Link to home
Start Free TrialLog in
Avatar of Luis Diaz
Luis DiazFlag for Colombia

asked on

Powershell&Windows batch: Get Run command history.

Hello experts,

The following script allows me to get run command history. Is there a way to have a Windows Batch or a Powershell approach?

Thank you for your help.
Const HKEY_CURRENT_USER = &H80000001

strComputer = “.”
Set objRegistry = GetObject(“winmgmts:\\” & strComputer & “\root\default:StdRegProv”)
strKeyPath = “Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU”

objRegistry.EnumValues HKEY_CURRENT_USER, strKeyPath, arrValueNames, arrValueTypes
For Each strValue in arrValueNames

    If Len(strValue) = 1 Then

        objRegistry.GetStringValue HKEY_CURRENT_USER,strKeyPath,strValue,strRunCommand

        intLength = Len(strRunCommand)

        strRunCommand = Left(strRunCommand, intLength – 2)

        Wscript.Echo strRunCommand

    End If

Next

Open in new window



Thank you for your help.
Avatar of David Johnson, CD
David Johnson, CD
Flag of Canada image

the 'h' alias for history in powershell will show you the powershell history
h <return>

Avatar of Luis Diaz

ASKER

I am talking about run Windows 10 command feature:User generated image
The idea is the following:
User generated image
And just get the Data line of exported file:
User generated image
Invoke-command -computer SomeComputer01 {Get-ItemProperty  "HKCU:Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU"}

Open in new window

Avatar of Bill Prew
Bill Prew

Try this BAT approach.

@echo off
setlocal EnableDelayedExpansion

set RegBase=HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

for %%K in (a b c d e f g h i j k l m n o p q r s t u v w x y z) do (
    for /f "tokens=2*" %%A in ('reg query "%RegBase%" /v "%%~K" 2^>NUL') do (
        set "value=%%~B"
        echo !value:~0,-2!
    )
)

Open in new window


»bp
Thank you Bill. Possible to have a CSV exported in current folder with date stamp?
Date stamp of what?

»bp
Of CSV file that will be exported.
So meaning the current system date and time when the BAT executes?

»bp
If my assumptions were right you can try this.

@echo off
setlocal EnableDelayedExpansion
 
set RegBase=HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
set CsvFile=EE29180814.csv
 
rem Get current date/time in MM/DD/YYYY hh:mm:ss format
set Stamp=
for /f "tokens=* skip=1" %%A in ('wmic os get LocalDateTime') do if not defined Stamp set Stamp=%%A
set Stamp=%Stamp:~4,2%/%Stamp:~6,2%/%Stamp:~0,4% %Stamp:~8,2%:%Stamp:~10,2%:%Stamp:~12,2%
 
for %%K in (a b c d e f g h i j k l m n o p q r s t u v w x y z 0) do (
    for /f "tokens=2*" %%A in ('reg query "%RegBase%" /v "%%~K" 2^>NUL') do (
        set "value=%%~B"
        echo %Stamp%,"!value:~0,-2!">>"%CsvFile%"
    )
)

Open in new window

So meaning the current system date and time when the BAT executes?
Indeed!

I will test it and keep you informed!
Again
echo off
setlocal
for /f "tokens=1 delims=." %%D in ('wmic os get LocalDateTime^|find  "."') do set Stamp=%%D

set key="HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU"

set ee="%Stamp%.csv"
type nul >%ee%
for /f  "tokens=3" %%H in ( 'reg query  %key% ^| find  /i /v "MRUList"'   ) do (
   echo %date:/=%;%%H
) >>%ee%

Open in new window

in powershell

$stamp=(Get-Date).tostring("MM-dd-yyyy-hh-mm")
$hh=(Invoke-command  {Get-ItemProperty  "HKCU:Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU"})
(97..(97+25)).ForEach({ [char]$_ }) |% {"$Stamp;$($($hh).$_)"} |out-file "ee$Stamp.csv"

Open in new window


[b]@Bill:[/b]
I tested your proposal and it works! Possible to have date stamp at the beginning of the file:
I tested from:
https://www.experts-exchange.com/questions/29180814/Powershell-Windows-batch-Get-Run-command-history.html#a43078942
[b]@canali[/b]
I also tried to test Powershell approach but I am having issues with the syntax.
I edit your proposal as I wasn't able to run it due to datestamp definition.

