Scripts to manage Registry
Checking Registry Key Access Rights
Creating Expanded String Values
Checking Registry Key Access Rights
Creating a Registry Key
Creating String and DWORD Values
Deleting a Registry Key
Deleting Registry Values
Enumerating Registry Properties
Enumerating Registry Values and Types
Enumerating Subkeys
Listing Registry Files
Monitoring Registry Entry Level Events
Monitoring Registry Subkey Events
Monitoring Registry Subtree Events
Reading a Binary Registry Value
Reading an Expanded String Value
Reading a MultiString Value
Reading String and DWORD Values
const KEY_QUERY_VALUE = &H0001
const KEY_SET_VALUE = &H0002
const KEY_CREATE_SUB_KEY = &H0004
const DELETE = &H00010000
const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set StdOut = WScript.StdOut
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")
strKeyPath = "SYSTEM\CurrentControlSet"
oReg.CheckAccess HKEY_LOCAL_MACHINE, strKeyPath, KEY_QUERY_VALUE, _
bHasAccessRight
If bHasAccessRight = True Then
StdOut.WriteLine "Have Query Value Access Rights on Key"
Else
StdOut.WriteLine "Do Not Have Query Value Access Rights on Key"
End If
oReg.CheckAccess HKEY_LOCAL_MACHINE, strKeyPath, KEY_SET_VALUE, _
bHasAccessRight
If bHasAccessRight = True Then
StdOut.WriteLine "Have Set Value Access Rights on Key"
Else
StdOut.WriteLine "Do Not Have Set Value Access Rights on Key"
End If
oReg.CheckAccess HKEY_LOCAL_MACHINE, strKeyPath, KEY_CREATE_SUB_KEY, _
bHasAccessRight
If bHasAccessRight = True Then
StdOut.WriteLine "Have Create SubKey Access Rights on Key"
Else
StdOut.WriteLine "Do Not Have Create SubKey Access Rights on Key"
End If
oReg.CheckAccess HKEY_LOCAL_MACHINE, strKeyPath, DELETE, bHasAccessRight
If bHasAccessRight = True Then
StdOut.WriteLine "Have Delete Access Rights on Key"
Else
StdOut.WriteLine "Do Not Have Delete Access Rights on Key"
End If
Uses WMI to create an expanded string value under HKLM\SOFTWARE\System Admin Scripting Guide.
const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")
strKeyPath = "SOFTWARE\System Admin Scripting Guide"
strValueName = "Expanded String Value Name"
strValue = "%PATHEXT%"
oReg.SetExpandedStringValue _
HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue
Uses WMI to check access rights for the logged on user to HKLM\SYSTEM\CurrentControlSet.
const KEY_QUERY_VALUE = &H0001
const KEY_SET_VALUE = &H0002
const KEY_CREATE_SUB_KEY = &H0004
const DELETE = &H00010000
const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set StdOut = WScript.StdOut
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")
strKeyPath = "SYSTEM\CurrentControlSet"
oReg.CheckAccess HKEY_LOCAL_MACHINE, strKeyPath, KEY_QUERY_VALUE, _
bHasAccessRight
If bHasAccessRight = True Then
StdOut.WriteLine "Have Query Value Access Rights on Key"
Else
StdOut.WriteLine "Do Not Have Query Value Access Rights on Key"
End If
oReg.CheckAccess HKEY_LOCAL_MACHINE, strKeyPath, KEY_SET_VALUE, _
bHasAccessRight
If bHasAccessRight = True Then
StdOut.WriteLine "Have Set Value Access Rights on Key"
Else
StdOut.WriteLine "Do Not Have Set Value Access Rights on Key"
End If
oReg.CheckAccess HKEY_LOCAL_MACHINE, strKeyPath, KEY_CREATE_SUB_KEY, _
bHasAccessRight
If bHasAccessRight = True Then
StdOut.WriteLine "Have Create SubKey Access Rights on Key"
Else
StdOut.WriteLine "Do Not Have Create SubKey Access Rights on Key"
End If
oReg.CheckAccess HKEY_LOCAL_MACHINE, strKeyPath, DELETE, bHasAccessRight
If bHasAccessRight = True Then
StdOut.WriteLine "Have Delete Access Rights on Key"
Else
StdOut.WriteLine "Do Not Have Delete Access Rights on Key"
End If
Uses WMI to create a registry key HKLM\SOFTWARE\System Admin Scripting Guide.
