Obtaining security settings through batch script

Posted on 2003-11-01
Last Modified: 2013-12-04
I'm in the process of writing a batch script for Windows 2000 and 2003 server and I would like to know if it is possible to:
1.  extract specific keys from a batch script (I don't want to take a copy of the registry.

2. extract specific values from the local security policy (ie: everything under password policy, lockout policy, audit policy, user rights assignment, security options).

Question by:KABOOM
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 9664020
A tool that can assist you with the registry side of things is regfind.exe from the resource kit.
RegFind is a command-line tool that you can use to search the Windows 2000 registry for arbitrary data, key names, or value names. The tool allows you to replace any of these with new values.

RegFind Syntax
regfind [{-m \\ComputerName | -h HiveFile HiveRoot | -w Win95Directory}] [-i n] [-o OutputWidth] [-p RegistryKeyPath] [{-z | -t DataType}] [{-b | -B}] [-y] [-n] [SearchString [-r ReplacementString]]


-m \\ComputerName
specifies a remote Windows 2000 computer (machine) whose registry is to be manipulated.
-h HiveFile HiveRoot
specifies a local hive to manipulate.
-w Win95Directory
specifies the paths to Windows 95 system.dat and user.dat files.
-i n
specifies the display indentation multiple. Default is 4.
-o OutputWidth
specifies how wide the output is to be. By default OutputWidth is set to the width of the console window, if standard output (STDOUT) has not been redirected to a file. In the latter case, an OutputWidth of 240 is used.
-p RegistryKeyPath
specifies where in the registry to start searching. All entries below this point in the registry hierarchy are also searched. If no path is specified, RegFind searches the entire registry, which can be time consuming.
If the path contains spaces, it must be surrounded by quotations marks:
"Registry Key Path With Spaces"
specifies to search for REG_SZ and REG_EXPAND_SZ values that are missing a trailing null character and/or have a length that is not a multiple of the size of a Unicode character. If -r is also specified, any replacement string is ignored and RegFind adds the missing null character and/or adjusts the length up to an even multiple of the size of a Unicode character.
-t DataType
specifies which registry types to search. DataType can be REG_SZ, REG_MULTI_SZ, REG_EXPAND_SZ, REG_DWORD, REG_BINARY, or REG_NONE. Default is any of the _SZ types.
only valid with _SZ searches. Specifies that RegFind should look for occurrences of the SearchString inside of REG_BINARY data. May not be specified with a ReplacementString that is not the same length as the SearchString.
same as -b but also looks for ANSI version of string within REG_BINARY values.
only valid with _SZ searches. Specifies that RegFind should ignore case when searching.
specifies to include key and value names in the search; -n may not specified with -t.
is the value to search for. If SearchString is not specified, RegFind searches based on type.
If SearchString contains spaces, it must be surrounded by quotations marks:
"Search String With Spaces"
-r ReplacementString
specifies an optional replacement string to replace any matches with.
SearchString and ReplacementString must be of the same type as specified by the -t switch. For any of the _SZ types, it is just a string. For REG_DWORD, it is a single number (for example: 0x1000 or 4096). For REG_BINARY, it is a number specifing #bytes, optionally followed by the actual bytes, with a separate number for each DWORD (for example, 0x06 0x12345678 0x1234). If just the byte count is specified, RegFind searches for all REG_BINARY values that have that length. May not search for length and specify -r.
When doing replacements, RegFind displays the value after the replacement has been. It is usually best to run RegFind once without the -r switch to see what will be changed before it is actually changed.
Whenever specifying a registry path, either on the command line or in an input file, the following prefix strings can be used:
Each of these strings can stand alone as the key name or be followed a BACKSLASH (\) and a subkey path.

This example searches the HKEY_CURRENT_USER\Control Panel registry key for entries of type REG_DWORD.

C:\>regfind -p "HKEY_CURRENT_USER\Control Panel" -t REG_DWORD

Scanning HKEY_CURRENT_USER\Control Panel registry tree
Searching for any match based on type
Will match values of type: REG_DWORD

        ActiveWndTrkTimeout = REG_DWORD 0x00000000
        ForegroundFlashCount = REG_DWORD 0x00000003
        ForegroundLockTimeout = REG_DWORD 0x00030d40
        CaretWidth = REG_DWORD 0x00000001
        PaintDesktopVersion = REG_DWORD 0x00000001
    Microsoft Input Devices
                    Version = REG_DWORD 0x00050000
        ActiveWindowTracking = REG_DWORD 0x00000000

Adding the regfind to a batch would be easy

Author Comment

ID: 9664119
Hmmm, that's a good suggestion but the problem is, our company uses a script to do a security review on standard stuff and depending on the client - they may or may not have regfind installed.  I find most administrators are hesitant to install stuff on production servers.  Is there a way to write a small batch application?

Expert Comment

ID: 9665458
Distribute the regfind with your batch file? Or perhaps just have it in the same dir as your batch file.


Accepted Solution

integer earned 250 total points
ID: 9701927

I do this a lot, a good way to accomplish a goal with the requirement of no extra software would be to use the /E switch on the regedit command.

regedit /E file.tmp "HKEY_CURRENT_USER\Control Panel" would dump the "HKEY_CURRENT_USER\Control Panel" registry key to a file called file.tmp.  

You could then use a FOR loop to spin through the values and enumerate to environmental variables for post processing.  If I knew what keys you wanted and what you wanted to parse I could give you an answer more specific to your request but this should get you started.

Best Regards,



Author Comment

ID: 9708586
Thank you for the suggestion.  
Is there a way to get the permissions on HKCU\Control Panel?

Featured Post

Does Your Cloud Backup Use Blockchain Technology?

Blockchain technology has already revolutionized finance thanks to Bitcoin. Now it's disrupting other areas, including the realm of data protection. Learn how blockchain is now being used to authenticate backup files and keep them safe from hackers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question