PhoxNet

home programming links about

VBScript: Obtaining Registry Data Part 2

The boss wants this done now. This means the change has to happen remotely as we can't wait for a user to logon to apply the change locally. Unfortunately, the WScript.Shell object does not allow for remote access to the registry. In this case, we'll to instantiate another method of registry access. One that allows for remote access.

The Standard Registry Provider is exactly that object. It allows us to connect to the remote registry by establishing a Windows Managment Instrumentation (WMI) connection with the remote computers StdRegProv.

set objReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\default:StdRegProv")

Using the Standard Registry Provider (objReg) is a robust way of accessing a computers registry. However, this method requires low level specific. Notice, in the example below, that we can no longer use literals to access different hives. Instead, a HEX representaiton of where the hive can be found is required. Below is a list of hives, their abbreviation (commonly used with objShell's registry method), and HEX address.

Hive Abbreviation HEX
HKEY_CLASSES_ROOT HKCR &H80000001
HKEY_CURRENT_USER HKCU &H80000002
HKEY_LOCAL_MACHINE HKLM &H80000003
HKEY_USERS HKU &H80000004
HKEY_CURRENT_CONFIG HKCC &H80000005

Let's say for the sake of simplicity that we have an array, arrComputers, that has the name of all the computers on the network. Let's remove all mapped drives from all computers in arrComputers.

Because the network drive mappings are located in the HKEY_CURRENT_USER hive, we need to use the HEX address for the HKEY_CURRENT_USER hive. You can use the HEX directly with the objReg methods but it's advisable that you create a constant and assign the HEX value to it for use with objReg.

CONST HKEY_CURRENT_USER = &H80000001 'HEX that represents the HKEY_CURRENT_USER hive.

set objNetwork = WScript.CreateObject("WScript.Network")

for each strComputer in arrComputers
    set objReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\default:StdRegProv")
    colDrives = objNetwork.EnumNetworkDrives()
    for i = 0 to (colDrives.count - 1) step 2
        if (colDrives.item(i) <> "U:") then
            objReg.DeleteStringValue HKEY_CURRENT_USER, "Network", left(colShared.item(i), 1)
        end if
    next
next

Looks good, right? Wrong! The network object, objNetwork, only works on the local machine. Even though we established a connection to the remote registry, objReg, the network object doesn't have remote functionality.

How, then, can we enumerate the mapped drives? Fortunately, objReg has a nice little function called .EnumKey which we can use to enumerate the current user's network reg key.

CONST HKEY_CURRENT_USER = &H80000001 'HEX that represents the HKEY_CURRENT_USER hive.

for each strComputer in arrComputers
    set objReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\default:StdRegProv")
    objReg.EnumKey HKEY_CURRENT_USER, "Network", arrDrives
    for each strDrive in arrDrives
        if (strDrive <> "u") then
            objReg.DeleteKey HKEY_CURRENT_USER, "Network", strDrive
        end if
    next
next

Notice that our method of deleting the drive mappings is different that before. This is because objNetwork.EnumNetworkDrives() returns a single collection object that we must iterate in order to obtain the data we want. objReg.EnumKey, on the other hand, simply returns the name of the keys - no objects.

The boss's mind is running wild and he is now concerned about ANY AND ALL drive mapping. Therefore, he wants all drive mappings for all users on all computer to be removed immediately. What to do!?

We'll need to discover the SIDs of all the users that have a profile on a particular machine. Once obtained, we can use that with HKEY_USERS to indirectly access the HKEY_CURRENT_USER hive. But how do we discover which users have a profile on the machine? There are actually several ways but the easiest and simplest way is to enumerate the ProfileList reg key located in the HKEY_LOCAL_MACHINE hive.

CONST HKEY_LOCAL_MACHINE = &H80000002 'HEX that represents the HKEY_LOCAL_MACHINE hive.
CONST HKEY_USERS = &H80000003 'HEX that represents the HKEY_USERS hive.

for each strComputer in arrComputers
    'connect to remote computer registry
    set objReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\default:StdRegProv")
    
    'discover user SIDs
    objReg.EnumKey HKEY_LOCAL_MACHINE, "SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList", arrSIDs
    
    for each strSID in arrSIDs
        'We only care about user SIDs - those that begin with S-1-5-21-
        if (left(strSID, 9) = "S-1-5-21-") then
            'Enumerate the user's drive mappings
            objReg.EnumKey HKEY_USERS, strSID & "\Network", arrDrives
            for each strDrive in arrDrives
                objReg.DeleteKey HKEY_USERS, strSID & "\Network", strSID
            next 
        end if
    next
next

After you run this, the boss gives you a raise. Good job!



Comments



Wayne

Delphia

Deloris

Connie

Connie

Larue

Jamison

Odette

Stephen

When it comes to accessories like this, the old advice \"you get what you pay for\" applies.

