
'
oReg.EnumKey hDefKey, strKeyPath, arrSubKeys
For Each strSubkey In arrSubKeys
' Show the subkey
'
wscript.echo strSubkey
' Show its value names and types
'
strSubKeyPath = strKeyPath & "\" & strSubkey
oReg.EnumValues hDefKey, strSubKeyPath, arrValueNames, arrTypes
For i = LBound(arrValueNames) To UBound(arrValueNames)
strValueName = arrValueNames(i)
Select Case arrTypes(i)
' Show a REG_SZ value
'
Case REG_SZ
oReg.GetStringValue hDefKey, strSubKeyPath, strValueName, strValue
wscript.echo " " & strValueName & " (REG_SZ) = " & strValue
' Show a REG_EXPAND_SZ value
'
Case REG_EXPAND_SZ
oReg.GetExpandedStringValue hDefKey, strSubKeyPath, strValueName, strValue
wscript.echo " " & strValueName & " (REG_EXPAND_SZ) = " & strValue
' Show a REG_BINARY value
'
Case REG_BINARY
oReg.GetBinaryValue hDefKey, strSubKeyPath, strValueName, arrBytes
strBytes = ""
For Each uByte in arrBytes
strBytes = strBytes & Hex(uByte) & " "
Next
wscript.echo " " & strValueName & " (REG_BINARY) = " & strBytes
' Show a REG_DWORD value
'
Case REG_DWORD
oReg.GetDWORDValue hDefKey, strSubKeyPath, strValueName, uValue
wscript.echo " " & strValueName & " (REG_DWORD) = " & CStr(uValue)
' Show a REG_MULTI_SZ value
'
Case REG_MULTI_SZ
oReg.GetMultiStringValue hDefKey, strSubKeyPath, strValueName, arrValues
wscript.echo " " & strValueName & " (REG_MULTI_SZ) ="
For Each strValue in arrValues
wscript.echo " " & strValue
Next
End Select
Next
Next

How to delete array of registry keys and their subkeys

I am trying to delete array of registry keys and their subkeys.
Following is my code
Function DeleteSubkeys(strKeyPath)
Msgbox"DeleteSubkeys starts "
Dim strComputer,arrSubkeys
Const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set objRegistry = GetObject("winmgmts:\\" & _
strComputer & "\root\default:StdRegProv")
objRegistry.EnumKey HKEY_LOCAL_MACHINE, strKeyPath, arrSubkeys
If IsArray(arrSubkeys) Then
For Each strSubkey In arrSubkeys
DeleteSubkeys HKEY_LOCAL_MACHINE, strKeyPath & "\" & strSubkey
Next
End If
objRegistry.DeleteKey HKEY_LOCAL_MACHINE, strKeyPath
Msgbox"DeleteSubkeys ends "
DeleteSubkeys= null
End Function
Msgbox"Main starts "
dim Regkey
Regkey = Array(_
"SOFTWARE\Wow6432Node\Myproj\test1",_
"SOFTWARE\Wow6432Node\Myproj\test2"_
)
Msgbox"Outside foreach "
For Each strRegKey IN Regkey
Msgbox"Inside foreach "
DeleteSubkeys strRegKey
Next
Msgbox"Main ends "
But it fails to call function DeleteSubKeys which is invoked inside forach. What am i missing here?

Search for registry key in all of the subkeys of a path

I want to find the key "Device Parameters' under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\IDE.
But, the BD/DVD/CD ROM/Writers makes a different key in every system. Mine currently is HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\IDE\CdRomHL-DT-ST_DVDRAM_GH20NS15________________IL00____\5&15602d3e&0&0.1.0\Device Parameters.
But I want to search every subkey under IDE and under BD/DVD/CD ROM/Writers to get the device parameters. There is a binary value DefaultDVDregion and i want to set it to 0 for every BD/DVD/CD ROM/Writers.
I'd like to do this in VBScript.
This code will loop through all the keys in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\IDE and, for each key, look inside it to print out the DWORD value of DefaultDvdRegion.
Option Explicit
Const HKEY_LOCAL_MACHINE = &H80000002
Dim oReg : Set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")
Dim oShell : Set oShell = CreateObject("WScript.Shell")
Dim sPath, aSub, sKey, aSubToo, sKeyToo, dwValue
' Get all keys within sPath
sPath = "SYSTEM\CurrentControlSet\Enum\IDE"
oReg.EnumKey HKEY_LOCAL_MACHINE, sPath, aSub
' Loop through each key
For Each sKey In aSub
' Get all subkeys within the key 'sKey'
oReg.EnumKey HKEY_LOCAL_MACHINE, sPath & "\" & sKey, aSubToo
For Each sKeyToo In aSubToo
' Try and get the DWORD value in Device Parameters\DefaultDvdRegion
oReg.GetDWORDValue HKEY_LOCAL_MACHINE, sPath & "\" & sKey & "\" & sKeyToo & "\Device Parameters", "DefaultDvdRegion", dwValue
Wscript.Echo "DVDRegion of " & sPath & "\" & sKey & "\" & sKeyToo & " = " & dwValue
Next
Next
It's not my finest code, but should give you what you are looking for. On my machine, I get the following output:
DVDRegion of SYSTEM\CurrentControlSet\Enum\IDE\CdRomOptiarc_DVD_RW_AD-7200S_________________1.0A____\5&3308a5ad&0&1.0.0 = 2
DVDRegion of SYSTEM\CurrentControlSet\Enum\IDE\DiskSAMSUNG_HD103UJ_________________________1AA01113\5&76d4b99&0&0.0.0 =
Which makes sense, because my DVD drive has a region code of 2 (Europe) and my hard drive has no region code.

