Windows IT Pro
Connect With Us
Home > Windows Server > VBScripting Solutions: Working with Remote Registries

VBScripting Solutions: Working with Remote Registries

Jun. 24, 2001 Dino Esposito | Windows IT Pro
Downloads
21288.zip

Network administrators deal with the registry daily when they perform such tasks as changing application settings, tuning system behaviors, and managing user permissions. As a result, being able to access any machine's registry, including remote workstations, is crucial to effectively administer networks.

The registry is a collection of files. When you access the registry, the Win32 software development kit (SDK) and the system-provided registry editors (i.e., regedit and regedt32) work together to expose the registry as one virtual file. Regedit and regedt32 are interactive tools that you can use to access remote registries manually. If you want to access a remote registry programmatically, you need to use a special API that exploits the SDK-level functions for registry network access. Here's how you can access remote registries and manage remote users' access to the local registry in Windows 2000, Windows NT, and Windows 9x systems with regedit, regedt32, and custom tools. (Windows Me doesn't support remote registry access.)

Accessing Remote Registries
In Win2K and NT systems, you can use regedit and regedt32 to view remote registry trees, provided that you have the permissions needed to access those trees. To view remote registries with regedit, select Connect Registry Network on the Registry menu. In the dialog box that appears, enter the name of the network server you want to access in the Computer name field, then click OK. If the connection is successful, regedit refreshes the left pane so that it contains a new root tree at the same level of My Computer. Like the local tree, the remote tree assumes the network server's name and displays the machine's subtrees, keys, and subkeys. In this respect, local and remote trees are rather indistinguishable.

To view remote registries with regedt32, choose Select Computer on the Registry menu. In the Select Computer list that appears, highlight the name of the network computer to which you want to connect, then click OK. If the connection is successful, the multiple-document interface (MDI) windows show the content of the remote registry.

In Win9x systems, you can use regedit or a custom tool to access remote registries. However, you must set up your machines for remote administration. You need to enable the Remote Administration service, then install the Remote Registry service on every Win9x machine (clients and servers) that you want to involve in the remote registry access operation. For detailed information about how to enable the Remote Administration service and install the Remote Registry service, see the Microsoft article "How to Install Remote Administration Services" (http://support.microsoft.com/support/kb/articles/q141/4/60.asp). On the Win95 CD-ROM, the installation files are in the \admin\nettools\remotereg folder. On the Win98 CD-ROM, the files are in the \tools\reskit\netadmin\remotereg folder.

After you set up your Win9x machines, the Remote Administration and Remote Registry services work together to let you access remote registries. In addition, these services let you administer file and print sharing.

Using regedit, regedt32, or any custom tool that you might create, you can access most but not all the first-level subtrees in remote registries in Win2K, NT, and Win9x systems. You can access HKEY_CLASSES_ROOT, HKEY_LOCAL_MACHINE, HKEY_USERS, and HKEY_PERFORMANCE_DATA. (For information about the HKEY_PERFORMANCE_DATA subtree, see the Web-exclusive sidebar "Accessing Performance Data" on the Windows Scripting Solutions Web site at http://www.winscriptingsolutions.com.) You can't access the HKEY_CURRENT_USER subtree directly, but you can access the same information through the applicable user subkey in the HKEY_USERS subtree. As I explained in my April column, HKEY_CURRENT_USER is a virtual subtree that the OS exposes to make registry programming easier. HKEY_CURRENT_USER points to a subkey under HKEY_USERS; the subkey's name is the globally unique ID (GUID) of the currently logged-on user.

Managing Users' Access
In Win2K and NT, you can change remote users' permissions to access another computer's registry. You can secure registries at two levels.

  1. You can use the registry's optional HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg subkey to control which remote users can connect to a registry. The winreg subkey's ACL determines who can remotely connect. If this subkey doesn't exist, all authenticated remote users can connect to the registry. (In servers running NT 4.0 Service Pack 2—SP2—or earlier, Anonymous remote users can connect to the local registry. SP3 contains a hotfix for this problem. A similar hotfix exists for NT 3.51 servers.) If the winreg subkey exists, the OS pays much more attention to any attempt to remotely access a registry file—users must have at least Read access to the winreg subkey on the target computer.
  2. If remote users have Read access, the per-user permissions that you set on winreg determine the operations the users can accomplish in the various keys and subkeys. These permissions apply to the registry as a whole and overwrite permissions that someone might set locally on a specific key or subkey. As a result, a certain key might allow Full Control access for all local users but allow only Read access for remote users because the remote users have been given only Read access at the winreg subkey level.