const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set StdOut = WScript.StdOut
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")
strKeyPath = "SOFTWARE\System Admin Scripting Guide"
oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath
Uses WMI to create string and DWORD values under HKLM\SOFTWARE\System Admin Scripting Guide.
const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set StdOut = WScript.StdOut
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")
strKeyPath = "SOFTWARE\System Admin Scripting Guide"
strValueName = "String Value Name"
strValue = "string value"
oReg.SetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue
strValueName = "DWORD Value Name"
dwValue = 82
oReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue
Uses WMI to delete the registry key HKLM\SOFTWARE\System Admin Scripting Guide.
const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")
strKeyPath = "SOFTWARE\System Admin Scripting Guide"
oReg.DeleteKey HKEY_LOCAL_MACHINE, strKeyPath
Uses WMI to delete all the registry values under HKLM\SOFTWARE\System Admin Scripting Guide.
const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")
strKeyPath = "SOFTWARE\System Admin Scripting Guide"
strDWORDValueName = "DWORD Value Name"
strExpandedStringValueName = "Expanded String Value Name"
strMultiStringValueName = "Multi String Value Name"
strStringValueName = "String Value Name"
oReg.DeleteValue HKEY_LOCAL_MACHINE,strKeyPath,strDWORDValueName
oReg.DeleteValue HKEY_LOCAL_MACHINE,strKeyPath,strExpandedStringValueName
oReg.DeleteValue HKEY_LOCAL_MACHINE,strKeyPath,strMultiStringValueName
oReg.DeleteValue HKEY_LOCAL_MACHINE,strKeyPath,strStringValueName
Returns information about the computer registry.
On Error Resume Next
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery("Select * from Win32_Registry")
For Each objItem in colItems
Wscript.Echo "Current Size: " & objItem.CurrentSize
Wscript.Echo "Description: " & objItem.Description
Wscript.Echo "Install Date: " & objItem.InstallDate
Wscript.Echo "Maximum Size: " & objItem.MaximumSize
Wscript.Echo "Name: " & objItem.Name
Wscript.Echo "Proposed Size: " & objItem.ProposedSize
Next
Uses WMI to list all the registry values and their types under HKLM\SYSTEM\CurrentControlSet\Control\Lsa.
const HKEY_LOCAL_MACHINE = &H80000002
const REG_SZ = 1
const REG_EXPAND_SZ = 2
const REG_BINARY = 3
const REG_DWORD = 4
const REG_MULTI_SZ = 7
strComputer = "."
Set StdOut = WScript.StdOut
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")
strKeyPath = "SYSTEM\CurrentControlSet\Control\Lsa"
oReg.EnumValues HKEY_LOCAL_MACHINE, strKeyPath,_
arrValueNames, arrValueTypes
For i=0 To UBound(arrValueNames)
StdOut.WriteLine "Value Name: " & arrValueNames(i)
Select Case arrValueTypes(i)
Case REG_SZ
StdOut.WriteLine "Data Type: String"
StdOut.WriteBlankLines(1)
Case REG_EXPAND_SZ
StdOut.WriteLine "Data Type: Expanded String"
StdOut.WriteBlankLines(1)
Case REG_BINARY
StdOut.WriteLine "Data Type: Binary"
StdOut.WriteBlankLines(1)
Case REG_DWORD
StdOut.WriteLine "Data Type: DWORD"
StdOut.WriteBlankLines(1)
Case REG_MULTI_SZ
StdOut.WriteLine "Data Type: Multi String"
StdOut.WriteBlankLines(1)
End Select
Next
Uses WMI to enumerate all the registry subkeys under HKLM\SYSTEM\CurrentControlSet\Services.
const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set StdOut = WScript.StdOut
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")
strKeyPath = "SYSTEM\CurrentControlSet\Services"
oReg.EnumKey HKEY_LOCAL_MACHINE, strKeyPath, arrSubKeys
For Each subkey In arrSubKeys
StdOut.WriteLine subkey
Next
Uses WMI to list all the registry file and locations under HKLM\System\CurrentControlSet\Control\Hivelist.
const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set StdOut = WScript.StdOut
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")
strKeyPath = "System\CurrentControlSet\Control\hivelist"
oReg.EnumValues HKEY_LOCAL_MACHINE, strKeyPath,_
arrValueNames, arrValueTypes
For i=0 To UBound(arrValueNames)
StdOut.WriteLine "File Name: " & arrValueNames(i) & " -- "
oReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath,_
arrValueNames(i),strValue
StdOut.WriteLine "Location: " & strValue
StdOut.WriteBlankLines(1)
Next
Temporary event consumer that monitors the registry for any changes to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CSDVersion.
