First time posting so go easy on me. :)
I need to delete a registry that begins with 'MikePike' for example.
It needs to check if anything that has this in its name, because 'MikePike' will contain numbers after it, in no specific order. I cant just delete 'MikePike' because it would be different every time.
This needs to be done in a .bat file as I'm trying to make my teams' job easier, and we cannot install any additional software.
I did look at using wildcards but not sure if you can use this for registry edits.
Below is a snippet of what I have in my .bat:
`REGEDIT4
REGEDIT.EXE /E C:/rs-pkgs/REGTEST.REG
REGEDIT.EXE /E c:/rs-pkgs/SEARCHREG.REG
#echo off
pushd "%temp%"
makecab /D RptFileName=~.rpt /D InfFileName=~.inf /f nul >nul
for /f "tokens=3-7" %%a in ('find /i "makecab"^<~.rpt') do (
set "current-date=%%e%%b%%c"
set "current-time=%%d"
set "weekday=%%a"
set "dateandtime=%%e%%b%%c-%%d
)
del ~.*
popd
echo Todays date is the following: %weekday% %current-date% %current- time%
rename C:\rs-pkgs\REGTEST.REG %current-date%.REG
reg delete HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\GxEvMgrC(Instance001) /f
reg delete HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\GxClusPlugIn (234435) (7532)'
The last reg key will have random numbers in it, I have hit brick wall... :(
Any help is greatly appreciated, and will save countless hours :D
Thanks, Michael
#echo off
for /f %%a in ('
reg query "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services" ^|
find "GxClusPlugIn"
') do (
set "regs=%%a"
)
echo %regs%
reg delete "%regs%"
Related
I am attempting to write a batch script to delete a registry key for a user profile. The user profile will always have the same name, but the key is different for every computer and increments each time the username is created, even though the previous one was deleted.
I'm guessing that it would require some type of for loop to identify the key value for the ProfileImagePath as C:\Users\Username.
I know wildcards don't work so reg delete 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-*' /f won't work.
I'm aware of some PS scripts that can do this, but I would like to keep this in a batch file.
Here's a single line example of the methodology I'd suggest, (which will not become obsolete when WMIC.exe is removed from Windows 11).
#For /F "EOL= Delims=" %%G In ('%SystemRoot%\System32\reg.exe Query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" /S /F "C:\Users\Username" /D /E 2^>NUL ^| %SystemRoot%\System32\find.exe "S-1-5-21-"') Do #%SystemRoot%\System32\reg.exe Delete "%%G" /V "ProfileImagePath" /F 1>NUL 2>&1
Please take account of my commented advice too.
I want to be able to export key-values of registry keys as returned by reg query.
I'm trying to write a script to find registration for a particular dll and then write all keys to a backup file, before trying to achieve uninstall by deleting the keys. Here's what I could come up with so far:
#echo off
reg query HKLM\SOFTWARE\Classes /s /f %1 2>&1 >NUL
if errorlevel 1 goto DLL_MISSING
for /f "tokens=1,1" %%a in ('reg query HKLM\SOFTWARE\Classes /s /f %1 2^>NUL ^| findstr /I "^HKEY_"') do (
echo %%a
REG export %%a Backup.REG
)
goto :DLL_FOUND
:DLL_MISSING
echo Assembly not found.
goto :eof
:DLL_FOUND
echo Assembly found.
Right now reg export prompts to overwrite file, which I want append instead.
How can I achieve the same?
Also, please do suggest if there is some better way to automate uninstall duplicate(?) installs as installed by 'regasm'.
I could prefer batch-file based solution instead of Powershell or something else. Thanks!
reg.exe does not support appending/combining of several exported keys. The easiest workaround seems to be to output each key's data into a separate file, and then merge these into a single file afterwards. Note that you need to make sure that the output key file is not picked up by the FOR loop, which I ensured by simply placing the combined key file in a subfolder called target.