By default, in NT 4.0, members of the Administrators group have Full Control access to the winreg subkey. Members of the Backup Operators group have only Read access. Microsoft changed this default in Win2K so that both groups have Full Control access. To view the permissions set for the winreg subkey, run regedt32 and click Permissions on the Security menu.

The winreg\AllowedPaths subkey specifies portions of the registry that remote users can read regardless of the settings in the winreg subkey's ACL. The AllowedPaths subkey uses REG_MULTI_SZ values to specify which registry entries everyone can read. By default, only Administrators group members can change Read and Write permissions in the AllowedPaths subkey. Any change in the AllowedPaths subkey requires a reboot to take effect. To learn more about how to use this subkey, see the Microsoft article "How to Restrict Access to NT Registry from a Remote Computer" (http://support.microsoft.com/support/kb/articles/q153/1/83.asp).

Programmatic Access
The Windows Script Host (WSH) programming interface lets you work with the registry but not over a network. The Win32 SDK has a function to connect to a remote registry. However, you can't use this function in WSH. So, if you need to programmatically access a remote registry, you must use Microsoft Visual Basic (VB).

I've written a simple .exe application in VB 6.0 that reads the values of remote and local registry entries in the HKEY_CLASSES_ROOT and HKEY_LOCAL_MACHINE subtrees. Figure 1 shows the Remote Registry Reader's UI. You can find the source code for this VB application in the Code Library on the Windows Scripting Solutions Web site. Because this column is about VBScript rather than VB, I won't go into the details about how I wrote the application. (If you want to find out some of those details, see the included readme.txt file.) Instead, let me explain how you install and use this application.

The Remote Registry Reader works on machines that run Win2K, NT 4.0, or Win9x (provided that you've enabled the Remote Administration service and installed the Remote Registry service). The application will also work on Windows XP machines. To install the Remote Registry Reader, copy the source code on your machine into the desired directory. The machine must have VB 6.0 installed.

To use the Remote Registry Reader, double-click the executable (remreg.exe). Click the desired subtree (HKCR or HKLM) and enter the name of the target machine. In the Key field, enter the path to the desired key or subkey. In the Value field, type the name of the entry for which you want to see the value. After you click Read Data, the application updates the text box with the applicable registry content.

A Choice of Tools
If you have a network that includes remote machines and remote users, knowing how to access the remote machines' registries and manage remote users' access to registries is vital. As I've demonstrated, you can use regedit or regedt32 or a custom tool such as the Remote Registry Reader.

Discuss this Article 26

Chris Bland (not verified)
on Feb 4, 2003

Anyone know of a way to specify alternative logon credentials when connecting to a remote registry programatically?

Anonymous User (not verified)
on Jan 27, 2005
Example of capturing CMD info: sub CapturingCMDInfo(strComputer) strText = "" Set objShell = CreateObject("Wscript.Shell") Set objExecObject = objShell.Exec ("%comspec% /c ping -n 3 -w 1000 " & strComputer) Do While Not objExecObject.StdOut.AtEndOfStream strText = objExecObject.StdOut.ReadAll() If Instr(strText, "out") > 0 Then Exit Do End If Loop Msgbox strText end sub strComputer = "AComputerName" CapturingCMDInfo(strComputer)
Anonymous User (not verified)
on Jan 27, 2005
And last but not least, an awesome example repository: http://www.microsoft.com/technet/scriptcenter/resources/qanda/hsgarch.mspx
Anonymous User (not verified)
on Jan 27, 2005
Example of reading systems from a file: sub DoSomethingFromFileList(strFilePath) set ofs = createobject("scripting.filesystemobject") Err.Clear set oFile = ofs.opentextfile(strFilePath, 1, false) if (Err.Number <> 0) then wscript.echo "Cannot open Target file: " & strFilePath wscript.quit end if while not oFile.atEndOfStream strComputer = oFile.ReadLine() DoSomething(strComputer) wend end sub sub DoSomething(strComputer) Msgbox "Doing something to computer " & strComputer end sub strFilePath = "C:\mycomputerlist.txt" DoSomethingFromFileList(strFilePath)
Paul (not verified)
on Jan 9, 2004

