We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x
Private

Powershell&Windows batch: Get Run command history.

Luis Diaz
Luis Diaz asked
on
High Priority
92 Views
Last Modified: 2020-05-06
Hello experts,

The following script allows me to get run command history. Is there a way to have a Windows Batch or a Powershell approach?

Thank you for your help.
Const HKEY_CURRENT_USER = &H80000001

strComputer = “.”
Set objRegistry = GetObject(“winmgmts:\\” & strComputer & “\root\default:StdRegProv”)
strKeyPath = “Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU”

objRegistry.EnumValues HKEY_CURRENT_USER, strKeyPath, arrValueNames, arrValueTypes
For Each strValue in arrValueNames

    If Len(strValue) = 1 Then

        objRegistry.GetStringValue HKEY_CURRENT_USER,strKeyPath,strValue,strRunCommand

        intLength = Len(strRunCommand)

        strRunCommand = Left(strRunCommand, intLength – 2)

        Wscript.Echo strRunCommand

    End If

Next

Open in new window



Thank you for your help.
Comment
Watch Question

David Johnson, CDSimple Geek from the '70s
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
the 'h' alias for history in powershell will show you the powershell history
h <return>

Luis DiazIT consultant

Author

Commented:
I am talking about run Windows 10 command feature:20200504_100142.png
Luis DiazIT consultant

Author

Commented:
The idea is the following:
20200504_112849.png
And just get the Data line of exported file:
20200504_113301.png
Shaun VermaakSenior Consultant
CERTIFIED EXPERT
Awarded 2017
Distinguished Expert 2019

Commented:
Invoke-command -computer SomeComputer01 {Get-ItemProperty  "HKCU:Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU"}
Bill PrewTest your restores, not your backups...
CERTIFIED EXPERT
Expert of the Year 2019
Top Expert 2016

Commented:
Try this BAT approach.

@echo off
setlocal EnableDelayedExpansion

set RegBase=HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

for %%K in (a b c d e f g h i j k l m n o p q r s t u v w x y z) do (
    for /f "tokens=2*" %%A in ('reg query "%RegBase%" /v "%%~K" 2^>NUL') do (
        set "value=%%~B"
        echo !value:~0,-2!
    )
)

Open in new window


»bp
Luis DiazIT consultant

Author

Commented:
Thank you Bill. Possible to have a CSV exported in current folder with date stamp?
Bill PrewTest your restores, not your backups...
CERTIFIED EXPERT
Expert of the Year 2019
Top Expert 2016

Commented:
Date stamp of what?

»bp
Luis DiazIT consultant

Author

Commented:
Of CSV file that will be exported.
Bill PrewTest your restores, not your backups...
CERTIFIED EXPERT
Expert of the Year 2019
Top Expert 2016

Commented:
So meaning the current system date and time when the BAT executes?

»bp
Bill PrewTest your restores, not your backups...
CERTIFIED EXPERT
Expert of the Year 2019
Top Expert 2016

Commented:
If my assumptions were right you can try this.

@echo off
setlocal EnableDelayedExpansion
 
set RegBase=HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
set CsvFile=EE29180814.csv
 
rem Get current date/time in MM/DD/YYYY hh:mm:ss format
set Stamp=
for /f "tokens=* skip=1" %%A in ('wmic os get LocalDateTime') do if not defined Stamp set Stamp=%%A
set Stamp=%Stamp:~4,2%/%Stamp:~6,2%/%Stamp:~0,4% %Stamp:~8,2%:%Stamp:~10,2%:%Stamp:~12,2%
 
for %%K in (a b c d e f g h i j k l m n o p q r s t u v w x y z 0) do (
    for /f "tokens=2*" %%A in ('reg query "%RegBase%" /v "%%~K" 2^>NUL') do (
        set "value=%%~B"
        echo %Stamp%,"!value:~0,-2!">>"%CsvFile%"
    )
)
Luis DiazIT consultant

Author

Commented:
So meaning the current system date and time when the BAT executes?
Indeed!

I will test it and keep you informed!
CERTIFIED EXPERT

Commented:
Again
echo off
setlocal
for /f "tokens=1 delims=." %%D in ('wmic os get LocalDateTime^|find  "."') do set Stamp=%%D

set key="HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU"

set ee="%Stamp%.csv"
type nul >%ee%
for /f  "tokens=3" %%H in ( 'reg query  %key% ^| find  /i /v "MRUList"'   ) do (
   echo %date:/=%;%%H
) >>%ee%
in powershell

$stamp=(Get-Date).tostring("MM-dd-yyyy-hh-mm")
$hh=(Invoke-command  {Get-ItemProperty  "HKCU:Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU"})
(97..(97+25)).ForEach({ [char]$_ }) |% {"$Stamp;$($($hh).$_)"} |out-file "ee$Stamp.csv"
Luis DiazIT consultant

Author

Commented:

[b]@Bill:[/b]
I tested your proposal and it works! Possible to have date stamp at the beginning of the file:
I tested from:
https://www.experts-exchange.com/questions/29180814/Powershell-Windows-batch-Get-Run-command-history.html#a43078942
[b]@canali[/b]
I also tried to test Powershell approach but I am having issues with the syntax.
I edit your proposal as I wasn't able to run it due to datestamp definition.

