VB Scripts to manage Registry

Checking Registry Key Access Rights const KEY_QUERY_VALUE = &H0001 const KEY_SET_VALUE = &H0002 const KEY_CREATE_SUB_KEY = &H0004 const DELETE = &H00010000 const HKEY_LOCAL_MACHINE = &H80000002 strComputer = "." Set StdOut = WScript.StdOut Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_ strComputer & "\root\default:StdRegProv") strKeyPath = "SYSTEM\CurrentControlSet" oReg.CheckAccess HKEY_LOCAL_MACHINE, strKeyPath, KEY_QUERY_VALUE, _ bHasAccessRight If bHasAccessRight = True Then StdOut.WriteLine "Have Query Value Access Rights on Key" Else StdOut.WriteLine "Do Not Have Query Value Access Rights on Key" End If oReg.CheckAccess HKEY_LOCAL_MACHINE, strKeyPath, KEY_SET_VALUE, _ bHasAccessRight If bHasAccessRight = True Then StdOut.WriteLine "Have Set Value Access Rights on Key" Else StdOut.WriteLine "Do Not Have Set Value Access Rights on Key" End If oReg.CheckAccess HKEY_LOCAL_MACHINE, strKeyPath, KEY_CREATE_SUB_KEY, _ bHasAccessRight If bHasAccessRight = True Then StdOut.WriteLine "Have Create SubKey Access Rights on Key" Else StdOut.WriteLine "Do Not Have Create SubKey Access Rights on Key" End If oReg.CheckAccess HKEY_LOCAL_MACHINE, strKeyPath, DELETE, bHasAccessRight If bHasAccessRight = True Then StdOut.WriteLine "Have Delete Access Rights on Key" Else StdOut.WriteLine "Do Not Have Delete Access Rights on Key" End If ------------------------------------------------------------------------- Creating Expanded String Values: Uses WMI to create an expanded string value under HKLM\SOFTWARE\System Admin Scripting Guide. const HKEY_LOCAL_MACHINE = &H80000002 strComputer = "." Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_ strComputer & "\root\default:StdRegProv") strKeyPath = "SOFTWARE\System Admin Scripting Guide" strValueName = "Expanded String Value Name" strValue = "%PATHEXT%" oReg.SetExpandedStringValue _ HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue ------------------------------------------------------------------------------------ Checking Registry Key Access Rights Uses WMI to check access rights for the logged on user to HKLM\SYSTEM\CurrentControlSet. const KEY_QUERY_VALUE = &H0001 const KEY_SET_VALUE = &H0002 const KEY_CREATE_SUB_KEY = &H0004 const DELETE = &H00010000 const HKEY_LOCAL_MACHINE = &H80000002 strComputer = "." Set StdOut = WScript.StdOut Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_ strComputer & "\root\default:StdRegProv") strKeyPath = "SYSTEM\CurrentControlSet" oReg.CheckAccess HKEY_LOCAL_MACHINE, strKeyPath, KEY_QUERY_VALUE, _ bHasAccessRight If bHasAccessRight = True Then StdOut.WriteLine "Have Query Value Access Rights on Key" Else StdOut.WriteLine "Do Not Have Query Value Access Rights on Key" End If oReg.CheckAccess HKEY_LOCAL_MACHINE, strKeyPath, KEY_SET_VALUE, _ bHasAccessRight If bHasAccessRight = True Then StdOut.WriteLine "Have Set Value Access Rights on Key" Else StdOut.WriteLine "Do Not Have Set Value Access Rights on Key" End If oReg.CheckAccess HKEY_LOCAL_MACHINE, strKeyPath, KEY_CREATE_SUB_KEY, _ bHasAccessRight If bHasAccessRight = True Then StdOut.WriteLine "Have Create SubKey Access Rights on Key" Else StdOut.WriteLine "Do Not Have Create SubKey Access Rights on Key" End If oReg.CheckAccess HKEY_LOCAL_MACHINE, strKeyPath, DELETE, bHasAccessRight If bHasAccessRight = True Then StdOut.WriteLine "Have Delete Access Rights on Key" Else StdOut.WriteLine "Do Not Have Delete Access Rights on Key" End If ----------------------------------------------------------------------------------------- Creating a Registry Key Uses WMI to create a registry key HKLM\SOFTWARE\System Admin Scripting Guide. const HKEY_LOCAL_MACHINE = &H80000002 strComputer = "." Set StdOut = WScript.StdOut Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_ strComputer & "\root\default:StdRegProv") strKeyPath = "SOFTWARE\System Admin Scripting Guide" oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath ---------------------------------------------------------------------------- Creating String and DWORD Values Uses WMI to create string and DWORD values under HKLM\SOFTWARE\System Admin Scripting Guide. const HKEY_LOCAL_MACHINE = &H80000002 strComputer = "." Set StdOut = WScript.StdOut Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_ strComputer & "\root\default:StdRegProv") strKeyPath = "SOFTWARE\System Admin Scripting Guide" strValueName = "String Value Name" strValue = "string value" oReg.SetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue strValueName = "DWORD Value Name" dwValue = 82 oReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue -------------------------------------------------------------------------------- Deleting a Registry Key Uses WMI to delete the registry key HKLM\SOFTWARE\System Admin Scripting Guide. const HKEY_LOCAL_MACHINE = &H80000002 strComputer = "." Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_ strComputer & "\root\default:StdRegProv") strKeyPath = "SOFTWARE\System Admin Scripting Guide" oReg.DeleteKey HKEY_LOCAL_MACHINE, strKeyPath -------------------------------------------------------------------------- Deleting Registry Values Uses WMI to delete all the registry values under HKLM\SOFTWARE\System Admin Scripting Guide. const HKEY_LOCAL_MACHINE = &H80000002 strComputer = "." Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_ strComputer & "\root\default:StdRegProv") strKeyPath = "SOFTWARE\System Admin Scripting Guide" strDWORDValueName = "DWORD Value Name" strExpandedStringValueName = "Expanded String Value Name" strMultiStringValueName = "Multi String Value Name" strStringValueName = "String Value Name" oReg.DeleteValue HKEY_LOCAL_MACHINE,strKeyPath,strDWORDValueName oReg.DeleteValue HKEY_LOCAL_MACHINE,strKeyPath,strExpandedStringValueName oReg.DeleteValue HKEY_LOCAL_MACHINE,strKeyPath,strMultiStringValueName oReg.DeleteValue HKEY_LOCAL_MACHINE,strKeyPath,strStringValueName ----------------------------------------------------------------------------- Enumerating Registry Properties Returns information about the computer registry. On Error Resume Next strComputer = "." Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2") Set colItems = objWMIService.ExecQuery("Select * from Win32_Registry") For Each objItem in colItems Wscript.Echo "Current Size: " & objItem.CurrentSize Wscript.Echo "Description: " & objItem.Description Wscript.Echo "Install Date: " & objItem.InstallDate Wscript.Echo "Maximum Size: " & objItem.MaximumSize Wscript.Echo "Name: " & objItem.Name Wscript.Echo "Proposed Size: " & objItem.ProposedSize Next ---------------------------------------------------------------------- Enumerating Registry Values and Types Uses WMI to list all the registry values and their types under HKLM\SYSTEM\CurrentControlSet\Control\Lsa. const HKEY_LOCAL_MACHINE = &H80000002 const REG_SZ = 1 const REG_EXPAND_SZ = 2 const REG_BINARY = 3 const REG_DWORD = 4 const REG_MULTI_SZ = 7 strComputer = "." Set StdOut = WScript.StdOut Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_ strComputer & "\root\default:StdRegProv") strKeyPath = "SYSTEM\CurrentControlSet\Control\Lsa" oReg.EnumValues HKEY_LOCAL_MACHINE, strKeyPath,_ arrValueNames, arrValueTypes For i=0 To UBound(arrValueNames) StdOut.WriteLine "Value Name: " & arrValueNames(i) Select Case arrValueTypes(i) Case REG_SZ StdOut.WriteLine "Data Type: String" StdOut.WriteBlankLines(1) Case REG_EXPAND_SZ StdOut.WriteLine "Data Type: Expanded String" StdOut.WriteBlankLines(1) Case REG_BINARY StdOut.WriteLine "Data Type: Binary" StdOut.WriteBlankLines(1) Case REG_DWORD StdOut.WriteLine "Data Type: DWORD" StdOut.WriteBlankLines(1) Case REG_MULTI_SZ StdOut.WriteLine "Data Type: Multi String" StdOut.WriteBlankLines(1) End Select Next --------------------------------------------------------------- Enumerating Subkeys Uses WMI to enumerate all the registry subkeys under HKLM\SYSTEM\CurrentControlSet\Services. const HKEY_LOCAL_MACHINE = &H80000002 strComputer = "." Set StdOut = WScript.StdOut Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_ strComputer & "\root\default:StdRegProv") strKeyPath = "SYSTEM\CurrentControlSet\Services" oReg.EnumKey HKEY_LOCAL_MACHINE, strKeyPath, arrSubKeys For Each subkey In arrSubKeys StdOut.WriteLine subkey Next --------------------------------------------------------------------- Listing Registry Files Uses WMI to list all the registry file and locations under HKLM\System\CurrentControlSet\Control\Hivelist. const HKEY_LOCAL_MACHINE = &H80000002 strComputer = "." Set StdOut = WScript.StdOut Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_ strComputer & "\root\default:StdRegProv") strKeyPath = "System\CurrentControlSet\Control\hivelist" oReg.EnumValues HKEY_LOCAL_MACHINE, strKeyPath,_ arrValueNames, arrValueTypes For i=0 To UBound(arrValueNames) StdOut.WriteLine "File Name: " & arrValueNames(i) & " -- " oReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath,_ arrValueNames(i),strValue StdOut.WriteLine "Location: " & strValue StdOut.WriteBlankLines(1) Next ------------------------------------------------------------- Monitoring Registry Entry Level Events Temporary event consumer that monitors the registry for any changes to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CSDVersion. Set wmiServices = GetObject("winmgmts:root/default") Set wmiSink = WScript.CreateObject("WbemScripting.SWbemSink", "SINK_") wmiServices.ExecNotificationQueryAsync wmiSink, _ "SELECT * FROM RegistryValueChangeEvent WHERE Hive='HKEY_LOCAL_MACHINE' " & _ "AND KeyPath='SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion'" _ & " AND ValueName='CSDVersion'" WScript.Echo "Listening for Registry Change Events..." & vbCrLf While(1) WScript.Sleep 1000 Wend Sub SINK_OnObjectReady(wmiObject, wmiAsyncContext) WScript.Echo "Received Registry Change Event" & vbCrLf & _ "------------------------------" & vbCrLf & _ wmiObject.GetObjectText_() End Sub -------------------------------------------------------------------------- Monitoring Registry Subkey Events Temporary event consumer that monitors the registry for any changes to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion. Set wmiServices = GetObject("winmgmts:root/default") Set wmiSink = WScript.CreateObject("WbemScripting.SWbemSink", "SINK_") wmiServices.ExecNotificationQueryAsync wmiSink, _ "SELECT * FROM RegistryKeyChangeEvent WHERE Hive='HKEY_LOCAL_MACHINE' AND " & _ "KeyPath='SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion'" WScript.Echo "Listening for Registry Change Events..." & vbCrLf While(1) WScript.Sleep 1000 Wend Sub SINK_OnObjectReady(wmiObject, wmiAsyncContext) WScript.Echo "Received Registry Change Event" & vbCrLf & _ "------------------------------" & vbCrLf & _ wmiObject.GetObjectText_() End Sub --------------------------------------------------------------------------- Monitoring Registry Subtree Events Temporary event consumer that monitors the registry for any changes to HKLM. Set wmiServices = GetObject("winmgmts:root/default") Set wmiSink = WScript.CreateObject("WbemScripting.SWbemSink", "SINK_") wmiServices.ExecNotificationQueryAsync wmiSink, _ "SELECT * FROM RegistryTreeChangeEvent WHERE Hive= " _ & "'HKEY_LOCAL_MACHINE' AND RootPath=''" WScript.Echo "Listening for Registry Change Events..." & vbCrLf While(1) WScript.Sleep 1000 Wend Sub SINK_OnObjectReady(wmiObject, wmiAsyncContext) WScript.Echo "Received Registry Change Event" & vbCrLf & _ "------------------------------" & vbCrLf & _ wmiObject.GetObjectText_() End Sub ---------------------------------------------------------------------------- Reading a Binary Registry Value , Uses WMI to read a binary registry value. const HKEY_LOCAL_MACHINE = &H80000002 strComputer = "." Set StdOut = WScript.StdOut Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_ strComputer & "\root\default:StdRegProv") strKeyPath = "SOFTWARE\Microsoft\Windows NT\CurrentVersion" strValueName = "LicenseInfo" oReg.GetBinaryValue HKEY_LOCAL_MACHINE,strKeyPath,_ strValueName,strValue For i = lBound(strValue) to uBound(strValue) StdOut.WriteLine strValue(i) Next ---------------------------------------------------------------------------------- Reading an Expanded String Value Uses WMI to read an expanded string registry value. const HKEY_LOCAL_MACHINE = &H80000002 strComputer = "." Set StdOut = WScript.StdOut Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_ strComputer & "\root\default:StdRegProv") strKeyPath = "SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" strValueName = "UIHost" oReg.GetExpandedStringValue HKEY_LOCAL_MACHINE,strKeyPath,_ strValueName,strValue StdOut.WriteLine "The Windows logon UI host is: " & strValue ---------------------------------------------------------------------------------- Reading a MultiString Value, Uses WMI to read a multi-string registry value. const HKEY_LOCAL_MACHINE = &H80000002 strComputer = "." Set StdOut = WScript.StdOut Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_ strComputer & "\root\default:StdRegProv") strKeyPath = "SYSTEM\CurrentControlSet\Services\Eventlog\System" strValueName = "Sources" oReg.GetMultiStringValue HKEY_LOCAL_MACHINE,strKeyPath,_ strValueName,arrValues For Each strValue In arrValues StdOut.WriteLine strValue Next ---------------------------------------------------------------------------------- Reading String and DWORD Values,Uses WMI to read a string and a DWORD registry value. const HKEY_CURRENT_USER = &H80000001 const HKEY_LOCAL_MACHINE = &H80000002 strComputer = "." Set StdOut = WScript.StdOut Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_ strComputer & "\root\default:StdRegProv") strKeyPath = "Console" strValueName = "HistoryBufferSize" oReg.GetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName,dwValue StdOut.WriteLine "Current History Buffer Size: " & dwValue strKeyPath = "SOFTWARE\Microsoft\Windows Script Host\Settings" strValueName = "TrustPolicy" oReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue StdOut.WriteLine "Current WSH Trust Policy Value: " & strValue