How to find out Outlook account info in Registry with VBScript?

I'm trying to create a report of User Accounts info on the members of an AD I manage. Specifically I need what accounts are configured on their Outlook installation; What kind of protocol are they using (POP/IMAP) and where are the associated PST files stored for backup purposes. I reckon I can deploy a VBScript on all machines which can write to a file in a shared location and I can then retrive that file.
I found some scripts online which can find the PST file location in HKCU..\Windows Messaging Subsystem\Profiles but couldn't understand how they were parsing the Hex keys. If I can figure that out, I can probably get the other info stored on the subkeys.
Any help on solving this would be appreciated.
Finally figured it out using pointers online. This basically loops down to three levels in the registry from a specified subkey and writes it to a file.
const HKCU = &H80000001
Const REG_SZ = 1
Const REG_EXPAND_SZ = 2
Const REG_BINARY = 3
Const REG_DWORD = 4
Const REG_MULTI_SZ = 7
strComputer = "."
Set StdOut = WScript.StdOut
Dim objFSO :Set objFSO = CreateObject("Scripting.FileSystemObject")
Dim objPSTLog :Set objPSTLog = objFSO.OpenTextFile("%temp%\pst.log",8,True)
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")
strKeyPath = "Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\"
oReg.EnumKey HKCU, strKeyPath, arrSubKeys
For Each subkey In arrSubKeys
objPSTLog.WriteLine(subkey)
strkeyPath1 = strkeyPath & subkey 'Outlook
oReg.EnumKey HKCU, strKeyPath1, arrSubKeys1
if IsArray(arrSubKeys1) Then
For Each subkey1 In arrSubKeys1
strkeyPath2 = strkeyPath1 & "\" & subkey1 'Outlook\8bce72417aa40d418ab879690e9b39cc etc
oReg.EnumKey HKCU, strKeyPath2, arrSubKeys2
if IsArray(arrSubKeys2) Then
For Each subkey2 In arrSubKeys2
objPSTLog.WriteLine(subkey2)
strkeyPath3 = strkeyPath2 & "\" & subkey2 'Outlook\8bce72417aa40d418ab879690e9b39cc\0000001 etc
oReg.EnumValues HKCU, strKeyPath3, arrValueNames, arrTypes
if IsArray(arrValueNames) Then
For i = lBound(arrValueNames) To uBound(arrValueNames)
strValueName = arrValueNames(i)
Select Case arrTypes(i)
' Show a REG_SZ value
'
Case REG_SZ
oReg.GetStringValue HKCU, strKeyPath3, strValueName, strValue
objPSTLog.WriteLine(" " & strValueName & " (REG_SZ) = " & strValue)
' Show a REG_EXPAND_SZ value
'
Case REG_EXPAND_SZ
oReg.GetExpandedStringValue HKCU, strKeyPath3, strValueName, strValue
objPSTLog.WriteLine(" " & strValueName & " (REG_EXPAND_SZ) = " & strValue)
' Show a REG_BINARY value
'
Case REG_BINARY
oReg.GetBinaryValue HKCU, strKeyPath3, strValueName, arrBytes
strBytes = ""
For Each uByte in arrBytes
uByte = Hex(uByte)
strBytes = strBytes & uByte & " "
Next
objPSTLog.WriteLine(" " & strValueName & " (REG_BINARY) = " & strBytes)
' Show a REG_DWORD value
'
Case REG_DWORD
oReg.GetDWORDValue HKCU, strKeyPath3, strValueName, uValue
objPSTLog.WriteLine(" " & strValueName & " (REG_DWORD) = " & CStr(uValue))
' Show a REG_MULTI_SZ value
'
Case REG_MULTI_SZ
oReg.GetMultiStringValue HKCU, strKeyPath3, strValueName, arrValues
objPSTLog.WriteLine(" " & strValueName & " (REG_MULTI_SZ) =")
For Each strValue in arrValues
objPSTLog.WriteLine(" " & strValue)
Next
End Select
Next
End If
strKeyPath3=""
Next
End If
strKeyPath2=""
Next
strkeyPath1 = ""
End If
Next
objPSTLog.WriteLine("")
objPSTLog.WriteLine("--------------------------------------------------------------------------------------------------------------")
objPSTLog.WriteLine("")
objPSTLog.close
MsgBox "Script Run Successful"
It still writes the Hex values. The PST Location is stored in "Delivery Store EntryID", Account name and email in "Account Name" & "Email". All are stored as REG_BINARY.
How do I get the ASCII output in the REG_BINARY Case in the last loop?

Resources