$CurrentDir = Split-Path $script:MyInvocation.MyCommand.Path
#Example: $Root = $CurrentDir + '\Root2'
#Example: $FileVariable = Get-Content -Path "$($CurrentDir)\File.txt"
$DateStamp = (Get-Date -Format "yyyyMMdd_HHmmss")
$hh=(Invoke-command  {Get-ItemProperty  HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerRunMRU})
(97..(97+25)).ForEach({ [char]$_ }) % {$Stamp;$($($hh).$_)} Out-File $DateStamp.csv

Open in new window


User generated imageRegards,
Here the correct code

$CurrentDir = $PSScriptRoot
$stamp=(Get-Date).tostring("yyyyMMdd_HHmmss")
$hh=(Invoke-command  {Get-ItemProperty  "HKCU:Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU"})
(97..(97+25)).ForEach({ [char]$_ }) |% {"$Stamp;$($($hh).$_)"} |out-file -filepath "$currentdir\$Stamp.csv"

Open in new window

I tested your proposal and it works! Possible to have date stamp at the beginning of the file:
Please clarify, do you meant the name of the output file you want to contain the date/time stamp?

»bp
Yes Bill, name of the file.
SOLUTION
Avatar of Bill Prew
Bill Prew

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thank you very much Bill. Tested and it works!
For column delimiter with ";"
echo %DataStamp%;"!value:~0,-2!">>"%CsvFile%"
Is enough?
@Canali: concerning Powershell version, possible to let me know where should I put the delimiter?

For column delimiter with ";"
echo %DataStamp%;"!value:~0,-2!">>"%CsvFile%"
Is enough?
Yes sir.

»bp
Thank you very much Bill! Just waiting for the confirmation of canali to know where should I put the delimiter and then I will assign solutions.
Hi Luis
the delimiter of the csv file?
 is the semicolon between ..."$Stamp and  $($($hh ...
...
{"$Stamp;$($($hh).$_)"}
...

Open in new window

You can change as you want
ex. using colon
...
... {"$Stamp,$($($hh).$_)"} ...
...

Open in new window

Bye Gas
Hi Gastone,

Strange because with Powershell I don't get information in Column A;Column B when I open file in Excel.
User generated image
This is not the case with Windows Batch:
User generated image
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thank you Gaston. It works! Very useful information.

@Bill: Last question and I then I will close the question.
If I want to open CSV file how should I finish the script.
Can I proceed like this:

Rem ======================================================================
Rem Author:
Rem Creation date: 2020/05/05 06:52:40
Rem Description: Get Windows run command in a csv file.
Rem ======================================================================

@echo off
setlocal EnableDelayedExpansion

set RegBase=HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
set CsvFile=[[STAMP]]_Run-command-history.csv

rem Get current date/time in MM/DD/YYYY hh:mm:ss format
set Now=
for /f "tokens=* skip=1" %%A in ('wmic os get LocalDateTime') do if not defined Now set Now=%%A
set DataStamp=%Now:~4,2%/%Now:~6,2%/%Now:~0,4% %Now:~8,2%:%Now:~10,2%:%Now:~12,2%
set NameStamp=%Now:~0,8%_%Now:~8,6%

rem Add date/time stamp to log file name
set CsvFile=%CsvFile:[[STAMP]]=!NameStamp!%

rem Get all MRU entries and append to CSV file
for %%K in (a b c d e f g h i j k l m n o p q r s t u v w x y z 0) do (
    for /f "tokens=2*" %%A in ('reg query "%RegBase%" /v "%%~K" 2^>NUL') do (
        set "value=%%~B"
        echo %DataStamp%;"!value:~0,-2!">>"%CsvFile%"
    )
)

rem Open CSV file
"%CsvFile%"
Exit

Open in new window

Yes, that should open the CSV as long as Excel is the default handler for CSV files.

»bp