Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Obtaining security settings through batch script

Posted on 2003-11-01
Medium Priority
Last Modified: 2013-12-04
I'm in the process of writing a batch script for Windows 2000 and 2003 server and I would like to know if it is possible to:
1.  extract specific keys from a batch script (I don't want to take a copy of the registry.

2. extract specific values from the local security policy (ie: everything under password policy, lockout policy, audit policy, user rights assignment, security options).

Question by:KABOOM
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 9664020
A tool that can assist you with the registry side of things is regfind.exe from the resource kit.
RegFind is a command-line tool that you can use to search the Windows 2000 registry for arbitrary data, key names, or value names. The tool allows you to replace any of these with new values.

RegFind Syntax
regfind [{-m \\ComputerName | -h HiveFile HiveRoot | -w Win95Directory}] [-i n] [-o OutputWidth] [-p RegistryKeyPath] [{-z | -t DataType}] [{-b | -B}] [-y] [-n] [SearchString [-r ReplacementString]]


-m \\ComputerName
specifies a remote Windows 2000 computer (machine) whose registry is to be manipulated.
-h HiveFile HiveRoot
specifies a local hive to manipulate.
-w Win95Directory
specifies the paths to Windows 95 system.dat and user.dat files.
-i n
specifies the display indentation multiple. Default is 4.
-o OutputWidth
specifies how wide the output is to be. By default OutputWidth is set to the width of the console window, if standard output (STDOUT) has not been redirected to a file. In the latter case, an OutputWidth of 240 is used.
-p RegistryKeyPath
specifies where in the registry to start searching. All entries below this point in the registry hierarchy are also searched. If no path is specified, RegFind searches the entire registry, which can be time consuming.
If the path contains spaces, it must be surrounded by quotations marks:
"Registry Key Path With Spaces"
specifies to search for REG_SZ and REG_EXPAND_SZ values that are missing a trailing null character and/or have a length that is not a multiple of the size of a Unicode character. If -r is also specified, any replacement string is ignored and RegFind adds the missing null character and/or adjusts the length up to an even multiple of the size of a Unicode character.
-t DataType
specifies which registry types to search. DataType can be REG_SZ, REG_MULTI_SZ, REG_EXPAND_SZ, REG_DWORD, REG_BINARY, or REG_NONE. Default is any of the _SZ types.
only valid with _SZ searches. Specifies that RegFind should look for occurrences of the SearchString inside of REG_BINARY data. May not be specified with a ReplacementString that is not the same length as the SearchString.
same as -b but also looks for ANSI version of string within REG_BINARY values.
only valid with _SZ searches. Specifies that RegFind should ignore case when searching.
specifies to include key and value names in the search; -n may not specified with -t.
is the value to search for. If SearchString is not specified, RegFind searches based on type.
If SearchString contains spaces, it must be surrounded by quotations marks:
"Search String With Spaces"
-r ReplacementString
specifies an optional replacement string to replace any matches with.
SearchString and ReplacementString must be of the same type as specified by the -t switch. For any of the _SZ types, it is just a string. For REG_DWORD, it is a single number (for example: 0x1000 or 4096). For REG_BINARY, it is a number specifing #bytes, optionally followed by the actual bytes, with a separate number for each DWORD (for example, 0x06 0x12345678 0x1234). If just the byte count is specified, RegFind searches for all REG_BINARY values that have that length. May not search for length and specify -r.
When doing replacements, RegFind displays the value after the replacement has been. It is usually best to run RegFind once without the -r switch to see what will be changed before it is actually changed.
Whenever specifying a registry path, either on the command line or in an input file, the following prefix strings can be used:
Each of these strings can stand alone as the key name or be followed a BACKSLASH (\) and a subkey path.

This example searches the HKEY_CURRENT_USER\Control Panel registry key for entries of type REG_DWORD.

C:\>regfind -p "HKEY_CURRENT_USER\Control Panel" -t REG_DWORD

Scanning HKEY_CURRENT_USER\Control Panel registry tree
Searching for any match based on type
Will match values of type: REG_DWORD

        ActiveWndTrkTimeout = REG_DWORD 0x00000000
        ForegroundFlashCount = REG_DWORD 0x00000003
        ForegroundLockTimeout = REG_DWORD 0x00030d40
        CaretWidth = REG_DWORD 0x00000001
        PaintDesktopVersion = REG_DWORD 0x00000001
    Microsoft Input Devices
                    Version = REG_DWORD 0x00050000
        ActiveWindowTracking = REG_DWORD 0x00000000

Adding the regfind to a batch would be easy

Author Comment

ID: 9664119
Hmmm, that's a good suggestion but the problem is, our company uses a script to do a security review on standard stuff and depending on the client - they may or may not have regfind installed.  I find most administrators are hesitant to install stuff on production servers.  Is there a way to write a small batch application?

Expert Comment

ID: 9665458
Distribute the regfind with your batch file? Or perhaps just have it in the same dir as your batch file.


Accepted Solution

integer earned 1000 total points
ID: 9701927

I do this a lot, a good way to accomplish a goal with the requirement of no extra software would be to use the /E switch on the regedit command.

regedit /E file.tmp "HKEY_CURRENT_USER\Control Panel" would dump the "HKEY_CURRENT_USER\Control Panel" registry key to a file called file.tmp.  

You could then use a FOR loop to spin through the values and enumerate to environmental variables for post processing.  If I knew what keys you wanted and what you wanted to parse I could give you an answer more specific to your request but this should get you started.

Best Regards,



Author Comment

ID: 9708586
Thank you for the suggestion.  
Is there a way to get the permissions on HKCU\Control Panel?

Featured Post

Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA:…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question