I want to see with vbs, registry path. I have solution for reading the key.
Set wshShell = CreateObject( "WScript.Shell" )
WScript.Echo "ID = " _
& wshShell.RegRead( "HKEY_USERS\key" )
Output is registry key string.
I want script which to show all paths in HKEY_USERS.
For example tree:
HKEY_USERS \
S-1-5-20_Classes
S-1-5-20
S-1-5-21
S-1-5-21-15325-362362362 (I want to output only this path)
You can use the WMI StdRegProv.EnumKey methods to list all subkeys under a specific registry key. For example:
Const HKEY_USERS = &H80000003
strComputer = "."
Set objReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" _
& strComputer & "\root\default:StdRegProv")
strKeyPath = ""
objReg.EnumKey HKEY_USERS, strKeyPath, arrSubKeys
For Each subkey In arrSubKeys
WScript.Echo subkey
Next
Related
I am stumped here. I can't seem to wrap my head around getting the subkeys read into an array, and then walk through each subkey to search for a certain Dword value. I could assign variables to every subkey (which would take forever.)
My script works fine when I have it set up to look at one subkey and one value:
Const HKLM = &H80000002
Const REG_SZ = 1
Const REG_EXPAND_SZ = 2
Const REG_BINARY = 3
Const REG_DWORD = 4
Const REG_MULTI_SZ = 7
strKeyPath = "HKEY_LOCAL_MACHINE\SOFTWARE\Program\Policies\policy1"
strValueName = "lastStatus"
Set objRegistry = GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv")
objRegistry.GetDWORDValue HKLM,strKeyPath,strValueName,dwValue
If dwValue = 0 Then
Wscript.Echo strcomputer & " not done."
Elseif dwvalue = 3 Then
Wscript.Echo strcomputer & " is done!"
But, I need the script to walk through HKLM\Software\program\policies\policy1, then HKLM\Software\program\policies\policy2, then HKLM\Software\program\policies\policy3... until it reads every policy, of which there are 32 to 34 depending on the computer.
Then I need to check within each policy subkey if a dword value = 0 or 3.
I am not sure what you mean by "can't wrap my head around arrays". Do you mean you don't like the idea? In that case if you can be sure about the names of the subkeys you can do it like
For i = 1 To 34
strKeyPath = "SOFTWARE\Program\Policies\policy" & i
objRegistry.GetDWORDValue HKLM,strKeyPath,strValueName,dwValue
Next
If you just mean you don't know the proper way to do it, the normal approach would be
Const HKLM = &H80000002
strComputer = "."
strKeyPath = "SOFTWARE\Policies\"
strValueName = "lastStatus"
Set objRegistry = GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv")
objRegistry.EnumKey HKLM, strKeyPath, subKeys
For Each subKey In subKeys
objRegistry.GetDWORDValue HKLM,strKeyPath & subKey ,strValueName,dwValue
Next
Please note that either way, if you use the WMI registry provider the keyPaths are always without "HKEY_LOCAL_MACHINE\" because you have (correctly) specified that as constant already.
I can't use VB Script to create registry keys. I've hecked WMI using wbemtest and I am running the script using administrative privileges. I beleive the code is correct - I've seen several sample on the internet and it seems to be straight forward. Is there anything else within the OS that could prevent a VB Script from creating registry keys?
Sample code is below.
Const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "ostslhqe-48958"
Set objRegistry = GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv")
strKeyPath = "SOFTWARE\TestKey"
objRegistry.CreateKey HKEY_CURRENT_USER, strKeyPath
strKeyPath = "SOFTWARE\Script Center"
objRegistry.CreateKey HKEY_CURRENT_USER, strKeyPath
An example of registry entry creation would be:
Const HKEY_CURRENT_USER = &H80000001
strComputer = "."
