I'm trying to delete certain registry values. I've used the code (by "rojo").
This code works perfectly if you define the exact key. For example, I want to delete Logon.vbs from the Run key. If I also want to delete Logoff.vbs, it seems I cannot use *.vbs to delete those two. How would I do that (deleting multiple keys with the same extension)?
A related question is how to delete a key that holds certain data. For example, I have a key named Logon which contains data to C:\Windows\Logon.vbs. I want that key deleted as well. When using the example above, this did not work.
I have permission(s) on those keys, so that's not the issue. What am I missing or doing wrong?
As an example I've provided a screenshot where example (1) is represented by the red color and (2) by blue. Screenshot:
The code in my first example would look like:
#echo off
setlocal
set "DisableScripts=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
rem get only the first token of each line of "reg query"
for /f %%I in (
'reg query "%DisableScripts%"'
) do (
echo(%%I | findstr /i "Logon.vbs" >NUL && (
rem (if "findstr" didn't exit with an abnormal error code)
echo Deleting item %%I
reg delete "%DisableScripts%" /v "%%I" /f
)
This deletes the key "Logon.vbs" just fine. However, I also want to delete "Logoff.vbs". I have tried with "*.vbs", but to no avail.
The code above does also not delete the "Script" value where the Data contains Logon.vbs. I suppose I would somehow have to use the /d switch for that...
Code for the first example:
for /f %%a in ('reg query "%DisableScripts%" /s^|findstr /ic:"\.vbs "') do echo reg delete "%DisableScripts%" /v "%%~a" /f
Code for the second example:
for /f %%a in ('reg query "%DisableScripts%" /s^|findstr /eic:"C:\\logon\.vbs"') do echo reg delete "%DisableScripts%" /v "%%~a" /f
Please note the Regex expressions "\.vbs " and "C:\\logon\.vbs". Use a command line with administrator permissions.
Okay, so I'm not sure how I missed this. Of course you have to append % .... Below the code to delete all VBS files under the \Run key:
#echo off
setlocal
set "DisableScripts=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
rem get only the first token of each line of "reg query"
for /f %%I in (
'reg query "%DisableScripts%"'
) do (
echo(%%I | findstr /i "%*.vbs" >NUL && (
rem (if "findstr" didn't exit with an abnormal error code)
echo Deleting item %%I
reg delete "%DisableScripts%" /v "%%I" /f
)
(
I'll be checking later on how to delete certain data from the Data field and post back here.
Related
I have a batch file which is checking the value of a registry key.
I have the file reading the value and deleting the blank line at the beginning of the file, but there are still spaces in the output which need removing.
The script appears not to read the output properly if it contains spaces.
Here is the code I am using:
#echo off
md c:\temp
md c:\temp\Reg_Test
reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 /v SchUseStrongCrypto > c:\temp\Reg_test\AfterRegUpdate32.log
findstr /v /r /c:"^$" /c:"^\ *$" /c:"^\ *$" "C:\temp\Reg_Test\AfterRegUpdate32.log" >> "C:\temp\Reg_Test\AfterRegUpdate32.txt"
exit
It appears to do everything I need except for deleting the spaces. I know there is something simple I am missing here. Any help will be greatly appreciated.
Is this what you're trying to retrieve:
#Echo Off
MD "C:\temp\Reg_Test" 2>Nul
(For /F "EOL=H Tokens=2*" %%A In (
'Reg Query "HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319" /V "SchUseStrongCrypto" 2^>Nul'
) Do Echo %%B)>"C:\temp\Reg_Test\AfterRegUpdate32.txt"
Screenshot
I am trying to fetch all registry entries under
HKEY_Local_Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList and Delete if REG_EXPAND_SZ key contains value C:\Users\sas-
Ideal Steps Script should do :
1) Get all Registry entries for users Using :
reg query "HKEY_Local_Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList"
>> xyz.txt
2)If users name is sas-### (which we can get in "REG_EXPAND_SZ") then delete this entry :
for /f "skip=10 tokens=* " %%a in (xyz.txt) do (
for /f "eol=; skip=2 tokens=4 delims=\t" %k in ('reg query "%%a" /t REG_EXPAND_SZ') do (
if %k == "sas-" (reg delete "%%a")
)
)
Try this:
for /f "tokens=*" %%a in ('
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList"') do (
for /f "tokens=*" %%b in ('
reg query "%%a" /v "ProfileImagePath" 2^>nul ^| find "sas-"') do
rem reg delete "%%a"
echo "%%a" >>C:\names.txt
)
I've based this on you querying the ProfileImagePath value, and deleting any of the keys that contain sas-* in the value. I've also put in a few line breaks you will have to remove (just for easy viewing on SO).