#ECHO OFF
MKDIR target
ECHO Windows Registry Editor Version 5.00 > target\combined.reg
FOR %%G IN (*.reg) DO (
TYPE "%%G" | FINDSTR /V "Windows Registry Editor" >> target\combined.reg
DEL "%%G"
)
This is what I wrote:
It's basically similar to what was proposed by #zb226.
#echo off
reg query HKLM\SOFTWARE\Classes /s /f %1 2>&1 >NUL
if errorlevel 1 goto DLL_MISSING
ECHO Windows Registry Editor Version 5.00 > backup.reg
for /f "tokens=1,2" %%a in ('reg query HKLM\SOFTWARE\Classes /s /f "%1" 2^>NUL ^| findstr /I "^HKEY_"') do (
echo Deleting : %%a
reg export %%a bkp_tmp.reg /y >nul 2>&1
type bkp_tmp.reg | FINDSTR /V "Windows Registry Editor" >> backup.reg
reg delete %%a /f >nul 2>&1
)
del /f bkp_tmp.reg
goto :DLL_FOUND
:DLL_MISSING
echo Assembly not found.
goto :eof
:DLL_FOUND
echo Assembly found.
It's ugly, as there definitely are key repetitions, but works for now.
The same goes for reg delete operations. It's manageable for now, but definitely there could be a better solution.
Hello People of StackoverFlow,
I am trying to query the follow registry location(every folder in here)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
In there are random numbers like so:
{071c9b48-7c32-4621-a0ac-3f809523288f}
In each of these random numbers, I need to check if the key 'DisplayName' that is in each of these locations contains a certain text, lets say 'OverFlow'.
I've done some querys but not like this, if anyone can help that would be great!
EDIT: I've made some progress but am encountering a problem( I have done alot of research...)
Below is what I have so far:
#echo off
setlocal
:RemoveCVCP
set PythonReg=
for /f "tokens=1" %%A in ('reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall /s /v "DisplayName" ^| find "Python"') do set "PythonReg=%%A"
if %ERRORLEVEL% neq 0 (
GOTO RemovePyCP)
echo %PythonReg%
endlocal
pause
What I'm trying to do is loop through 'KLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall', and look at the 'DisplayName' key, if the data contains 'Python' then delete it. and keep going till there are no longer any more.
Right Now I am testing this with an echo, but it will evetually delete it.
(I'm just using python as an example, I have already removed everything else that is related to the software I'm trying to remove, this is the last location.)
Thanks, Michael
First, list all values that contain python, two lines will be printed for each entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E43BBAEB-4914-44C6-88C0-E7A1DBD20A91}
DisplayName REG_SZ Some application title with python in its name
then delete those keys where the printed value name is DisplayName:
#echo off
setlocal enableDelayedExpansion
for /f "tokens=1,2*" %%A in ('^
reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall /s /d /f "python"^
') do (
if "%%A"=="DisplayName" (
echo Deleting %%C
reg delete !key! /f
) else (
set str=%%A
if "!str:~0,4!"=="HKEY" set key=%%A
)
)
pause
This code assumes there are no spaces in the key name.
My company has a lot of automation that runs overnight via batch scripts. Mostly just copying new files here and there. What I am looking for is a way to run a check of the file creation dates / last modification dates after all the scripts have ran to ensure everything is up to date. It would basically look to a specific file in a shared drive or UNC path. If that file is less than 24 hours old, do nothing. If the subject file is OLDER than 24 hours, then trigger an email. I already have a VBS to send an email so I could add that at the end of the IF statement. Any help is appreciated.
There are ways and means...
