Batch script for win 10 registry to find and change details

October 30, 2017 at 13:18:20
Specs: Windows 7
I'm having a challenge. I'd like to create a batch file that finds and replaces the data or string or binary detail in a value under a subkey.

To be more clear let me give a direct example with this long subkey:

HKU\S-1-5-21-2269125883-3665482506-1263715658-1001\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{6398C59E-375F-4940-9141-7AAA96123720}Machine\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /f /v AutoInstallMinorUpdates /t REG_DWORD /d 1

In the above subkey I would like the batch script to find the value "AutoInstallMinorUpdates" and change whatever data it has to "0" from "1" or whatever other digit they might be holding. The above is dealing with REG_DWORD. I would also like for REG_BINARY and REG_SZ. So essentially all subkeys that have "AutoInstallMinorUpdates" will in the end all have a data value of "0"

The reason I'm not just creating a reg file and adding it to the registry is because it changes with different registries for Win 10 i.e. you will find that the part with "S-1-5-21-2269125883-3665482506-1263715658-1001" in the key will be "S-1-5-33-4467675683-8649756947-1263715658-1001" in another different registry and so the value won't be changed if you just create a .reg file and add it to the different registries.

Can someone help me create this batch script?


See More: Batch script for win 10 registry to find and change details

Reply ↓  Report •

#1
October 30, 2017 at 14:16:39
And why aren't you using HKCU instead?

How To Ask Questions The Smart Way


Reply ↓  Report •

#2
October 31, 2017 at 10:30:18
I already got the HKCU strings all covered, it's the HKU ones that are tricky, they need some clever scanning and replacement of values. The HKU ones seem to be tied to the GPO (Group policy objects) which looks like the changes will also reflect in the gpedit.msc

message edited by Diregitaur


Reply ↓  Report •

#3
October 31, 2017 at 11:07:55
HKCU is an alias of the current user's (hence "CU") HKU entry. If you're expecting this script to affect the user running it, HKCU is the correct and easiest choice.

If this is part of an Active Directory environment, you really should be using Group Policy, which will handle it. If you're running this script against a remote machine, you should be looking at HKLM instead. Otherwise, you'll have to find which user registry hives are loaded, make your change, find out which users AREN'T logged in, mount their hives, make your change, and unload the hive so those users can log in.

How To Ask Questions The Smart Way


Reply ↓  Report •

Related Solutions

#4
November 2, 2017 at 11:17:13
@Razon 2.3

Your suggestion will not work for my case because some registry values are actually in the HKU only in Win 10. These values are Taskbarsmallicons, SubscribedContentXXXXEnabled, OemPreinstalledApps, RotatingLockScreenOverlayEnabled and a list of literally 87 other registry strings which I won't list here but just to make my point.

The total number of registry strings that I need modified are about 300 so your suggestion to use the group policy to do that is taking me backwards instead of providing a batch script that simplifies the problem. Does not make any sense why I should spend 3 hrs just configuring the registry whereas a batch script will do it in seconds. I will have direct access to the win machines so no remote handling will be needed.

Basically your suggestions in total are side-tracking my goal.


Reply ↓  Report •

#5
November 2, 2017 at 11:48:37
After doing some searching on here, you (Razor 2.3) came up with this which is very, very close to what I want. What changes can be made to make it fit my goal for win 10?


Roamingpreferredbandtype is a DWORD

Const nicName = "NicNameHere"
Const regPath = "SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}"
Set reg = GetObject("winmgmts:root\default:StdRegProv")
reg.EnumKey &H80000002, regPath, keys
For Each key In keys
key = regPath & "\" & key
If reg.GetStringValue(&H80000002, key, "DriverDesc", deviceName) = 0 _
And InStr(deviceName, nicName) Then _
reg.SetDWORDValue(&H80000002, key, "Roamingpreferredbandtype", 2)
Next 'key

message edited by Diregitaur


Reply ↓  Report •

#6
November 2, 2017 at 12:11:19
If you have 87 of these, maybe pick one that proves your point, and not mine?

