SAPIEN Technologies

Another topic that I’ve seen resurface in the forums I frequent is reading remote registries. If you know exactly what you’re looking for it doesn’t get any easier than using REG.EXE from the command line. Here are some examples from the command’s help:

Examples:

REG QUERY HKLM\Software\Microsoft\ResKit /v Version
Displays the value of the registry value Version

REG QUERY \ABC\HKLM\Software\Microsoft\ResKit\Nt\Setup /s
Displays all subkeys and values under the registry key Setup
on remote machine ABC

REG QUERY HKLM\Software\Microsoft\ResKit\Nt\Setup /se #
Displays all the subkeys and values with “#” as the seperator
for all valuenames whose type is REG_MULTI_SZ.

REG QUERY HKLM /f SYSTEM /t REG_SZ /c /e
Displays Key, Value and Data with case sensitive and exact
occurrences of “SYSTEM” under HKLM root for the data type REG_SZ

REG QUERY HKCU /f 0F /d /t REG_BINARY
Displays Key, Value and Data for the occurrences of “0F” in data
under HKCU root for the data type REG_BINARY

REG QUERY HKLM\SOFTWARE /ve
Displays Value and Data for the empty value (Default)
under HKLM\SOFTWARE

To see the complete help open a command prompt and type REG query /? or REG /? to see all the things this tool can accomplish.

I put together a batch file to streamline the query process. It is also attached as a text file.

@echo off
REM ReqQuery.bat
REM Keywords: Registry,REG,REMote
REM USAGE
REM RegQuery.bat [computername]

::**********NOTES**********
REM This script will the registry for the specified key.
REM The computer name and registry key value will be displayed.
REM You can specify a computername as a runtime parameter.

REM If you don’t specify a name, the script will query
REM the local machine.

REM If you want to save results run
REM RegQueryList.bat > results.txt

REM To process a list of computers use an expression like this:
REM for /f %s in (servers.txt) do @regquery.bat %s >> results.txt

REM If you don’t specify a computer, the local computer will
REM be queried.

::**********CONFIGURATION**********
REM Define the registry path to query. Do not use quotes.
REM Remote computers can query either HKLM or HKCU, although as
REM a practical matter you can really only use HKLM

set regPath=hklm\software\microsoft\windows NT\currentversion

REM Enter the registry key that you want the value of:
set regKey=RegisteredOwner

::**********MAIN SCRIPT**********
if %1$==$ (
set computer=%computername%
) else (
set computer=%1
)

REM uncomment next line for debugging
REM echo Reg Query “\%computer%\%regpath%” /v %regkey%

FOR /F “tokens=*” %%a in (‘Reg Query “\%computer%\%regpath%” /v %regkey% ^|

find /i “%regkey%”’) do @echo %computer% %%a

GOTO :OUT

:OUT
set regPath=
set regKey=
set computer=

:EOF

The script takes a computer name as a run time parameter. If you don’t specify one then the local computer will be queried.

The script is intended to return the value of a single registry key. There are two variables you need to edit in the script before running it. Of course, you may prefer to modify this script so you can pass keys and values as additional run time parameters.

To query a single computer, open a command prompt in your script directory and run something like this:

C:\Scripts>regquery jdhit-dc01
jdhit-dc01 RegisteredOwner REG_SZ Jeffery D. Hicks

As written you’ll need to use traditional console redirection to save the results:

C:\Scripts>regquery jdhit-dc01 > owner.txt

What about a bunch of computers? Easy. Use the FOR command like this:

c:\Scripts\for /f %s in (servers.txt) do @regquery.bat %s >> owners.txt

If owners.txt already exists all output will be appended to it so you might need to delete first if it exists.

There’s no provision for alternate credentials using REG, so you’ll likely need admin rights for the remote computer you are querying.

If you have simple needs, a simple tool like REG will do the trick. Next time we’ll revisit this topic with VBScript and WMI.