Reading Entry Values and Types

Microsoft® Windows® 2000 Scripting Guide

The registry is filled with interesting and useful information about Windows-based computer systems, including a wealth of information about the services and applications installed on those systems.

In many cases, you can use system administration tools such as MMC plug-ins to browse registry values. These tools use registry values as the source of much of the information they provide, and thus allow you to read registry values indirectly.

There are, however, a number of useful registry values that cannot be viewed using the system administration tools included with Windows 2000. In addition, even when a tool allows you to view the registry values you are interested in, the tool might not allow you to easily view those same values across a large number of computers. For example, a security bulletin might alert you to a registry entry on servers that, if not configured properly, could leave your network vulnerable. Using a script to verify this registry value on all your servers would be much faster than attempting to verify the value one computer at a time using an application such as Regedit.

Although you can script the reading of registry values in a number of ways, a powerful approach is to use the WMI Registry Provider. The Registry Provider includes five different methods for reading registry values, with each method used to read a different data type. These five methods include:

  • GetBinaryValue

  • GetDWORDValue

  • GetExpandedStringValue

  • GetMultiStringValue

  • GetStringValue

Each of these methods will be demonstrated in this section of the chapter.

Using the Registry Provider to Read Registry Entries

The fact that there are five different methods for reading the registry might seem a bit daunting at first. Fortunately, each of these methods uses the same four parameters:

  • The subtree (such as HKEY_LOCAL_MACHINE) that contains the value being read. This must be set to one of the hexadecimal values shown in Table 16.3.

  • The path to the registry entry (for example, CurrentControlSet\Services).

  • The name of the value being read. Specify an empty string ("") to read the default value.

  • An "out" parameter, a variable that contains the value read from the registry. To display the returned value on screen, simply echo this variable.

In this chapter, variables and constants are configured for use as the method parameters. This is done to reduce the size of individual lines of code, particularly those that require long registry paths. For example, a constant for the subtree and variables for the path and value name might be configured within a script similar to this:

Const HKEY_LOCAL_MACHINE = &H80000002
strKeyPath = "SOFTWARE\Microsoft\Windows Script Host\Settings"
strEntryName = "TrustPolicy"

The resulting call to the GetDWORDValue method thus looks like this, with the call fitting on a single line:

objReg.GetStringValue HKEY_LOCAL_MACHINE, strKeyPath, strEntryName, strValue

Without using variables and constants to represent the parameter values, this same method would look like this, requiring at least two lines of code:

objReg.GetStringValue &H8000000, _
"SOFTWARE\Microsoft\Windows Script Host\Settings" , "TrustPolicy" ,strValue