Taskbarsmallicons - Hive: HKCU - http://blog.unlockforus.org/2012/05...
SubscribedContentXXXXEnabled - Hive: HKCU - https://winaero.com/blog/disable-we...
OemPreinstalledApps - Hive: HKCU - No public article available; found via quick search within regedit.
RotatingLockScreenOverlayEnabled - Hive: HKCU - https://garytown.com/windows-10-dis...

Look, I'm not pulling this information out of the ether. This comes from official Windows documentation: [HKEY_CURRENT_USER] makes it easier to establish the current user's settings; the key maps to the current user's branch in HKEY_USERS. (Emphasis not mine.)

How To Ask Questions The Smart Way


Reply ↓  Report •

#7
November 3, 2017 at 09:55:58
Apparently in the Win 10 pro I'm exploring, non of those settings are listed as described in mine. I'm using Win10_1709_eng_x64 and non of those described are there.

These are the locations of my keys in Win10_1709_eng_x64:-

HKU\S-1-5-21-2269125883-3665482506-1263715658-1001\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager /f /v SubscribedContent-338388Enabled /t REG_DWORD /d 0
HKU\S-1-5-21-2269125883-3665482506-1263715658-1001\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager /f /v SubscribedContent-310093Enabled /t REG_DWORD /d 0
HKU\S-1-5-21-2269125883-3665482506-1263715658-1001\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager /f /v ContentDeliveryAllowed /t REG_DWORD /d 0
HKU\S-1-5-21-2269125883-3665482506-1263715658-1001\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager /f /v PreInstalledAppsEverEnabled /t REG_DWORD /d 0
HKU\S-1-5-21-2269125883-3665482506-1263715658-1001\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager /f /v PreInstalledAppsEnabled /t REG_DWORD /d 0
HKU\S-1-5-21-2269125883-3665482506-1263715658-1001\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager /f /v OemPreInstalledAppsEnabled /t REG_DWORD /d 0
HKU\S-1-5-21-2269125883-3665482506-1263715658-1001\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager /f /v SilentInstalledAppsEnabled /t REG_DWORD /d 0

Those are just a few but in every new Win installation the numbers in "S-1-5-21-2269125883-3665482506-1263715658-1001" keeps changing randomly making your recommendation only applicable to one installation of win only which is not the Win 10 pro that I'm using. I actually tracked these keys using Regshot which tracks the change in the registry and shows you what key changed when you entered your preferred setting.

message edited by Diregitaur


Reply ↓  Report •

#8
November 3, 2017 at 20:39:42
"HKCU" replaces "HKU\S-1-5-21-2269125883-3665482506-1263715658-1001", or whatever it happens to be for that user.

I've never used Regshot before so I don't know how it works, and I'm not nearly drunk enough to consider going through its source to figure it out. That doesn't mean I can't guess. Returning results from both HKCU and HKU would lead to double the hits, with half of them being unwanted. So you have to filter out one of the views of the current user's hive. The best solution would be to filter out the duplicate HKU entries, but that'd require determining which HKU hive corresponded to the current HKCU, and that's work. Regshot's solution, it'd appear, would be to just ignore the existence of HKCU entirely, and report everything as if it came from HKU. It's not wrong, but it's not what I'd call right, either.

You're coming off as if your entire understanding of the situation comes from a single third party tool. You have a Windows box running, do you not? This box has regedit, does it not? Open it up and take a look! This thread has been going on for four days now. That's plenty of time for you to familiarize yourself with the basics of the Windows registry. If that's too easy, download and run Process Monitor to see the actual registry calls as they're made.

How To Ask Questions The Smart Way


Reply ↓  Report •

#9
November 4, 2017 at 09:09:47
Alright I agree about your sentiments on Regshots, though I saw it was also tracking 2 other similar keys with same values adjacent to the HKU in total making them 3 since one key seemed to be for the 32bit and the other 64bit entry. I'll do just as you have suggested (filter out....) and let you know if it works.

Reply ↓  Report •

Ask Question