Please test this first (I've echo'd them to a text file at the moment), if you are happy with it then remove rem from the reg delete line.
You should be able to do it from a single For loop; however, I do not particularly like the idea of removing profiles using this method.
#Echo Off
For /F "Tokens=1-2*" %%A In ('Reg Query^
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" /S^
/F ProfileImagePath /V 2^>Nul') Do (
If Not "%%~A%%B"=="ProfileImagePathREG_EXPAND_SZ" (
Set "_C=Reg Delete "%%A%%B"") Else (Set "_P=%%~C"
SetLocal EnableDelayedExpansion
If Not "!_P:C:\Users\sas-=!"=="!_P!" Echo=!_C!
EndLocal))
Timeout -1
If you're happy with the console output then remove Echo= from line 8 and delete line 10.
I want to be able to export key-values of registry keys as returned by reg query.
I'm trying to write a script to find registration for a particular dll and then write all keys to a backup file, before trying to achieve uninstall by deleting the keys. Here's what I could come up with so far:
#echo off
reg query HKLM\SOFTWARE\Classes /s /f %1 2>&1 >NUL
if errorlevel 1 goto DLL_MISSING
for /f "tokens=1,1" %%a in ('reg query HKLM\SOFTWARE\Classes /s /f %1 2^>NUL ^| findstr /I "^HKEY_"') do (
echo %%a
REG export %%a Backup.REG
)
goto :DLL_FOUND
:DLL_MISSING
echo Assembly not found.
goto :eof
:DLL_FOUND
echo Assembly found.
Right now reg export prompts to overwrite file, which I want append instead.
How can I achieve the same?
Also, please do suggest if there is some better way to automate uninstall duplicate(?) installs as installed by 'regasm'.
I could prefer batch-file based solution instead of Powershell or something else. Thanks!
reg.exe does not support appending/combining of several exported keys. The easiest workaround seems to be to output each key's data into a separate file, and then merge these into a single file afterwards. Note that you need to make sure that the output key file is not picked up by the FOR loop, which I ensured by simply placing the combined key file in a subfolder called target.
#ECHO OFF
MKDIR target
ECHO Windows Registry Editor Version 5.00 > target\combined.reg
FOR %%G IN (*.reg) DO (
TYPE "%%G" | FINDSTR /V "Windows Registry Editor" >> target\combined.reg
DEL "%%G"
)
This is what I wrote:
It's basically similar to what was proposed by #zb226.
#echo off
reg query HKLM\SOFTWARE\Classes /s /f %1 2>&1 >NUL
if errorlevel 1 goto DLL_MISSING
ECHO Windows Registry Editor Version 5.00 > backup.reg
for /f "tokens=1,2" %%a in ('reg query HKLM\SOFTWARE\Classes /s /f "%1" 2^>NUL ^| findstr /I "^HKEY_"') do (
echo Deleting : %%a
reg export %%a bkp_tmp.reg /y >nul 2>&1
type bkp_tmp.reg | FINDSTR /V "Windows Registry Editor" >> backup.reg
reg delete %%a /f >nul 2>&1
)
del /f bkp_tmp.reg
goto :DLL_FOUND
:DLL_MISSING
echo Assembly not found.
goto :eof
:DLL_FOUND
echo Assembly found.
It's ugly, as there definitely are key repetitions, but works for now.
The same goes for reg delete operations. It's manageable for now, but definitely there could be a better solution.
