Registry UDFs

[engine]

SecurityEx.au3

Reg.au3

(Requires SecurityEx.au3 from above)

Current functions:

_RegLoadHive

_RegRestoreHive

_RegSaveHive

_RegUnloadHive

Features:

These functions support remote computers.

Notes:

All functions are supposed to work on Windows 2000 and later

HKCUReg.au3

(Requires Reg.au3 from above)

Current functions:

_HKCU_Delete

_HKCU_EnumKey

_HKCU_EnumVal

_HKCU_Import

_HKCU_Read

_HKCU_Write

Features:

With the exception of _HKCU_Import, all functions support remote computers.

It's possible to specify one user account or use all accounts on a computer at once.

Both local accounts and domain like accounts are supported.

Notes:

_HKCU_Import is supposed to work on Windows XP and later.

The rest are supposed to work on Windows 2000 and later.

Reg.au3 requires SecurityEx.au3 on the same folder to work properly.

HKCUReg.au3 requires Reg.au3 and SecurityEx.au3 on the same folder to work properly.

Edited March 23, 2012 by engine

[engine]

Updated Reg.au3

[engine]

There was an error in _HKCU_Import. So HKCUReg.au3 was updated.

[engine]

Updated Reg.au3

Added these functions:

_RegRestoreHive

_RegSaveHive

[P388l3s]

Nice tools, I've been doing this same thing but using the command line from my scripts, this may just make my scripts a little cleaner.

Thanks

[GEOSoft]

Nice work engine.

[engine]

Thanks guys.

Reg.au3 was updated again.

I wasn't quite happy with one of the internal functions, "Split_sRootKey". So I couldn't stop thinking about it. And I have just rewritten it.

Also now SetPrivilege is called immediately before it is needed.

Regards.

Edited July 8, 2008 by engine

[archrival]

This is great, thanks!

[engine]

Updated.

_RegLoadHive and _RegUnloadHive syntax changed.

It's now easier and identical to all the other functions.

Syntax for the rest of the functions is the same.

[engine]

Updated both UDFs.

Function "GetProfile" no longer use WMI and use Windows APIs instead.

Windows APIs have less requirements and should run faster. They should also run on all Windows NT based OS.

Also, now a temporary non existent SID is generated for the "Default User", to work as the temporary hive.

I need feedback from people that are using these functions on Networks with thousands of computers. Need to know if they execute within a reasonable time period.

Please try this.

#include <Array.au3>
#include "HKCUReg.au3"

$sComputer = @ComputerName ; Replace with your own remote computer name

$a = GetProfile("", $sComputer)
_ArrayDisplay($a)

Exit

And tell me if it runs fast. There is no need to post the result.

Thanks.

Edited July 21, 2008 by engine

[engine]

Updated.

[gcue]

alot faster!

thanks engine

[engine]

Updated "Reg.au3".

SetPrivilege function now returns the previous privileges states, if they were modified.

For increased security, previous privileges states are restored immediately after the needed elevation of privilege.

[archrival]

How would you suggest I delete multiple registry values from the same user hive without loading and unloading all the user hives for each value? I know I can modify the function to handle this, but is there any builtin functionality already?

[engine]

There isn't built in functionality for that purpose.

Instead I suggest you use _RegLoadHive and _RegUnloadHive functions on your script. That if you have a high amount of RegDelete operations you need to do on the same user hive.

Regards.

[archrival]

I ended up modifying the HKCU Delete function to accept an array as well, the array contains the list of registry keys to delete. Thanks for this code, it's excellent!

[engine]

I ended up modifying the HKCU Delete function to accept an array as well, the array contains the list of registry keys to delete. Thanks for this code, it's excellent!

Great idea!

If time and will permits, I might modify Write, Delete and Read functions to accept both strings and arrays.

Regards.

[engine]

"Reg.au3" updated again.

A review to internal function SetPrivilege, allowed the removal of two lines, now unnecessary.

[GEOSoft]

"Reg.au3" updated again.

A review to internal function SetPrivilege, allowed the removal of two lines, now unnecessary.

Just keeps getting better and better engine. Keep it up.

[archrival]

Has this code been tested on a Domain Controller? It doesn't appear to work correctly.

Edit:

This appears to be because the _Security__LookupAccountSid and _Security__LookupAccountName functions do not return the expected values. This would be because there are no local accounts.

Edited August 28, 2008 by archrival