Contact Info

contact@activexperts.com +31 74 8507807

Crumbtrail

ActiveXperts.com » Administration » VBScript Collection » Operating System » Registry

Registry Scripts

Create Expanded String Values
Create a MultiString Value
Create a Registry Key
Create String and DWORD Values
Delete a Registry Key
Delete Registry Values
List Registry Files
List Registry Key Access Rights
List Registry Properties
List Registry Subkeys
List Registry Values and Types
Monitor Registry Entry Level Events
Monitor Registry Subkey Events
Monitor Registry Subtree Events
Read a Binary Registry Value
Read an Expanded String Registry Value
Read a MultiString Value
Read String and DWORD Registry Values

You can use any of the VBScript programs below in ActiveXperts Network Monitor. Click here for an explanation about how to include scripts in ActiveXperts Network Monitor.


Create Expanded String Values


Uses WMI to create an expanded string value under the HKLM\SOFTWARE\System Admin Scripting Guide portion of the registry.
Const HKEY_LOCAL_MACHINE = &H80000002

strComputer = "."
 
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _ 
    strComputer & "\root\default:StdRegProv")
 
strKeyPath = "SOFTWARE\System Admin Scripting Guide"
strValueName = "Expanded String Value Name"
strValue = "%PATHEXT%"
 
oReg.SetExpandedStringValue _
    HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue

Create a MultiString Value


Uses WMI to create a multi-string registry value in the HKLM\SOFTWARE\System Admin Scripting Guide portion of the registry. 
Const HKEY_LOCAL_MACHINE = &H80000002

strComputer = "."
 
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _ 
    strComputer & "\root\default:StdRegProv")
 
strKeyPath = "SOFTWARE\System Admin Scripting Guide"
strValueName = "Multi String Value Name"
arrStringValues = Array("first string", "second string", _
    "third string", "fourth string")
 
oReg.SetMultiStringValue HKEY_LOCAL_MACHINE,strKeyPath, _
    strValueName,arrStringValues

Create a Registry Key


Uses WMI to create a registry key in the HKLM\SOFTWARE\System Admin Scripting Guide portion of the registry.
Const HKEY_LOCAL_MACHINE = &H80000002

strComputer = "."
 
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _ 
    strComputer & "\root\default:StdRegProv")
 
strKeyPath = "SOFTWARE\System Admin Scripting Guide"
oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath

Create String and DWORD Values


Uses WMI to create string and DWORD values under the HKLM\SOFTWARE\System Admin Scripting Guide portion of the registry. 
Const HKEY_LOCAL_MACHINE = &H80000002

strComputer = "."
 
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _ 
    strComputer & "\root\default:StdRegProv")
 
strKeyPath = "SOFTWARE\System Admin Scripting Guide"
strValueName = "String Value Name"
strValue = "string value"
oReg.SetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue
 
strValueName = "DWORD Value Name"
dwValue = 82
oReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue

Delete a Registry Key


Uses WMI to delete the registry key HKLM\SOFTWARE\System Admin Scripting Guide. 
Const HKEY_LOCAL_MACHINE = &H80000002

strComputer = "."
 
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _ 
    strComputer & "\root\default:StdRegProv")
 
strKeyPath = "SOFTWARE\System Admin Scripting Guide"
 
oReg.DeleteKey HKEY_LOCAL_MACHINE, strKeyPath

Delete Registry Values


Uses WMI to delete all the registry values under HKLM\SOFTWARE\System Admin Scripting Guide.
Const HKEY_LOCAL_MACHINE = &H80000002

strComputer = "."
 
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _ 
    strComputer & "\root\default:StdRegProv")
 
strKeyPath = "SOFTWARE\System Admin Scripting Guide"
strDWORDValueName = "DWORD Value Name"
strExpandedStringValueName = "Expanded String Value Name"
strMultiStringValueName = "Multi String Value Name"
strStringValueName = "String Value Name"
 
oReg.DeleteValue HKEY_LOCAL_MACHINE,strKeyPath,strDWORDValueName
oReg.DeleteValue HKEY_LOCAL_MACHINE,strKeyPath,strExpandedStringValueName
oReg.DeleteValue HKEY_LOCAL_MACHINE,strKeyPath,strMultiStringValueName
oReg.DeleteValue HKEY_LOCAL_MACHINE,strKeyPath,strStringValueName

List Registry Files


Uses WMI to list all the registry file and locations under HKLM\System\CurrentControlSet\Control\Hivelist. 
Const HKEY_LOCAL_MACHINE = &H80000002

strComputer = "."
 
