Registry queries the easy way
Another topic that I’ve seen resurface in the forums I frequent is reading remote registries. If you know exactly what you’re looking for it doesn’t get any easier than using REG.EXE from the command line. Here are some examples from the command’s help:
REG QUERY HKLM\Software\Microsoft\ResKit /v Version
Displays the value of the registry value Version
REG QUERY \ABC\HKLM\Software\Microsoft\ResKit\Nt\Setup /s
Displays all subkeys and values under the registry key Setup
on remote machine ABC
REG QUERY HKLM\Software\Microsoft\ResKit\Nt\Setup /se #
Displays all the subkeys and values with “#” as the seperator
for all valuenames whose type is REG_MULTI_SZ.
REG QUERY HKLM /f SYSTEM /t REG_SZ /c /e
Displays Key, Value and Data with case sensitive and exact
occurrences of “SYSTEM” under HKLM root for the data type REG_SZ
REG QUERY HKCU /f 0F /d /t REG_BINARY
Displays Key, Value and Data for the occurrences of “0F” in data
under HKCU root for the data type REG_BINARY
REG QUERY HKLM\SOFTWARE /ve
Displays Value and Data for the empty value (Default)
To see the complete help open a command prompt and type REG query /? or REG /? to see all the things this tool can accomplish.
I put together a batch file to streamline the query process. It is also attached as a text file.
REM Keywords: Registry,REG,REMote
REM RegQuery.bat [computername]
REM This script will the registry for the specified key.
REM The computer name and registry key value will be displayed.
REM You can specify a computername as a runtime parameter.
REM If you don’t specify a name, the script will query
REM the local machine.
REM If you want to save results run
REM RegQueryList.bat > results.txt
REM To process a list of computers use an expression like this:
REM for /f %s in (servers.txt) do @regquery.bat %s >> results.txt
REM If you don’t specify a computer, the local computer will
REM be queried.
REM Define the registry path to query. Do not use quotes.
REM Remote computers can query either HKLM or HKCU, although as
REM a practical matter you can really only use HKLM
set regPath=hklm\software\microsoft\windows NT\currentversion
REM Enter the registry key that you want the value of:
if %1$==$ (
) else (
REM uncomment next line for debugging
REM echo Reg Query “\%computer%\%regpath%” /v %regkey%
FOR /F “tokens=*” %%a in (‘Reg Query “\%computer%\%regpath%” /v %regkey% ^|
find /i “%regkey%”’) do @echo %computer% %%a
The script takes a computer name as a run time parameter. If you don’t specify one then the local computer will be queried.
The script is intended to return the value of a single registry key. There are two variables you need to edit in the script before running it. Of course, you may prefer to modify this script so you can pass keys and values as additional run time parameters.
To query a single computer, open a command prompt in your script directory and run something like this:
jdhit-dc01 RegisteredOwner REG_SZ Jeffery D. Hicks
As written you’ll need to use traditional console redirection to save the results:
C:\Scripts>regquery jdhit-dc01 > owner.txt
What about a bunch of computers? Easy. Use the FOR command like this:
c:\Scripts\for /f %s in (servers.txt) do @regquery.bat %s >> owners.txt
If owners.txt already exists all output will be appended to it so you might need to delete first if it exists.
There’s no provision for alternate credentials using REG, so you’ll likely need admin rights for the remote computer you are querying.
If you have simple needs, a simple tool like REG will do the trick. Next time we’ll revisit this topic with VBScript and WMI.