$CurrentDir = Split-Path $script:MyInvocation.MyCommand.Path
#Example: $Root = $CurrentDir + '\Root2'
#Example: $FileVariable = Get-Content -Path "$($CurrentDir)\File.txt"
$DateStamp = (Get-Date -Format "yyyyMMdd_HHmmss")
$hh=(Invoke-command  {Get-ItemProperty  HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerRunMRU})
(97..(97+25)).ForEach({ [char]$_ }) % {$Stamp;$($($hh).$_)} Out-File $DateStamp.csv

Regards,
CERTIFIED EXPERT

Commented:
Here the correct code
$CurrentDir = $PSScriptRoot
$stamp=(Get-Date).tostring("yyyyMMdd_HHmmss")
$hh=(Invoke-command  {Get-ItemProperty  "HKCU:Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU"})
(97..(97+25)).ForEach({ [char]$_ }) |% {"$Stamp;$($($hh).$_)"} |out-file -filepath "$currentdir\$Stamp.csv"
Bill PrewTest your restores, not your backups...
CERTIFIED EXPERT
Expert of the Year 2019
Top Expert 2016

Commented:
I tested your proposal and it works! Possible to have date stamp at the beginning of the file:
Please clarify, do you meant the name of the output file you want to contain the date/time stamp?

»bp
Luis DiazIT consultant

Author

Commented:
Yes Bill, name of the file.
Bill PrewTest your restores, not your backups...
CERTIFIED EXPERT
Expert of the Year 2019
Top Expert 2016
Commented:
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview
Luis DiazIT consultant

Author

Commented:
Thank you very much Bill. Tested and it works!
For column delimiter with ";"
echo %DataStamp%;"!value:~0,-2!">>"%CsvFile%"
Is enough?
Luis DiazIT consultant

Author

Commented:
@Canali: concerning Powershell version, possible to let me know where should I put the delimiter?

Bill PrewTest your restores, not your backups...
CERTIFIED EXPERT
Expert of the Year 2019
Top Expert 2016

Commented:
For column delimiter with ";"
echo %DataStamp%;"!value:~0,-2!">>"%CsvFile%"
Is enough?
Yes sir.

»bp
Luis DiazIT consultant

Author

Commented:
Thank you very much Bill! Just waiting for the confirmation of canali to know where should I put the delimiter and then I will assign solutions.
CERTIFIED EXPERT

Commented:
Hi Luis
the delimiter of the csv file?
 is the semicolon between ..."$Stamp and  $($($hh ...
...
{"$Stamp;$($($hh).$_)"}
...
You can change as you want
ex. using colon
...
... {"$Stamp,$($($hh).$_)"} ...
...
Bye Gas
Luis DiazIT consultant

Author

Commented:
Hi Gastone,

Strange because with Powershell I don't get information in Column A;Column B when I open file in Excel.

This is not the case with Windows Batch:
CERTIFIED EXPERT
Commented:
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview
Luis DiazIT consultant

Author

Commented:
Thank you Gaston. It works! Very useful information.

@Bill: Last question and I then I will close the question.
If I want to open CSV file how should I finish the script.
Can I proceed like this:

Rem ======================================================================
Rem Author:
Rem Creation date: 2020/05/05 06:52:40
Rem Description: Get Windows run command in a csv file.
Rem ======================================================================

@echo off
setlocal EnableDelayedExpansion

set RegBase=HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
set CsvFile=[[STAMP]]_Run-command-history.csv

rem Get current date/time in MM/DD/YYYY hh:mm:ss format
set Now=
for /f "tokens=* skip=1" %%A in ('wmic os get LocalDateTime') do if not defined Now set Now=%%A
set DataStamp=%Now:~4,2%/%Now:~6,2%/%Now:~0,4% %Now:~8,2%:%Now:~10,2%:%Now:~12,2%
set NameStamp=%Now:~0,8%_%Now:~8,6%

rem Add date/time stamp to log file name
set CsvFile=%CsvFile:[[STAMP]]=!NameStamp!%

rem Get all MRU entries and append to CSV file
for %%K in (a b c d e f g h i j k l m n o p q r s t u v w x y z 0) do (
    for /f "tokens=2*" %%A in ('reg query "%RegBase%" /v "%%~K" 2^>NUL') do (
        set "value=%%~B"
        echo %DataStamp%;"!value:~0,-2!">>"%CsvFile%"
    )
)

rem Open CSV file
"%CsvFile%"
Exit
Bill PrewTest your restores, not your backups...
CERTIFIED EXPERT
Expert of the Year 2019
Top Expert 2016

Commented:
Yes, that should open the CSV as long as Excel is the default handler for CSV files.

»bp
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a free trial preview!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.