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _ 
    strComputer & "\root\default:StdRegProv")
strKeyPath = "System\CurrentControlSet\Control\hivelist"
oReg.EnumValues HKEY_LOCAL_MACHINE, strKeyPath,_
    arrValueNames, arrValueTypes
 
For i=0 To UBound(arrValueNames)
    StdOut.WriteLine "File Name: " & arrValueNames(i) & " -- "      
    oReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath, _
        arrValueNames(i),strValue
    Wscript.Echo "Location: " & strValue
    Wscript.Echo
Next

List Registry Key Access Rights


Uses WMI to check access rights for the logged on user to the HKLM\SYSTEM\CurrentControlSet portion of the registry. 
Const KEY_QUERY_VALUE = &H0001
Const KEY_SET_VALUE = &H0002
Const KEY_CREATE_SUB_KEY = &H0004
Const DELETE = &H00010000
 
Const HKEY_LOCAL_MACHINE = &H80000002
 
strComputer = "."

Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _ 
    strComputer & "\root\default:StdRegProv")
 
strKeyPath = "SYSTEM\CurrentControlSet"
 
oReg.CheckAccess HKEY_LOCAL_MACHINE, strKeyPath, KEY_QUERY_VALUE, _
    bHasAccessRight
If bHasAccessRight = True Then
    Wscript.Echo "Have Query Value Access Rights on Key"
Else
    Wscript.Echo "Do Not Have Query Value Access Rights on Key"
End If   
 
oReg.CheckAccess HKEY_LOCAL_MACHINE, strKeyPath, KEY_SET_VALUE, _
    bHasAccessRight
If bHasAccessRight = True Then
    Wscript.Echo "Have Set Value Access Rights on Key"
Else
    Wscript.Echo "Do Not Have Set Value Access Rights on Key"
End If   
 
oReg.CheckAccess HKEY_LOCAL_MACHINE, strKeyPath, KEY_CREATE_SUB_KEY, _
    bHasAccessRight
If bHasAccessRight = True Then
    Wscript.Echo "Have Create SubKey Access Rights on Key"
Else
    StdOut.WriteLine "Do Not Have Create SubKey Access Rights on Key"
End If
 
oReg.CheckAccess HKEY_LOCAL_MACHINE, strKeyPath, DELETE, bHasAccessRight
If bHasAccessRight = True Then
    StdOut.WriteLine "Have Delete Access Rights on Key"
Else
    StdOut.WriteLine "Do Not Have Delete Access Rights on Key"
End If

List Registry Properties


Returns information about the computer registry.
On Error Resume Next

strComputer = "."
Set objWMIService=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _ 
    strComputer & "\root\cimv2")

Set colItems = objWMIService.ExecQuery("Select * from Win32_Registry")

For Each objItem in colItems
    Wscript.Echo "Current Size: " & objItem.CurrentSize
    Wscript.Echo "Description: " & objItem.Description
    Wscript.Echo "Install Date: " & objItem.InstallDate
    Wscript.Echo "Maximum Size: " & objItem.MaximumSize
    Wscript.Echo "Name: " & objItem.Name
    Wscript.Echo "Proposed Size: " & objItem.ProposedSize
Next

List Registry Subkeys


Uses WMI to enumerate all the registry subkeys under HKLM\SYSTEM\CurrentControlSet\Services.
Const HKEY_LOCAL_MACHINE = &H80000002

strComputer = "."
 
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _ 
    strComputer & "\root\default:StdRegProv")
 
strKeyPath = "SYSTEM\CurrentControlSet\Services"
oReg.EnumKey HKEY_LOCAL_MACHINE, strKeyPath, arrSubKeys
 
For Each subkey In arrSubKeys
    Wscript.Echo subkey
Next

List Registry Values and Types


Uses WMI to list all the registry values and their types under HKLM\SYSTEM\CurrentControlSet\Control\Lsa.
Const HKEY_LOCAL_MACHINE = &H80000002
Const REG_SZ = 1
Const REG_EXPAND_SZ = 2
Const REG_BINARY = 3
Const REG_DWORD = 4
Const REG_MULTI_SZ = 7
 
strComputer = "."
 
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _ 
    strComputer & "\root\default:StdRegProv")
 
strKeyPath = "SYSTEM\CurrentControlSet\Control\Lsa"
 
oReg.EnumValues HKEY_LOCAL_MACHINE, strKeyPath, _
    arrValueNames, arrValueTypes
 
For i=0 To UBound(arrValueNames)
    Wscript.Echo "Value Name: " & arrValueNames(i) 
    
    Select Case arrValueTypes(i)
        Case REG_SZ
            Wscript.Echo "Data Type: String"
            Wscript.Echo
        Case REG_EXPAND_SZ
            Wscript.Echo "Data Type: Expanded String"
            Wscript.Echo
        Case REG_BINARY
            Wscript.Echo "Data Type: Binary"
            Wscript.Echo
        Case REG_DWORD
            Wscript.Echo "Data Type: DWORD"
            Wscript.Echo
        Case REG_MULTI_SZ
            Wscript.Echo "Data Type: Multi String"
            Wscript.Echo
    End Select 
Next

Monitor Registry Entry Level Events


Temporary event consumer that monitors the registry for any changes to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CSDVersion. 
Set wmiServices = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