I was searching the net for just this, thank you for pointing it out. Now I can waste my time on something else :). One neat thing I did come across is the follwing: You can use VBS to copy a *.reg file over to a remote server, then use AT to schedule a regedit of the file you just copied. I thought that was worth sharing, a neet work around.

Anonymous User (not verified)
on Jan 19, 2005
Hi Armand, can you post your code? How do you pass the value from reg.exe back to script. Thanks.
Anonymous User (not verified)
on Dec 14, 2004
To Armand I also would like to have that code would be a big help I have been instructed to change the CO's logo on the log in screen in W2k on all user desktops about 120 of them. It would be ideal if I could change the Desktop;Background key in the registry without having to go to each individual machine. You can contact me at Rockclymer@hotmail.com
ACE (not verified)
on Mar 16, 2004

Does anybody have a script to simply merge .reg files into the registry of numerous remote servers at a given time? (e.g., Supply the list of servers via text file, then supply the .reg file as another parameter, then have the script merge the .reg file contents into the registries of all the remote servers as noted by the text file.)

Mikael (not verified)
on May 2, 2003

Good article, exactly the answers I've been searching to find.

Anonymous User (not verified)
on Nov 8, 2004
IN RESPONSE to ARMAND mar24 ..I am looking to do that exact same thing. please email any help to p4llen at yahoo thanks SO much!
Armand (not verified)
on Mar 24, 2004
The article mentions WSH is unable to manage a remote computers registry and while I'm finding out that's true there is a way around it using another Microsoft tool; reg.exe from the Win2K resource kit. Using the Set objShell = WScript.CreateObject("WScript.Shell") you can call the reg.exe executable in your VBScript and pass it arguments you specify in other portions of the script. I know this works as I've written a script that will read a list of computer names from a text file, connect to the remote registry using reg.exe and manipulate the SNMP keys in HKLM\SYSTEM\CurrentControlSet\Services\SNMP so I can globally change the SNMP community strings in one shot without having to log into each server. If anyone is interested in the code let me know and I'll post here....
Sulaiman (not verified)
on Dec 21, 2004
Hello Armand, i want the codes. my actual task is to add values in HKLM at remote location. Will this be acheived by ur code? or anyhow is it possible to do? plz forward ur codes on kudcsbs@yahoo.com thanks takecare sulaiman
Chris Wright
on Dec 22, 2003

Is there a way to add a value to the HKEY_CURRENT_USERS key in the registry . I know you can add value to HKEY_LOCAL_MACHINE and HKEY_USERS. Is there a command or a program that will enable you to add values?

Anonymous User (not verified)
on Jul 19, 2005
A very useful article....

Please or Register to post comments.

Related Articles
Upcoming Training

Mastering System Center 2012

During over 6 hours of training you can join John Savill from your computer as he will walk you through the key components and capabilities of System Center 2012, what’s involved in using the components, and the benefit they can bring to your environment.

Register Now

Current Issue

May 2013 - The NameTranslate object is useful when you need to translate Active Directory object names between different formats, but it's awkward to use from PowerShell. Here's a PowerShell script that eliminates the awkwardness.

CURRENT ISSUE / ARCHIVE / SUBSCRIBE

Windows Forums

Get answers to questions, share tips, and engage with the Windows Community in our Forums.

Featured Products
Windows 8 Tips
Windows 8 Tips

You’ve been told that Microsoft has somehow compromised the beloved desktop environment and ruined it with Metro...

VIP - Premium Membership
For the IT Professional that needs access to training, premium content, discounts, and more, joining our VIP group just...
Testing with Visual Studio 2012

June 25th
Presented by: Brian Minisi

EARLY BIRD DISCOUNT -...

View CatalogView Shopping Cart

WindowsITPro.com
Related Sites
Copyright © 2013 Penton Media, Inc