Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

registry scan

Posted on 2003-03-13
5
Medium Priority
?
649 Views
Last Modified: 2012-05-04
Hi,

I'd like to write a script to scan registry for specific values on all computers in my domain.
how can I accomplish that ?
0
Comment
Question by:elad00
  • 4
5 Comments
 
LVL 7

Expert Comment

by:YarnoSG
ID: 8127883
Here Is a script I wrote to determine who is on a specific (remote) machine.  It stores the "captured" registry key into a variable (%testuser%).  Feel free to use this as a starting point.
Copy between the lines into Notepad, and save as WhoIsOn.cmd
___________________________:: WhoIsOn.cmd
:: by Steven Yarnot
:: 05/04/2001
::
:: Requires PSList from SYSINTERNALS (Freeware) http://www.sysinternals.com
:: Requires REG.EXE from Resource Kit
:: Requires UPPER.CMD/UPPER.BAT by P.CASTI  (Search Google on "P.Casti Upper") http://cwashington.netreach.net/depo/view.asp?Index=4&ScriptType=command
:: Required files should be in your path
::
:: Updated 05/08/2001 to use current version of reg.exe
:: Updated 08/07/2001 to test for presence of explorer on target
:: machine (logged in or not)
::
:: echos username of last logged on user of a remote machine
::
:: Requires:
::
::

::
@echo off

::
call :cleanup


::
if "%1"=="" goto usage

::
set testpc=%1
call upper testpc
set testuserdom=-
set testuser=-
for /f "tokens=1,2,3,4,5 delims=      " %%i in ('reg query "\\%testpc%\hklm\software\microsoft\windows nt\currentversion\winlogon" /v defaultusername') do set testuser=%%k
for /f "tokens=1,2,3,4,5 delims=      " %%i in ('reg query "\\%testpc%\hklm\software\microsoft\windows nt\currentversion\winlogon" /v defaultdomainname') do set testuserdom=%%k

::
IF "%testuser%"=="path" goto noton

::
IF "%testuser%"=="" goto notnt

CALL UPPER TESTUSER
::
echo.

::
echo %TESTUSERDOM%\%testuser% was the last to log into %testpc%

IF /I "%2"=="/Q" GOTO SKIPUSERINF
::Userinf is a batch file that calls the USERACCOUNT.VBS script from the NT4 Resource Kit;  listed below
CALL USERINF %TESTUSER% %TESTUSERDOM%

:SKIPUSERINF

::
set testvar=is NOT

::
for /f %%i in ('pslist \\%testpc% explorer') do if /I "%%i"=="explorer" (set testvar=is) else if "%%i"=="Failed" (set perms=no)

::
if "%perms%"=="no" goto noperms

::
echo and %testvar% currently logged in.

::
goto exitit


::
:noperms
echo.
echo and you do not have permissions to take a process snapshot,
echo so I cannot tell if they are currently logged in or not.
echo.
goto exitit


::
:noton
echo.
echo %testpc% is not on or it is not an NT kernel machine,
echo or is a fresh-built, never been logged into machine.
::
ping %testpc% -n 1
goto exitit


::
:notnt

echo.


:SetNetw
for /f "tokens=1,2,3,4,5 delims=,. "  %%i in ('ping %testpc% -n 1') do set netw=%%k

:: if netw= address, it is a bad IP if = out, not on the network at this time
::
if "%netw%"=="address" goto noip

::
if "%netw%"=="out" goto noconnection

::

echo %testpc% is not on or it is not an NT kernel machine,
echo or is a fresh-built, never been logged into machine.


goto exitit

:noip
:noconnection
echo %1 is not on the network
goto :EOF

:usage
echo.
echo.
echo usage:  whoison NodeName
echo.
echo.
echo         returns the last logged on username on the machine NodeName
goto :EOF


:exitit
:cleanup
set perms=
:: set testuser=
set netw=
set testpc=
_____________________________________

Below, UserInf.cmd:
__________________________

cscript //NOLOGO Pathtothisfile\useraccount.vbs /d %2 /N %1
__________________________

-Hope This Helps
-Steven Yarnot
http://yarnosg.home.insightbb.com
0
 
LVL 7

Expert Comment

by:YarnoSG
ID: 8127917
Oh, it is VERY Important to know, that in the for statement around the REG,
for /f "tokens=1,2,3,4,5 delims=      " %%i in ('reg query "\\%testpc%\hklm\software\microsoft\windows nt\currentversion\winlogon" /v defaultusername') do set testuser=%%k

The DELIMS argument is as follows:  delims={Tab}{Space}" it may not cut & paste too well.  The Tab is needed as a delimiter to capture the registry value correctly.

-Steve
0
 

Author Comment

by:elad00
ID: 8128675
Is there a possibility to write it in vbscript ?
or some window script that doesn't require special
freewares ?
0
 
LVL 7

Expert Comment

by:YarnoSG
ID: 8129443
In that case, what you are looking for is here:

http://www.planet-source-code.com/vb/scripts/ShowCode.asp?lngWId=1&txtCodeId=1881



HTH

-Steve
0
 
LVL 7

Accepted Solution

by:
YarnoSG earned 400 total points
ID: 8129497
0

Featured Post

Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Are you a startup company? Being a startup, you may be using shared hosting, or maybe even dedicated hosting. But have you ever given a thought to using cloud computing now? Yes, don’t be surprised, it is possible for startups to opt for cloud compu…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
The Relationships Diagram is a good way to get an overall view of what a database is keeping track of. It is also where relationships are defined. A relationship specifies how two tables connect to each other. As you build tables in Microsoft Ac…

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question