Set wmiSink = WScript.CreateObject("WbemScripting.SWbemSink", "SINK_") 
 
wmiServices.ExecNotificationQueryAsync wmiSink, _ 
    "SELECT * FROM RegistryValueChangeEvent WHERE " & _
        "Hive='HKEY_LOCAL_MACHINE' AND " & _ 
            "KeyPath='SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion'" _
                & " AND ValueName='CSDVersion'" 
 
WScript.Echo "Listening for Registry Change Events..." & vbCrLf 
 
While(1) 
    WScript.Sleep 1000 
Wend 
 
Sub SINK_OnObjectReady(wmiObject, wmiAsyncContext) 
    WScript.Echo "Received Registry Change Event" & vbCrLf & _ 
        wmiObject.GetObjectText_() 
End Sub

Monitor Registry Subkey Events


Temporary event consumer that monitors the registry for any changes to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion. 
Set wmiServices = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\default")

Set wmiSink = WScript.CreateObject("WbemScripting.SWbemSink", "SINK_") 
 
wmiServices.ExecNotificationQueryAsync wmiSink, _ 
    "SELECT * FROM RegistryKeyChangeEvent WHERE Hive='HKEY_LOCAL_MACHINE' " & _
        "AND KeyPath='SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion'" 
 
WScript.Echo "Listening for Registry Change Events..." & vbCrLf 
 
While(1) 
    WScript.Sleep 1000 
Wend 
 
Sub SINK_OnObjectReady(wmiObject, wmiAsyncContext) 
    WScript.Echo "Received Registry Change Event" & vbCrLf & _ 
        wmiObject.GetObjectText_() 
End Sub

Monitor Registry Subtree Events


Temporary event consumer that monitors the registry for any changes to the HKLM portion of the registry. 
Set wmiServices = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\default")
 
Set wmiSink = WScript.CreateObject("WbemScripting.SWbemSink", "SINK_") 
 
wmiServices.ExecNotificationQueryAsync wmiSink, _ 
    "SELECT * FROM RegistryTreeChangeEvent WHERE Hive= " _
        & "'HKEY_LOCAL_MACHINE' AND RootPath=''" 
 
 
WScript.Echo "Listening for Registry Change Events..." & vbCrLf 
 
While(1) 
    WScript.Sleep 1000 
Wend 
 
Sub SINK_OnObjectReady(wmiObject, wmiAsyncContext) 
    WScript.Echo "Received Registry Change Event" & vbCrLf & _ 
        wmiObject.GetObjectText_() 
End Sub

Read a Binary Registry Value


Uses WMI to read a binary registry value. 
Const HKEY_LOCAL_MACHINE = &H80000002

strComputer = "."
Set StdOut = WScript.StdOut
 
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _ 
    strComputer & "\root\default:StdRegProv")
 
strKeyPath = "SOFTWARE\Microsoft\Windows NT\CurrentVersion"
strValueName = "LicenseInfo"
oReg.GetBinaryValue HKEY_LOCAL_MACHINE,strKeyPath, _
    strValueName,strValue
 
 
For i = lBound(strValue) to uBound(strValue)
    StdOut.WriteLine  strValue(i)
Next

Read an Expanded String Registry Value


Uses WMI to read an expanded string registry value.
Const HKEY_LOCAL_MACHINE = &H80000002

strComputer = "."
 
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _ 
    strComputer & "\root\default:StdRegProv")
 
strKeyPath = "SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon"
strValueName = "UIHost"
oReg.GetExpandedStringValue HKEY_LOCAL_MACHINE,strKeyPath, _
    strValueName,strValue
 
Wscript.Echo  "The Windows logon UI host is: " & strValue

Read a MultiString Value


Uses WMI to read a multi-string registry value.
Const HKEY_LOCAL_MACHINE = &H80000002

strComputer = "."

Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _ 
    strComputer & "\root\default:StdRegProv")
 
strKeyPath = "SYSTEM\CurrentControlSet\Services\Eventlog\System"
strValueName = "Sources"
oReg.GetMultiStringValue HKEY_LOCAL_MACHINE,strKeyPath, _
    strValueName,arrValues
 
For Each strValue In arrValues
    Wscript.Echo  strValue
Next

Read String and DWORD Registry Values


Uses WMI to read a string and a DWORD registry value.
Const HKEY_CURRENT_USER = &H80000001
Const HKEY_LOCAL_MACHINE = &H80000002

strComputer = "."
 
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _
    strComputer & "\root\default:StdRegProv")
 
strKeyPath = "Console"
strValueName = "HistoryBufferSize"
oReg.GetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName,dwValue
Wscript.Echo "Current History Buffer Size: " & dwValue 
 
 
strKeyPath = "SOFTWARE\Microsoft\Windows Script Host\Settings"
strValueName = "TrustPolicy"
oReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue
Wscript.Echo "Current WSH Trust Policy Value: " & strValue