Sign in to follow this  
Followers 0
Guest BillBeavis

Reading Remote Registry

12 posts in this topic

I am building a script to inventory PCs on my network. I am using WMI for the most part, but the installed software information in WMI only lists software installed using Windows Installer (msi files). So I am reading the registry key "\\" & $strComputer & "\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\" in my script. I am using the RegEnumKey function to list the keys and RegRead function to read the values "DisplayName", "InstallDate", "DisplayVersion", "SystemComponent". It works, sort of.

The problem is that systems over the WAN are horrible slow at the registry reads (WMI is fine). I suspect the problem is that each call the RegRead and RegEnumKey has to connect and authenticate and so on and so forth. Is there an alternate method of remotely reading the registry that is more efficient? Something that keeps a connection open?

I have found a method of reading the registry using WMI and will be testing it. I am curious if someone else has solved this already?

Share this post


Link to post
Share on other sites



I believe there is something within Windows that does this already. Perhaps you can use that?

Share this post


Link to post
Share on other sites

Try reading them all out at once to a text file like this:

$RegKey = "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
RunWait(@ComSpec & ' /c REG QUERY ' & $RegKey & ' /s > RegRead.txt', @ScriptDir, @SW_MINIMIZE)
; FileCopy("RegRead.txt", "\\YourComputer\YourShare\")
Run("notepad.exe RegRead.txt", @ScriptDir)

Then retreive the file and parse it. This way you don't have to iterate through the reg path.

:)


Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites

Share this post


Link to post
Share on other sites

$a=RegRead("\\PC\HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation","StandardName")
MsgBox(4096,@error,$a)
I think he had that point already. The issue was how long it took to enumerate all keys under ...\UnInstall over a WAN link. My post was about locally executing a REG.EXE command on the remote computer to list them all to a .txt file, then parsing the file locally on his admin workstation. The single file transfer is possibly quicker that the repeated remote registry accesses over the WAN link.

:)


Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites

Not really helpful with your script, but just incase you didn't want to keep re-inventing the wheel:

http://winventory.sourceforge.net/

Comes with a VBS that scans remote computer (or can be set to run silently on login) and posts everything back to a MySQL database.

(note that they have moved to a new system called Open Audit which is linked from the site i gave)

Also, if you are using Ghost, i think it (the ghost console) has the ability to report all software, i know that it can do serials and hardware info.

Anyways, good luck, i would be interested in seeing what you produce with autoIT.

Share this post


Link to post
Share on other sites

Sorry for not getting back sooner, I thought I would receive notices when people replied. I have not found a better solution yet.

I tried the following code, with the result taking roughly 260 seconds

$strComputer = "mil-02"
$SWkey = "\\" & $strComputer & "\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"

For $i= 1 to 5000
    $var = RegEnumKey($SWkey, $i)
    If @error <> 0 then ExitLoop
    $DisplayName = RegRead($SWkey & $var, "DisplayName")
    $InstallDate = RegRead($SWkey & $var, "InstallDate")
    $DisplayVersion = RegRead($SWkey & $var, "DisplayVersion")
    $SystemComponent = RegRead($SWkey & $var, "SystemComponent")
    
    If $DisplayName <> "" Then
        ConsoleWrite($strComputer & ",'" & $DisplayName & "','" & $DisplayVersion & "','" & $InstallDate & "','" & @CRLF )
    EndIf
Next

The following code, taken from above, took about 325 Seconds).

$Regkey = "\\mil-02\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"
;$RegKey = "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
RunWait(@ComSpec & ' /c REG QUERY ' & $RegKey & ' /s > RegRead.txt', @ScriptDir, @SW_MINIMIZE)
; FileCopy("RegRead.txt", "\\YourComputer\YourShare\")
Run("notepad.exe RegRead.txt", @ScriptDir)

I'm not sure what causes the slowdown. I would have thought the RegRead command was doing it, but know I think it is an underlying inefficiency in RPCs to remote registries. Unfortunately, the WMI software stuff only picks up MSI installs.

Share this post


Link to post
Share on other sites

Thanks for the info on wininventory. It is very similar to what I am doing, but from what I've read it isn't quite what I want. With WMI, collecting the information is the easy part. I've found many programs that do mostly what I want, but fall short of a key feature. I can tell you already I'd hesitate on wininventory because of mysql. I like mysql, but we have mssql already and I don't want to introduce another db engine. I will probably try it out at any rate.

Share this post


Link to post
Share on other sites

PsaltyDS, VERY helpful. Exactly the type of help I was looking for. THANKS!

$RegKey = "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
RunWait(@ComSpec & ' /c REG QUERY ' & $RegKey & ' /s > RegRead.txt', @ScriptDir, @SW_MINIMIZE)
; FileCopy("RegRead.txt", "\\YourComputer\YourShare\")
Run("notepad.exe RegRead.txt", @ScriptDir)

Share this post


Link to post
Share on other sites

i made the regkey change for win2k, but returned no results.

will this not work for win2k or did i make a mistake in the code?

thank you for any assistance.

;$RegKey = "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
$RegKey = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
RunWait(@ComSpec & ' /c REG QUERY ' & $RegKey & ' /s > RegRead.txt', @ScriptDir, @SW_MINIMIZE)
;FileCopy("RegRead.txt", "\\YourComputer\YourShare\")
Run("notepad.exe RegRead.txt", @ScriptDir)

Share this post


Link to post
Share on other sites

anyone have windows 2000 to try this on please?

thanks

Share this post


Link to post
Share on other sites

Windows 2000 don't have reg.exe natively. That's why it's not working on Windows 2000 platform.

I'm also trying to find a way to improve the remote registry query. But no result until now. :-(

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0