Fred

Keesha

Una

Rosaura

Mason

Jacinto

Ciara

Shalanda

Rafael

Carlos

Efren

Penelope

Lesley

Rodrick

taxes due within the last three years, and debts that resulted

05-30-16

05-30-16

05-30-16

05-30-16

05-30-16

05-30-16

05-30-16

05-30-16

05-30-16

05-30-16

05-30-16

05-30-16

05-30-16

05-29-16

05-29-16

05-29-16

05-29-16

05-29-16

05-29-16

05-29-16

05-29-16

05-29-16

05-29-16

05-29-16

05-29-16

05-29-16

05-29-16

05-29-16

05-29-16

05-29-16

05-29-16

05-29-16

05-29-16

05-29-16

Mobile Homes Park Modl Homes, BC Alberta - Mobile Home Towing, Travel Trailer

05-29-16

05-29-16

05-29-16

05-29-16

05-29-16

05-29-16

05-29-16

05-29-16

05-29-16

05-29-16

05-29-16

05-29-16

05-29-16

05-29-16

05-29-16

05-28-16

05-28-16

05-28-16

05-28-16

05-28-16

05-28-16

05-28-16

05-28-16

05-28-16

05-28-16

05-28-16

05-28-16

05-28-16

05-28-16

05-28-16

05-28-16

05-28-16

05-28-16

05-28-16

05-28-16

05-28-16

05-28-16

05-28-16

05-28-16

05-28-16

05-27-16

05-27-16

05-27-16

05-27-16

05-27-16

05-27-16

05-27-16

05-27-16

05-27-16

05-27-16

05-27-16

05-27-16

05-27-16

05-27-16

05-27-16

05-27-16

05-27-16

05-27-16

05-27-16

05-27-16

05-27-16

05-27-16

05-27-16

05-27-16

05-27-16

05-27-16

05-27-16

05-27-16

05-27-16

05-27-16

05-27-16

05-27-16

05-27-16

05-27-16

05-27-16

05-27-16

05-26-16

05-26-16

05-26-16

05-26-16

05-26-16

05-26-16

05-26-16

05-26-16

05-26-16

05-26-16

05-26-16

05-26-16

05-26-16

05-26-16

05-26-16

05-26-16

05-26-16

05-26-16

05-26-16

05-26-16

05-26-16

05-26-16

05-26-16

05-26-16

05-26-16

05-26-16

05-26-16

05-26-16

05-26-16

05-25-16

05-25-16

05-25-16

05-25-16

05-25-16

05-25-16

05-25-16

05-25-16

05-25-16

05-25-16

05-25-16

05-25-16

05-25-16

05-25-16

05-25-16

05-25-16

05-25-16

05-25-16

05-25-16

05-25-16

05-25-16

05-25-16

05-25-16

05-25-16

05-25-16

05-25-16

05-25-16

05-25-16

05-25-16

05-25-16

05-25-16

05-25-16

05-25-16

05-24-16

05-24-16

05-24-16

05-24-16

05-24-16

05-24-16

05-24-16

05-24-16

05-24-16

05-24-16

05-24-16

05-24-16

05-24-16

05-24-16

05-24-16

05-24-16

05-24-16

05-24-16

05-24-16

05-24-16

05-24-16

05-24-16

05-24-16

05-24-16

05-24-16

05-24-16

05-24-16

05-24-16

05-23-16

05-23-16

05-23-16

05-23-16

05-23-16

05-23-16

05-23-16

05-23-16

05-23-16

05-23-16

05-23-16

05-23-16

05-23-16

05-23-16

05-23-16

05-22-16

05-22-16

05-22-16

05-22-16

05-22-16

05-22-16

05-22-16

05-22-16

05-22-16

05-22-16

05-22-16

05-22-16

05-22-16

05-22-16

05-22-16

05-22-16

05-22-16

05-22-16

05-22-16

05-22-16

05-22-16

05-22-16

05-22-16

05-22-16

05-22-16

05-22-16

05-22-16

05-22-16

05-22-16

05-22-16

05-22-16

05-22-16

05-21-16

05-21-16

05-21-16

05-21-16

05-21-16

05-21-16

05-21-16

05-21-16

05-21-16

05-21-16

05-21-16

05-21-16

05-21-16

05-21-16

05-21-16

05-21-16

05-21-16

05-21-16

05-21-16

05-21-16

05-21-16

05-21-16

05-21-16

05-20-16

05-20-16

05-20-16

05-20-16

05-20-16

05-20-16

05-20-16

05-20-16

05-20-16

05-20-16

05-20-16

05-20-16

05-20-16

05-20-16

05-20-16

05-20-16

05-20-16

05-20-16

05-20-16

05-20-16

05-20-16

05-20-16

05-20-16

05-20-16

05-19-16

05-19-16

05-19-16

05-19-16

05-19-16

05-19-16

05-19-16

05-19-16

05-19-16

05-19-16

05-19-16

05-19-16

05-19-16

05-19-16

05-19-16

05-19-16

05-19-16

05-19-16

05-19-16

05-19-16

05-18-16

05-18-16

05-18-16

05-18-16

05-18-16

05-18-16