Here's a routine that will do something along the lines you outline:
#ECHO Off
SETLOCAL
:: remove variables starting $
FOR /F "delims==" %%a In ('set $ 2^>Nul') DO SET "%%a="
SET "sourcedir=U:\sourcedir"
SET "runflag=runflag.###"
SET "foundrun="
ATTRIB -h "%sourcedir%\runflag.###"
FOR /f "tokens=1,2delims=:" %%a IN ('dir /b /od /a-d "%sourcedir%"^|findstr /n /r "^"') DO (
IF %%b==%runflag% SET foundrun=Y
IF NOT DEFINED foundrun SET "$%%a=%%b"
)
(
ECHO(Old file list
FOR /F "tokens=1,2delims==" %%a In ('set $ 2^>Nul') DO ECHO(%%b
)>"%sourcedir%\%runflag%"
ATTRIB +h "%sourcedir%\runflag.###"
IF DEFINED $1 ECHO(send email
GOTO :EOF
You would need to change the setting of sourcedir to suit your circumstances. runflag is simply a convenient filename.
The object here is to look for files that have not been updated since the previous run of this routine. This gets over the fixed "24 hours" idea - in case of holidays, weekends, etc.
The names of files that haven't changed would be in runflag.### - ideal for using in a mailer like blat.
I played around with the hidden flag here - to hide the file from "this shouldn't be here - I don't understand. I'll delete it". (those who take that attitude may often be defeated with a simple +H and +R). Improve or remove the ATTRIB commands as you will.
you can get the file modification date with for %a in (file.txt) do echo %~ta (double the % in batch files)
Change \\server\share and use the filename in place of filename.ext and this should launch your email.bat file if the file is older than 1 day.
robocopy "\\server\share" "%temp%" filename.ext /minage:1 /L |find " New File " >nul && call email.bat
I'm trying to delete certain registry values. I've used the code (by "rojo").
This code works perfectly if you define the exact key. For example, I want to delete Logon.vbs from the Run key. If I also want to delete Logoff.vbs, it seems I cannot use *.vbs to delete those two. How would I do that (deleting multiple keys with the same extension)?
A related question is how to delete a key that holds certain data. For example, I have a key named Logon which contains data to C:\Windows\Logon.vbs. I want that key deleted as well. When using the example above, this did not work.
I have permission(s) on those keys, so that's not the issue. What am I missing or doing wrong?
As an example I've provided a screenshot where example (1) is represented by the red color and (2) by blue. Screenshot:
The code in my first example would look like:
#echo off
setlocal
set "DisableScripts=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
rem get only the first token of each line of "reg query"
for /f %%I in (
'reg query "%DisableScripts%"'
) do (
echo(%%I | findstr /i "Logon.vbs" >NUL && (
rem (if "findstr" didn't exit with an abnormal error code)
echo Deleting item %%I
reg delete "%DisableScripts%" /v "%%I" /f
)
This deletes the key "Logon.vbs" just fine. However, I also want to delete "Logoff.vbs". I have tried with "*.vbs", but to no avail.
The code above does also not delete the "Script" value where the Data contains Logon.vbs. I suppose I would somehow have to use the /d switch for that...
Code for the first example:
for /f %%a in ('reg query "%DisableScripts%" /s^|findstr /ic:"\.vbs "') do echo reg delete "%DisableScripts%" /v "%%~a" /f
Code for the second example:
for /f %%a in ('reg query "%DisableScripts%" /s^|findstr /eic:"C:\\logon\.vbs"') do echo reg delete "%DisableScripts%" /v "%%~a" /f
Please note the Regex expressions "\.vbs " and "C:\\logon\.vbs". Use a command line with administrator permissions.
Okay, so I'm not sure how I missed this. Of course you have to append % .... Below the code to delete all VBS files under the \Run key:
#echo off
setlocal
set "DisableScripts=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
rem get only the first token of each line of "reg query"
for /f %%I in (
'reg query "%DisableScripts%"'
) do (
echo(%%I | findstr /i "%*.vbs" >NUL && (
rem (if "findstr" didn't exit with an abnormal error code)
echo Deleting item %%I
reg delete "%DisableScripts%" /v "%%I" /f
)
(
I'll be checking later on how to delete certain data from the Data field and post back here.