Set wmiServices = GetObject("winmgmts:root/default")
Set wmiSink = WScript.CreateObject("WbemScripting.SWbemSink", "SINK_")
wmiServices.ExecNotificationQueryAsync wmiSink, _
"SELECT * FROM RegistryValueChangeEvent WHERE Hive='HKEY_LOCAL_MACHINE' " & _
"AND KeyPath='SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion'" _
& " AND ValueName='CSDVersion'"
WScript.Echo "Listening for Registry Change Events..." & vbCrLf
While(1)
WScript.Sleep 1000
Wend
Sub SINK_OnObjectReady(wmiObject, wmiAsyncContext)
WScript.Echo "Received Registry Change Event" & vbCrLf & _
"------------------------------" & vbCrLf & _
wmiObject.GetObjectText_()
End Sub
Temporary event consumer that monitors the registry for any changes to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion.
Set wmiServices = GetObject("winmgmts:root/default")
Set wmiSink = WScript.CreateObject("WbemScripting.SWbemSink", "SINK_")
wmiServices.ExecNotificationQueryAsync wmiSink, _
"SELECT * FROM RegistryKeyChangeEvent WHERE Hive='HKEY_LOCAL_MACHINE' AND " & _
"KeyPath='SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion'"
WScript.Echo "Listening for Registry Change Events..." & vbCrLf
While(1)
WScript.Sleep 1000
Wend
Sub SINK_OnObjectReady(wmiObject, wmiAsyncContext)
WScript.Echo "Received Registry Change Event" & vbCrLf & _
"------------------------------" & vbCrLf & _
wmiObject.GetObjectText_()
End Sub
Temporary event consumer that monitors the registry for any changes to HKLM.
Set wmiServices = GetObject("winmgmts:root/default")
Set wmiSink = WScript.CreateObject("WbemScripting.SWbemSink", "SINK_")
wmiServices.ExecNotificationQueryAsync wmiSink, _
"SELECT * FROM RegistryTreeChangeEvent WHERE Hive= " _
& "'HKEY_LOCAL_MACHINE' AND RootPath=''"
WScript.Echo "Listening for Registry Change Events..." & vbCrLf
While(1)
WScript.Sleep 1000
Wend
Sub SINK_OnObjectReady(wmiObject, wmiAsyncContext)
WScript.Echo "Received Registry Change Event" & vbCrLf & _
"------------------------------" & vbCrLf & _
wmiObject.GetObjectText_()
End Sub
Uses WMI to read a binary registry value.
const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set StdOut = WScript.StdOut
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")
strKeyPath = "SOFTWARE\Microsoft\Windows NT\CurrentVersion"
strValueName = "LicenseInfo"
oReg.GetBinaryValue HKEY_LOCAL_MACHINE,strKeyPath,_
strValueName,strValue
For i = lBound(strValue) to uBound(strValue)
StdOut.WriteLine strValue(i)
Next
Uses WMI to read an expanded string registry value.
const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set StdOut = WScript.StdOut
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")
strKeyPath = "SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon"
strValueName = "UIHost"
oReg.GetExpandedStringValue HKEY_LOCAL_MACHINE,strKeyPath,_
strValueName,strValue
StdOut.WriteLine "The Windows logon UI host is: " & strValue
Uses WMI to read a multi-string registry value.
const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set StdOut = WScript.StdOut
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")
strKeyPath = "SYSTEM\CurrentControlSet\Services\Eventlog\System"
strValueName = "Sources"
oReg.GetMultiStringValue HKEY_LOCAL_MACHINE,strKeyPath,_
strValueName,arrValues
For Each strValue In arrValues
StdOut.WriteLine strValue
Next
Uses WMI to read a string and a DWORD registry value.
const HKEY_CURRENT_USER = &H80000001
const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set StdOut = WScript.StdOut
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")
strKeyPath = "Console"
strValueName = "HistoryBufferSize"
oReg.GetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName,dwValue
StdOut.WriteLine "Current History Buffer Size: " & dwValue
strKeyPath = "SOFTWARE\Microsoft\Windows Script Host\Settings"
strValueName = "TrustPolicy"
oReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue
StdOut.WriteLine "Current WSH Trust Policy Value: " & strValue
댓글을 달아 주세요