Connecting to the RegistryTo work with the registry, you need to connect to it first. You can use the WMI StdRegProv class to make a connection and to read or write information into it. Although reading from the registry is a safe process, writing to the registry could have disastrous consequences if you don't take normal safety precautions such as making a backup of the key you intend to change and testing the script in a lab on machines that would be easily recoverable. At times, just being able to read a listing of keys is sufficient for your needs. For instance, when the hotfix installer is run, it creates an entry under HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix. Realizing this, if you read this key, you can see what hotfixes have been applied to a particular machine. The following script, ReadHotFixes.vbs, does this very thing. By using the EnumKey method of the WMI StdRegProv class, you can rather easily create a listing of subkeys. ReadHotFixes.vbs Option Explicit On Error Resume Next Dim strKeyPath Dim strComputer Dim objReg Dim subKey Dim arrSubKeys Const HKCR = &H80000000 'HKEY_CLASSES_ROOT Const HKCU = &H80000001 'HKEY_CURRENT_USER Const HKLM = &H80000002 'HKEY_LOCAL_MACHINE Const HKU = &H80000003 'HKEY_USERS Const HKCC = &H80000005 'HKEY_CURRENT_CONFIG strKeyPath = "SOFTWARE\Microsoft\Windows NT" _ & "\CurrentVersion\HotFix" strComputer = "." Set objReg=GetObject("winmgmts:\\" &_ strComputer & "\root\default:StdRegProv") objReg.EnumKey HKLM, strKeyPath, arrSubKeys WScript.Echo("Keys under " & strKeyPath) For Each subKey In arrSubKeys WScript.Echo vbTab & subKey Next Header InformationThe Header information section of ReadHotFixes.vbs consists of the Option Explicit and On Error Resume Next commands, as well as the declarations for five variables. The five variables are described in Table 17-1.
Reference InformationThe Reference information section of the script is used to define constants and variables used in the operation of the script. Several tree values are defined in winreg.h that you can use to define constants and to shorten the length of your scripts. The default tree is HKEY_LOCAL_MACHINE, so in reality, specifying the tree is unnecessary. However, for clarity, and to ensure you hit the correct portion of the registry, I do not advocate relying on the default registry tree. All the hexadecimal (hex) numbers that represent the registry trees are listed in the Reference information section of this script. I normally include them in all registry scripts so that I don't have to look them up later. They don't take up too much space, and you can use them to form the basis of a nice registry script template. The variable strKeyPath contains the registry key you want to look at. In this instance, because you're using the EnumKey method, you'll get back only a listing of key names that reside below strKeyPath. This is a useful method to use when you don't know what you'll find below a particular registry key. You make your connection to the standard registry provider by using GetObject to make a connection into winmgmts. By default, StdRegProv resides in the root\default namespaceit is important to note, however, that software makers can compile the Regevent.mof file used to define the StdRegProv class into a different namespace for use in their applications. If you're working with such an application, you should connect to a different namespace. Const HKCR = &H80000000 'HKEY_CLASSES_ROOT Const HKCU = &H80000001 'HKEY_CURRENT_USER Const HKLM = &H80000002 'HKEY_LOCAL_MACHINE Const HKU = &H80000003 'HKEY_USERS Const HKCC = &H80000005 'HKEY_CURRENT_CONFIG strKeyPath = "SOFTWARE\Microsoft\Windows NT" _ & "\CurrentVersion\HotFix" strComputer = "." Set objReg=GetObject("winmgmts:\\" &_ strComputer & "\root\default:StdRegProv") Worker and Output InformationThe Worker and Output information section of the script is where you use the SWbem ServicesEx object provided by StdRegProv to perform some work. In the ReadHotFixes.vbs file, you use the EnumKey method of the StdRegProv WMI class to read a listing of subkeys. Because the hotfix installer documents hotfixes under the hotfix registry key, this is a useful application of the EnumKey method. Normally, however, you would use the EnumKey method to find out what subkeys existed prior to performing some other action on the registry. For instance, you could use EnumKey to find out whether a subkey existed, which in turn would enable you to determine whether a particular application had been installed on a computer. It would also be useful in finding certain types of viruses. The objReg.EnumKey command uses the HKLM constant you defined in the Reference information section of the script as well as the strKeyPath variable. The information is written to a variable called arrSubKeys. The subkeys are stored in an array, so you use a For Each...Next construction to iterate through each element in the array. You assign each new element to a variable called subKey. You use WScript.Echo to write the information, and you use the function vbTab to indent the results under the heading that was echoed out before entering the For Each...Next loop. The Worker and Output section of this script is listed below: objReg.EnumKey HKLM, strKeyPath, arrSubKeys WScript.Echo("Keys under " & strKeyPath) For Each subKey In arrSubKeys WScript.Echo vbTab & subKey Next |