Set objRegistry = GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv")
strValueName = "My DWORD Value"
dwValue = 13
objRegistry.SetDWORDValue HKEY_CURRENT_USER, strKeyPath, strValueName, dwValue
Source : http://blogs.technet.com/b/heyscriptingguy/archive/2006/11/16/how-can-i-create-a-new-registry-key.aspx
The following code is meant to delete all user accounts from HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
Code:
On Error Resume Next
Const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set objRegistry=GetObject("winmgmts:\\" & _
strComputer & "\root\default:StdRegProv")
strKeyPath = "SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList"
objRegistry.EnumKey HKEY_LOCAL_MACHINE, strKeyPath, arrSubkeys
For Each objSubkey In arrSubkeys
strValueName = "ProfileImagePath"
strSubPath = strKeyPath & "\" & objSubkey
objRegistry.GetExpandedStringValue HKEY_LOCAL_MACHINE,strSubPath,strValueName,strValue
strPath=Left(strvalue,Len(strvalue)-Len(Right(strvalue,Len(strvalue)-9)))
strID=Right(strvalue,Len(strvalue)-9)
if ((strPath="C:\Users\") and (strID<>"rcadmin")) then
return=objRegistry.DeleteKey(HKEY_LOCAL_MACHINE, strSubPath)
end if
Next
wscript.echo "Done"
If I replace "return=objRegistry.DeleteKey(HKEY_LOCAL_MACHINE, strSubPath)" with "wscript.echo strID", it displays what I expect. So all I need to do now is delete the string "strSubPath" from "HKEY_LOCAL_MACHINE". And this is the part that I can not get right.
An example of the output of
wscript.echo strSubPath" is "SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList"\S-1-5-21-3469983464-63224933-1422604425-8029
What am I missing?
I'm using the examples from technet to try to read a dword / string from HKLM\Microsoft\Windows\CurrentVersion\Run called MyStartupExe.. It is returning empty.. This regular example works:
Const HKEY_CURRENT_USER = &H80000001
strComputer = "."
Set oReg=GetObject( _
"winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")
strKeyPath = "Console"
strValueName = "HistoryBufferSize"
oReg.GetDWORDValue _
HKEY_CURRENT_USER,strKeyPath,strValueName,dwValue
WScript.Echo "Current History Buffer Size: " & dwValue
My adaptation of it does not work. The string and dword value exists in the registry at the key path I'm looking for.
const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set oReg=GetObject( _
"winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")
strKeyPath = "SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
strValueName = "MyStartUpExe"
oReg.GetDWORDValue _
HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue
WScript.Echo "MyStartupExe" & dwValue
"MyStartUpExe" is most likely a REG_SZ value, not a REG_DWORD value, so you'll have to use GetStringValue() instead of GetDWORDValue().
oReg.GetStringValue HKEY_LOCAL_MACHINE, strKeyPath, strValueName, value
WScript.Echo "MyStartUpExe" & value
Refer to the WMI StdRegProv class.
Or you could just use Shell.RegRead to read registry values where you don't know the values' datatype. If the return code of RegRead is 0 (success) a reg value exists, else if the return code will be some general error code, e.g. &h800xxxxx etc. then no reg value exists. To check your OS architecture type, query the Win32_Processor.Architecture value (where '0' = 'x86' or '9' = 'x64').
I have this script to run on Windows 2008/Vista to remove one registry key, but I can't get it to run:
Const HKEY_CLASSES_ROOT = &H80000000
strComputer = "."
strKeyPath = "Installer\Products\334A4D1453680B74CA87BEE6B7E40113"
Set objRegistry = GetObject("winmgmts:\\" & _
strComputer & "\root\default:StdRegProv")
DeleteSubkeys HKEY_CLASSES_ROOT, strKeypath
Private Sub DeleteSubkeys(HKEY_CURRENT_USER, strKeyPath)
strComputer = "."
Set objRegistry = GetObject("winmgmts:\\" & _
strComputer & "\root\default:StdRegProv")
objRegistry.EnumKey HKEY_CURRENT_USER, strKeyPath, arrSubkeys
If IsArray(arrSubkeys) Then
For Each strSubkey In arrSubkeys
DeleteSubkeys HKEY_CURRENT_USER, strKeyPath & "\" & strSubkey
Next
End If
objRegistry.DeleteKey HKEY_CURRENT_USER, strKeyPath
End Sub
Any idea why?
Are you running this as an admin user? Despite your use of HKEY_CURRENT_USER as a param name, you're trying to delete from HKEY_CLASSES_ROOT, which would normally require elevated access.