Registry UDFs

58 posts in this topic

Posted (edited)

SecurityEx.au3

Reg.au3

(Requires SecurityEx.au3 from above)

Current functions:

_RegLoadHive

_RegRestoreHive

_RegSaveHive

_RegUnloadHive

Features:

These functions support remote computers.

Notes:

All functions are supposed to work on Windows 2000 and later

HKCUReg.au3

(Requires Reg.au3 from above)

Current functions:

_HKCU_Delete

_HKCU_EnumKey

_HKCU_EnumVal

_HKCU_Import

_HKCU_Read

_HKCU_Write

Features:

With the exception of _HKCU_Import, all functions support remote computers.

It's possible to specify one user account or use all accounts on a computer at once.

Both local accounts and domain like accounts are supported.

Notes:

_HKCU_Import is supposed to work on Windows XP and later.

The rest are supposed to work on Windows 2000 and later.

Reg.au3 requires SecurityEx.au3 on the same folder to work properly.

HKCUReg.au3 requires Reg.au3 and SecurityEx.au3 on the same folder to work properly.

Edited by engine
mLipok likes this

Share this post


Link to post
Share on other sites



Posted

Updated Reg.au3

Share this post


Link to post
Share on other sites

Posted

There was an error in _HKCU_Import. So HKCUReg.au3 was updated.

Share this post


Link to post
Share on other sites

Posted

Updated Reg.au3

Added these functions:

_RegRestoreHive

_RegSaveHive

Share this post


Link to post
Share on other sites

Posted

Nice tools, I've been doing this same thing but using the command line from my scripts, this may just make my scripts a little cleaner.

Thanks

Share this post


Link to post
Share on other sites

Posted

Nice work engine.

Share this post


Link to post
Share on other sites

Posted (edited)

Thanks guys.

Reg.au3 was updated again.

I wasn't quite happy with one of the internal functions, "Split_sRootKey". So I couldn't stop thinking about it. And I have just rewritten it.

Also now SetPrivilege is called immediately before it is needed.

Regards.

Edited by engine

Share this post


Link to post
Share on other sites

Posted

This is great, thanks!

Share this post


Link to post
Share on other sites

Posted

Updated.

_RegLoadHive and _RegUnloadHive syntax changed.

It's now easier and identical to all the other functions.

Syntax for the rest of the functions is the same.

Share this post


Link to post
Share on other sites

Posted (edited)

Updated both UDFs.

Function "GetProfile" no longer use WMI and use Windows APIs instead.

Windows APIs have less requirements and should run faster. They should also run on all Windows NT based OS.

Also, now a temporary non existent SID is generated for the "Default User", to work as the temporary hive.

I need feedback from people that are using these functions on Networks with thousands of computers. Need to know if they execute within a reasonable time period.

Please try this.

#include <Array.au3>
#include "HKCUReg.au3"

$sComputer = @ComputerName ; Replace with your own remote computer name

$a = GetProfile("", $sComputer)
_ArrayDisplay($a)

Exit

And tell me if it runs fast. There is no need to post the result.

Thanks.

Edited by engine

Share this post


Link to post
Share on other sites

Posted

Updated.

Share this post


Link to post
Share on other sites

Posted

alot faster!

thanks engine

Share this post


Link to post
Share on other sites

Posted

Updated "Reg.au3".

SetPrivilege function now returns the previous privileges states, if they were modified.

For increased security, previous privileges states are restored immediately after the needed elevation of privilege.

Share this post


Link to post
Share on other sites

Posted

How would you suggest I delete multiple registry values from the same user hive without loading and unloading all the user hives for each value? I know I can modify the function to handle this, but is there any builtin functionality already?

Share this post


Link to post
Share on other sites

Posted

There isn't built in functionality for that purpose.

Instead I suggest you use _RegLoadHive and _RegUnloadHive functions on your script. That if you have a high amount of RegDelete operations you need to do on the same user hive.

Regards.

Share this post


Link to post
Share on other sites

Posted

I ended up modifying the HKCU Delete function to accept an array as well, the array contains the list of registry keys to delete. Thanks for this code, it's excellent!

Share this post


Link to post
Share on other sites

Posted

I ended up modifying the HKCU Delete function to accept an array as well, the array contains the list of registry keys to delete. Thanks for this code, it's excellent!

Great idea!

If time and will permits, I might modify Write, Delete and Read functions to accept both strings and arrays.

Regards.

Share this post


Link to post
Share on other sites

Posted

"Reg.au3" updated again.

A review to internal function SetPrivilege, allowed the removal of two lines, now unnecessary.

Share this post


Link to post
Share on other sites

Posted

"Reg.au3" updated again.

A review to internal function SetPrivilege, allowed the removal of two lines, now unnecessary.

Just keeps getting better and better engine. Keep it up.

Share this post


Link to post
Share on other sites

Posted (edited)

Has this code been tested on a Domain Controller? It doesn't appear to work correctly.

Edit:

This appears to be because the _Security__LookupAccountSid and _Security__LookupAccountName functions do not return the expected values. This would be because there are no local accounts.

Edited by archrival

Share this post


Link to post
Share on other sites

Posted (edited)

Has this code been tested on a Domain Controller? It doesn't appear to work correctly.

Edit:

This appears to be because the _Security__LookupAccountSid and _Security__LookupAccountName functions do not return the expected values. This would be because there are no local accounts.

I was hoping someone would test that and report back.

I will take a look at that. There should be a way to fix that.

Anyway. I was hoping it would work on domain controllers. The AutoIt documentation suggests it:

Name of the system. This string can be the name of a remote computer. If this string is blank,

the account name translation begins on the local system. If the name cannot be resolved on the local system,

this function will try to resolve the name using domain controllers trusted by the local system.

Edited by engine

Share this post


Link to post
Share on other sites

Posted

I was hoping someone would test that and report back.

I will take a look at that. There should be a way to fix that.

Anyway. I was hoping it would work on domain controllers. The AutoIt documentation suggests it:

I made a quick modification to the GetProfile() function to check for the validity of $avArray, if it's not set then I assume it's a domain controller. I didn't spend too much time on it, but the part where you are using _Security__LookupAccountName($sComputer, $sComputer) to retrieve the computer SID is the part that fails.

Share this post


Link to post
Share on other sites

Posted

I made a quick modification to the GetProfile() function to check for the validity of $avArray, if it's not set then I assume it's a domain controller. I didn't spend too much time on it, but the part where you are using _Security__LookupAccountName($sComputer, $sComputer) to retrieve the computer SID is the part that fails.

Thanks.

That part can be removed if needed. The computer SID is used only to generate a temporary SID for the "Defaut User" account. I will review that as soon as possible.

Share this post


Link to post
Share on other sites

Posted (edited)

how to delete all users' privilege about a certain key?

Edited by netegg

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now




  • Recently Browsing   0 members

    No registered users viewing this page.