05-18-16

05-18-16

05-18-16

05-18-16

05-18-16

05-18-16

05-18-16

05-18-16

05-18-16

05-18-16

05-18-16

05-18-16

05-18-16

05-18-16

05-18-16

05-18-16

05-18-16

05-18-16

05-18-16

05-18-16

05-18-16

05-18-16

05-18-16

05-18-16

05-18-16

05-18-16

05-18-16

05-17-16

05-17-16

05-17-16

05-17-16

05-17-16

05-17-16

05-17-16

05-17-16

05-17-16

05-17-16

05-17-16

05-17-16

05-17-16

05-17-16

05-17-16

05-17-16

05-17-16

05-17-16

05-17-16

05-17-16

05-17-16

05-17-16

05-17-16

05-17-16

05-17-16

05-17-16

05-17-16

05-17-16

05-17-16

05-16-16

05-16-16

05-16-16

05-16-16

05-16-16

05-16-16

05-16-16

05-16-16

05-16-16

05-16-16

05-16-16

05-16-16

05-16-16

05-16-16

05-16-16

05-16-16

05-16-16

05-16-16

05-16-16

05-16-16

05-16-16

05-16-16

05-16-16

05-16-16

05-16-16

05-16-16

05-16-16

05-16-16

05-16-16

05-16-16

05-16-16

05-16-16

05-16-16

05-16-16

05-16-16

05-16-16

05-16-16

05-16-16

05-16-16

05-15-16

05-15-16

05-15-16

05-15-16

05-15-16

05-15-16

05-15-16

05-15-16

05-15-16

05-15-16

05-15-16

05-15-16

05-15-16

05-15-16

05-15-16

05-15-16

05-15-16

05-15-16

05-15-16

05-15-16

05-15-16

05-15-16

05-15-16

05-15-16

05-15-16

05-15-16

05-15-16

05-15-16

05-15-16

05-15-16

05-15-16

05-15-16

05-14-16

05-14-16

05-14-16

05-14-16

05-14-16

05-14-16

05-14-16

05-14-16

05-14-16

05-14-16

05-14-16

05-14-16

05-14-16

05-14-16

05-14-16

05-14-16

05-14-16

05-14-16

05-14-16

05-14-16

05-14-16

05-14-16

05-14-16

05-14-16

05-14-16

05-14-16

05-14-16

05-14-16

05-14-16

05-14-16

05-14-16

05-14-16

05-14-16

05-14-16

05-14-16

05-14-16

05-14-16

05-14-16

05-14-16

05-14-16

05-14-16

05-14-16

05-14-16

05-13-16

05-13-16

05-13-16

05-13-16

05-13-16

05-13-16

05-13-16

05-13-16

05-13-16

05-13-16

05-13-16

05-13-16

05-13-16

05-13-16

05-13-16

05-13-16

05-13-16

05-13-16

05-13-16

05-13-16

05-13-16

05-13-16

05-13-16

05-13-16

05-13-16

05-13-16

05-13-16

05-13-16

05-13-16

05-13-16

05-13-16

05-13-16

05-13-16

05-13-16

05-13-16

05-13-16

05-13-16

05-13-16

05-13-16

05-13-16

05-13-16

05-13-16

05-13-16

05-13-16

05-13-16

05-13-16

05-13-16

05-13-16

05-13-16

05-12-16

05-12-16

05-12-16

05-12-16

05-12-16

05-12-16

05-12-16

05-12-16

05-12-16

05-12-16

05-12-16

05-12-16

05-12-16

05-12-16

05-12-16

05-12-16

05-12-16

05-12-16

05-12-16

05-12-16

05-12-16

05-12-16

05-12-16

05-12-16

05-12-16

05-12-16

05-12-16

05-12-16

05-12-16

05-12-16

05-12-16

05-12-16

05-12-16

05-12-16

05-11-16

05-11-16

05-11-16

05-11-16

05-11-16

05-11-16

05-11-16

05-11-16

05-11-16

05-11-16

05-11-16

05-11-16

05-11-16

05-11-16

05-11-16

05-11-16

05-11-16

05-11-16

05-11-16

05-11-16

05-11-16

05-11-16

05-11-16

05-11-16

05-11-16

05-11-16

05-10-16

05-10-16

05-10-16

05-10-16

05-10-16

05-10-16

05-10-16

05-10-16

05-10-16

05-10-16

05-10-16

05-10-16

05-10-16

05-10-16

05-10-16

05-10-16

05-10-16

05-10-16

05-10-16

05-10-16

05-10-16

05-10-16

05-10-16

05-10-16

05-10-16

05-10-16

05-10-16

05-10-16

05-10-16

05-10-16

05-10-16

05-10-16

05-10-16

05-10-16

05-10-16

05-10-16

05-10-16

05-10-16

05-09-16

05-09-16

05-09-16

05-09-16

05-09-16

05-09-16

05-09-16

05-09-16

05-09-16

05-09-16

05-09-16

05-09-16

05-09-16

05-09-16

05-09-16

05-09-16

05-09-16

05-09-16

05-09-16

05-09-16

05-09-16

05-09-16

05-09-16

05-09-16

05-09-16

05-09-16

05-09-16

05-09-16

05-09-16