Reading Remote Registry

[Guest BillBeavis]

I am building a script to inventory PCs on my network. I am using WMI for the most part, but the installed software information in WMI only lists software installed using Windows Installer (msi files). So I am reading the registry key "\\" & $strComputer & "\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\" in my script. I am using the RegEnumKey function to list the keys and RegRead function to read the values "DisplayName", "InstallDate", "DisplayVersion", "SystemComponent". It works, sort of.

The problem is that systems over the WAN are horrible slow at the registry reads (WMI is fine). I suspect the problem is that each call the RegRead and RegEnumKey has to connect and authenticate and so on and so forth. Is there an alternate method of remotely reading the registry that is more efficient? Something that keeps a connection open?

I have found a method of reading the registry using WMI and will be testing it. I am curious if someone else has solved this already?

[Tripredacus]

I believe there is something within Windows that does this already. Perhaps you can use that?

[PsaltyDS]

Try reading them all out at once to a text file like this:

$RegKey = "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
RunWait(@ComSpec & ' /c REG QUERY ' & $RegKey & ' /s > RegRead.txt', @ScriptDir, @SW_MINIMIZE)
; FileCopy("RegRead.txt", "\\YourComputer\YourShare\")
Run("notepad.exe RegRead.txt", @ScriptDir)

Then retreive the file and parse it. This way you don't have to iterate through the reg path.

[ptrex]

@all

There are a dozen ways of getting this done.

$Computer = "/S ."
$Info = Run('Systeminfo.exe '&$Computer, "", @SW_HIDE , $STDERR_CHILD + $STDOUT_CHILD)

Systeminfo.exe is only running on XP PRO.

Regards,

ptrex

[PsaltyDS]

$a=RegRead("\\PC\HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation","StandardName")
MsgBox(4096,@error,$a)

I think he had that point already. The issue was how long it took to enumerate all keys under ...\UnInstall over a WAN link. My post was about locally executing a REG.EXE command on the remote computer to list them all to a .txt file, then parsing the file locally on his admin workstation. The single file transfer is possibly quicker that the repeated remote registry accesses over the WAN link.

[tAKTelapis]

Not really helpful with your script, but just incase you didn't want to keep re-inventing the wheel:

http://winventory.sourceforge.net/

Comes with a VBS that scans remote computer (or can be set to run silently on login) and posts everything back to a MySQL database.

(note that they have moved to a new system called Open Audit which is linked from the site i gave)

Also, if you are using Ghost, i think it (the ghost console) has the ability to report all software, i know that it can do serials and hardware info.

Anyways, good luck, i would be interested in seeing what you produce with autoIT.

[Guest BillBeavis]

Sorry for not getting back sooner, I thought I would receive notices when people replied. I have not found a better solution yet.

I tried the following code, with the result taking roughly 260 seconds

$strComputer = "mil-02"
$SWkey = "\\" & $strComputer & "\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"

For $i= 1 to 5000
    $var = RegEnumKey($SWkey, $i)
    If @error <> 0 then ExitLoop
    $DisplayName = RegRead($SWkey & $var, "DisplayName")
    $InstallDate = RegRead($SWkey & $var, "InstallDate")
    $DisplayVersion = RegRead($SWkey & $var, "DisplayVersion")
    $SystemComponent = RegRead($SWkey & $var, "SystemComponent")
    
    If $DisplayName <> "" Then
        ConsoleWrite($strComputer & ",'" & $DisplayName & "','" & $DisplayVersion & "','" & $InstallDate & "','" & @CRLF )
    EndIf
Next

The following code, taken from above, took about 325 Seconds).

$Regkey = "\\mil-02\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"
;$RegKey = "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
RunWait(@ComSpec & ' /c REG QUERY ' & $RegKey & ' /s > RegRead.txt', @ScriptDir, @SW_MINIMIZE)
; FileCopy("RegRead.txt", "\\YourComputer\YourShare\")
Run("notepad.exe RegRead.txt", @ScriptDir)

I'm not sure what causes the slowdown. I would have thought the RegRead command was doing it, but know I think it is an underlying inefficiency in RPCs to remote registries. Unfortunately, the WMI software stuff only picks up MSI installs.

[Guest BillBeavis]

Thanks for the info on wininventory. It is very similar to what I am doing, but from what I've read it isn't quite what I want. With WMI, collecting the information is the easy part. I've found many programs that do mostly what I want, but fall short of a key feature. I can tell you already I'd hesitate on wininventory because of mysql. I like mysql, but we have mssql already and I don't want to introduce another db engine. I will probably try it out at any rate.

[LynnS]

PsaltyDS, VERY helpful. Exactly the type of help I was looking for. THANKS!

$RegKey = "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
RunWait(@ComSpec & ' /c REG QUERY ' & $RegKey & ' /s > RegRead.txt', @ScriptDir, @SW_MINIMIZE)
; FileCopy("RegRead.txt", "\\YourComputer\YourShare\")
Run("notepad.exe RegRead.txt", @ScriptDir)

[flyonthewall]

i made the regkey change for win2k, but returned no results.

will this not work for win2k or did i make a mistake in the code?

thank you for any assistance.

;$RegKey = "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
$RegKey = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
RunWait(@ComSpec & ' /c REG QUERY ' & $RegKey & ' /s > RegRead.txt', @ScriptDir, @SW_MINIMIZE)
;FileCopy("RegRead.txt", "\\YourComputer\YourShare\")
Run("notepad.exe RegRead.txt", @ScriptDir)

[flyonthewall]

anyone have windows 2000 to try this on please?

thanks

[LiHang]

Windows 2000 don't have reg.exe natively. That's why it's not working on Windows 2000 platform.

I'm also trying to find a way to improve the remote registry query. But no result until now. :-(