?
Solved

registry scan

Posted on 2003-03-13
5
Medium Priority
?
642 Views
Last Modified: 2012-05-04
Hi,

I'd like to write a script to scan registry for specific values on all computers in my domain.
how can I accomplish that ?
0
Comment
Question by:elad00
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
5 Comments
 
LVL 7

Expert Comment

by:YarnoSG
ID: 8127883
Here Is a script I wrote to determine who is on a specific (remote) machine.  It stores the "captured" registry key into a variable (%testuser%).  Feel free to use this as a starting point.
Copy between the lines into Notepad, and save as WhoIsOn.cmd
___________________________:: WhoIsOn.cmd
:: by Steven Yarnot
:: 05/04/2001
::
:: Requires PSList from SYSINTERNALS (Freeware) http://www.sysinternals.com
:: Requires REG.EXE from Resource Kit
:: Requires UPPER.CMD/UPPER.BAT by P.CASTI  (Search Google on "P.Casti Upper") http://cwashington.netreach.net/depo/view.asp?Index=4&ScriptType=command
:: Required files should be in your path
::
:: Updated 05/08/2001 to use current version of reg.exe
:: Updated 08/07/2001 to test for presence of explorer on target
:: machine (logged in or not)
::
:: echos username of last logged on user of a remote machine
::
:: Requires:
::
::

::
@echo off

::
call :cleanup


::
if "%1"=="" goto usage

::
set testpc=%1
call upper testpc
set testuserdom=-
set testuser=-
for /f "tokens=1,2,3,4,5 delims=      " %%i in ('reg query "\\%testpc%\hklm\software\microsoft\windows nt\currentversion\winlogon" /v defaultusername') do set testuser=%%k
for /f "tokens=1,2,3,4,5 delims=      " %%i in ('reg query "\\%testpc%\hklm\software\microsoft\windows nt\currentversion\winlogon" /v defaultdomainname') do set testuserdom=%%k

::
IF "%testuser%"=="path" goto noton

::
IF "%testuser%"=="" goto notnt

CALL UPPER TESTUSER
::
echo.

::
echo %TESTUSERDOM%\%testuser% was the last to log into %testpc%

IF /I "%2"=="/Q" GOTO SKIPUSERINF
::Userinf is a batch file that calls the USERACCOUNT.VBS script from the NT4 Resource Kit;  listed below
CALL USERINF %TESTUSER% %TESTUSERDOM%

:SKIPUSERINF

::
set testvar=is NOT

::
for /f %%i in ('pslist \\%testpc% explorer') do if /I "%%i"=="explorer" (set testvar=is) else if "%%i"=="Failed" (set perms=no)

::
if "%perms%"=="no" goto noperms

::
echo and %testvar% currently logged in.

::
goto exitit


::
:noperms
echo.
echo and you do not have permissions to take a process snapshot,
echo so I cannot tell if they are currently logged in or not.
echo.
goto exitit


::
:noton
echo.
echo %testpc% is not on or it is not an NT kernel machine,
echo or is a fresh-built, never been logged into machine.
::
ping %testpc% -n 1
goto exitit


::
:notnt

echo.


:SetNetw
for /f "tokens=1,2,3,4,5 delims=,. "  %%i in ('ping %testpc% -n 1') do set netw=%%k

:: if netw= address, it is a bad IP if = out, not on the network at this time
::
if "%netw%"=="address" goto noip

::
if "%netw%"=="out" goto noconnection

::

echo %testpc% is not on or it is not an NT kernel machine,
echo or is a fresh-built, never been logged into machine.


goto exitit

:noip
:noconnection
echo %1 is not on the network
goto :EOF

:usage
echo.
echo.
echo usage:  whoison NodeName
echo.
echo.
echo         returns the last logged on username on the machine NodeName
goto :EOF


:exitit
:cleanup
set perms=
:: set testuser=
set netw=
set testpc=
_____________________________________

Below, UserInf.cmd:
__________________________

cscript //NOLOGO Pathtothisfile\useraccount.vbs /d %2 /N %1
__________________________

-Hope This Helps
-Steven Yarnot
http://yarnosg.home.insightbb.com
0
 
LVL 7

Expert Comment

by:YarnoSG
ID: 8127917
Oh, it is VERY Important to know, that in the for statement around the REG,
for /f "tokens=1,2,3,4,5 delims=      " %%i in ('reg query "\\%testpc%\hklm\software\microsoft\windows nt\currentversion\winlogon" /v defaultusername') do set testuser=%%k

The DELIMS argument is as follows:  delims={Tab}{Space}" it may not cut & paste too well.  The Tab is needed as a delimiter to capture the registry value correctly.

-Steve
0
 

Author Comment

by:elad00
ID: 8128675
Is there a possibility to write it in vbscript ?
or some window script that doesn't require special
freewares ?
0
 
LVL 7

Expert Comment

by:YarnoSG
ID: 8129443
In that case, what you are looking for is here:

http://www.planet-source-code.com/vb/scripts/ShowCode.asp?lngWId=1&txtCodeId=1881



HTH

-Steve
0
 
LVL 7

Accepted Solution

by:
YarnoSG earned 400 total points
ID: 8129497
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
We are witnesses that everyone is saying that our children shouldn't "play" with a technology because it is dangerous. This article is going to prove that they are wrong.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
Suggested Courses
Course of the Month9 days, 1 hour left to enroll

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question