I have a batch that goes through and deletes registry entries. So far all but one one of them has been sussed out successfully using CMD.
Let's say we have the following key:
HKCU\Temp
This key has a REG_MULTI_SZ value with an unknown name. We know which key the value is in, and we know the data stored in the value, but not the name of the value. Deleting the entire key (or all values in the key) isn't permissible: we want to delete only the value containing the data that we're looking for.
As an example, suppose we know that the key is HKCU\Temp and the value contains three strings:
This is a test
for
now at least
I've tried a couple different ways to delete this registry entry using CMD, but I'm goofing somewhere. What command would I enter to delete this guy?
Caveat: We cannot assume there aren't other entries at this key that have the same content on the first line. It has to be a full match.
Important comment promoted: "reg delete can only delete keys and values with explicitly specified names, it can't search for data." -wOxxOm
Therefore, you must search the data for a match, and then delete the matching key/value.
To search for a multiline string use \0 separator and /e for exact matching, the output will be:
HKEY_CURRENT_USER\Temp
abc REG_MULTI_SZ This is a test\0for\0now at least
End of search: 1 match(es) found.
Let's filter it by "REG_MULTI_SZ", parse the result and delete the value.
Simple method: take the 1st space-separated token, works only for value names without spaces
#echo off
for /f "tokens=1,2*" %%a in ('
reg query "HKCU\Temp" /d /e /f "This is a test\0for\0now at least"
^| find "REG_MULTI_SZ"
') do (
echo Deleting %%a=%%c
reg delete "HKCU\Temp" /v %%a /f
)
pause
More robust method that can also delete variable names with spaces:
#echo off
for /f "tokens=*" %%a in ('
reg query "HKCU\Temp" /d /e /f "This is a test\0for\0now at least"
^| find "REG_MULTI_SZ"
') do (
setlocal enableDelayedExpansion
rem Split
set "line=%%a"
set "value=!line:*REG_MULTI_SZ=REG_MULTI_SZ!"
call set "name=%%line:!value!=%%"
rem Trim spaces
for /L %%b in (1,1,10) do if "!name:~-1!"==" " set "name=!name:~0,-1!"
echo Deleting !name!
reg delete "HKCU\Temp" /v "!name!" /f
endlocal
)
pause
Hello People of StackoverFlow,
I am trying to query the follow registry location(every folder in here)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
In there are random numbers like so:
{071c9b48-7c32-4621-a0ac-3f809523288f}
In each of these random numbers, I need to check if the key 'DisplayName' that is in each of these locations contains a certain text, lets say 'OverFlow'.
I've done some querys but not like this, if anyone can help that would be great!
EDIT: I've made some progress but am encountering a problem( I have done alot of research...)
Below is what I have so far:
#echo off
setlocal
:RemoveCVCP
set PythonReg=
for /f "tokens=1" %%A in ('reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall /s /v "DisplayName" ^| find "Python"') do set "PythonReg=%%A"
if %ERRORLEVEL% neq 0 (
GOTO RemovePyCP)
echo %PythonReg%
endlocal
pause
What I'm trying to do is loop through 'KLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall', and look at the 'DisplayName' key, if the data contains 'Python' then delete it. and keep going till there are no longer any more.
Right Now I am testing this with an echo, but it will evetually delete it.
(I'm just using python as an example, I have already removed everything else that is related to the software I'm trying to remove, this is the last location.)
Thanks, Michael
First, list all values that contain python, two lines will be printed for each entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E43BBAEB-4914-44C6-88C0-E7A1DBD20A91}
DisplayName REG_SZ Some application title with python in its name
then delete those keys where the printed value name is DisplayName:
#echo off
setlocal enableDelayedExpansion
for /f "tokens=1,2*" %%A in ('^
reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall /s /d /f "python"^
') do (
if "%%A"=="DisplayName" (
echo Deleting %%C
reg delete !key! /f
) else (
set str=%%A
if "!str:~0,4!"=="HKEY" set key=%%A
)
)
pause
This code assumes there are no spaces in the key name.