VBscript to edit binary registry values

Posted on 2012-04-02
Last Modified: 2012-04-03
I've been given some VBscript code that uses a reg file for input and it works under my account but it will not work for regular users because group policies are in place that prevent users from accessing regedit. Here's the code that I'm speaking of:

Option Explicit
On error resume next
dim objShell

set objShell = CreateObject("Wscript.Shell")

objShell.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\PrivacyAdvanced",1,"REG_DWORD"
objShell.RegWrite "HKCU\Software\Microsoft\Internet Explorer\New Windows\PopupMgr",0,"REG_DWORD"
objShell.Run "regedit /s ""<REG_File_Path>", 1, False

Set objShell = Nothing


I'm going to have to abandon that line that calls regedit and have VBscript directly edit a couple of binary registry values. Below are the values that need to be edited (taken directly from a .reg file). How can I edit these binary values using the RegWrite method, or is some other means necessary to edit binary values?

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]


Question by:mcpp661

Expert Comment

ID: 37798185
Since you mention Group Policy, this is much easier to do using Group Policy Preferences in a GPO.

With XP clients you will need the client side extension to use GPP:

Create and edit the GPO from a 2003 R2 or later server.

Expert Comment

ID: 37798589
Here is a script i have done for you this should do it

Option Explicit
Dim objShell
Set objShell = CreateObject("WScript.Shell")

'Add StdRegProv support in case of Binary, Multi_SZ values
Dim strComputer, ArrOfValue, oReg
const HKEY_USERS = &H80000003
const HKEY_LOCAL_MACHINE = &H80000002
const HKEY_CURRENT_USER = &H80000001
const HKEY_CLASSES_ROOT = &H80000000
strComputer = "."
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\default:StdRegProv")	'used for Binary, Multi_SZ values
objShell.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\", ""
ArrOfValue = Array(&H1a,&H37,&H61,&H59,&H23,&H52,&H35,&H0c,&H7a,&H5f,&H20,_	'Building array for handling BINARY Value
Set objShell = Nothing

Open in new window

Their is a problem with your reg file that dose not make seance their is 2 entry's that are sitting in limbo

32,36 that are sitting their is this an exact extract from the hive file

Author Comment

ID: 37798790
Everything I posted was cut and pasted from the .reg file I created by exporting that key. Several things I'm not understanding about your script though:

1. Since I'm only looking to edit HKCU I'm assuming that's the only constant I would need, and not the rest?

2. In the array, why does every value have to be prefixed with "&H"?

3. An oReg object was created but the objShell object was used to write the registry value, is this correct?

4.  Not sure I understand everything after the "ArrOfValue=" statement. You set the array equal to the binary entries, but then immediately after the first set you have "{A8A88C49-5EB2-4990-A1A2-0876022C854F}"=hex:1a" and so on. I don't understand this.

Please understand that I don't mean to sound like I'm questioning you, I just don't understand the work that was done and it's just as important that I understand because I want to learn this stuff as well. Thanks.

Expert Comment

ID: 37798873

Thats right but its just defining them so no need to worry about that

2 and 4. because you are playing with the binary form you need to set an array and then define the key when using vbs, as you are going from reg to vbs the interpreter need to know how to understand the values.

3. Yes that is correct

Im still abit off regarding the 36,32 key as its out of bounds and looks out of place can you double check the spacing ?
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.


Author Comment

ID: 37798955
Just to be sure I'm going to VPN into work and export the key again and then attach it as a txt file. I'll have it posted in just a few minutes.

Author Comment

ID: 37798970
Here's the entire key. I have not edited the file. It was a reg file but I added a .txt extension.

Also, I'm still no understanding this part of the code:

ArrOfValue = Array(&H1a,&H37,&H61,&H59,&H23,&H52,&H35,&H0c,&H7a,&H5f,&H20,_      'Building array for handling BINARY Value

It looks like you have one of the registry values inside the array itself. That doesn't seem right to me?
LVL 65

Accepted Solution

RobSampson earned 500 total points
ID: 37799226
Hi, from here:

it states:
"RegWrite will write at most one DWORD to a REG_BINARY value. Larger values are not supported with this method."

so you will need to use the SetBinaryValue of the StdRegProv class instead.

See the code below for how this can be achieved.



' Enter the hex value here from the exported registry file
strHexValue = "1a,37,61,59,23,52,35,0c,7a,5f,20,17,2f,1e,1a,19,0e,2b,01,73,13,37,13,12,14,1a,15,2a,4e,2c,08,0d,20,1b,28,18,36,32"

' This section does the conversion from hexidecimal to decimal for the SetBinaryValue method
arrValue = Split(strHexValue, ",")
ReDim uBinary(UBound(arrValue))
For i = LBound(arrValue) To UBound(arrValue)
	uBinary(i) = CLng("&h" & arrValue(i))

' This section inserts the data into the registry
Const HKEY_CURRENT_USER = &H80000001
Set objRegistry = GetObject("Winmgmts:root\default:StdRegProv")
strPath = "Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\"
strValueToWrite = "{AEBA21FA-782A-4A90-978D-B72164C80120}"
intReturn = objRegistry.SetBinaryValue(HKEY_CURRENT_USER, strPath, strValueToWrite, uBinary)
strValueToWrite = "{A8A88C49-5EB2-4990-A1A2-0876022C854F}"
intReturn = objRegistry.SetBinaryValue(HKEY_CURRENT_USER, strPath, strValueToWrite, uBinary)

' This section adds your other registry settings
Set objShell = CreateObject("WScript.Shell")
objShell.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\PrivacyAdvanced",1,"REG_DWORD"
objShell.RegWrite "HKCU\Software\Microsoft\Internet Explorer\New Windows\PopupMgr",0,"REG_DWORD"
objShell.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1A10",1,"REG_DWORD"

Open in new window


Author Closing Comment

ID: 37800871
Works like a champ! Thanks Rob.

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Over the years I have built up my own little library of code snippets that I refer to when programming or writing a script.  Many of these have come from the web or adaptations from snippets I find on the Web.  Periodically I add to them when I come…
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now