Script to Search and Delete Registry Keys?
Paul Rubin
I'm wondering if there is a way to create a script that will search
the Registry for any Keys and Values that contain a specific string,
and then delete them. It would be handy to delete all the subkeys and
values beneath a found Key as well.
Any ideas?
Sincerely,
Paul Rubin
pru...@equilter.com
Torgeir Bakken (MVP)
> I'm wondering if there is a way to create a script that will search
> the Registry for any Keys and Values that contain a specific string,
> and then delete them. It would be handy to delete all the subkeys and
> values beneath a found Key as well.
Hi
Here is one that does that for key names at least:
http://groups.google.com/groups?selm=40311EEB.BC67D1FE%40hydro.com
--
torgeir
Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of the 1328 page
Scripting Guide: http://www.microsoft.com/technet/scriptcenter
Paul Rubin
I have a couple of questions on this script:
1. How do you define the starting variable to search the entire
registry?
2. Does the script find all instances of the keyword, even if the
keynames are longer than the keyword supplied? In other words, if the
keyword is 'Test_Key', will it delete keynames, 'Test_Key_Long' and
'Long_Test_Key' ?
Thanx,
Paul Rubin
pru...@equilter.com
"Torgeir Bakken (MVP)" <Torgeir.B...@hydro.com> wrote in message news:<403B58D6...@hydro.com>...
Torgeir Bakken (MVP)
> Thank you Torgeir,
>
> I have a couple of questions on this script:
>
> 1. How do you define the starting variable to search the entire
> registry?
You will need to specify and make a callout to every hive, HKEY_LOCAL_MACHINE,
HKEY_CURRENT_USER and HKEY_USERS (you don't need to add HKEY_CLASSES_ROOT
if you include HKEY_LOCAL_MACHINE because it is just an alias for the
HKEY_LOCAL_MACHINE\SOFTWARE\Classes key)
Note that if you have Win2k SP4, you will need this hotfix to be able
to access HKEY_USERS:
Cannot Use WMI to Query HKEY Users After You Install SP4
http://support.microsoft.com/?id=817478
Set sStartKeyPath to "" to do a search from the root of the hive.
So to search and delete all keys with the name "Test_Key" in all
registry branches, you can do like this:
'Constants for WMI StdRegProv
Const HKCU = &H80000001
Const HKLM = &H80000002
Const HK_USERS = &H80000003
sStartKeyPath = ""
sKey = "Test_Key"
Set oReg = GetObject _
("WinMgmts:{impersonationLevel=impersonate}!//./root/default:StdRegProv")
SearchAndDeleteRegistryKey HKCU, sStartKeyPath, sKey
SearchAndDeleteRegistryKey HKLM, sStartKeyPath, sKey
SearchAndDeleteRegistryKey HK_USERS, sStartKeyPath, sKey
> 2. Does the script find all instances of the keyword, even if the
> keynames are longer than the keyword supplied? In other words, if the
> keyword is 'Test_Key', will it delete keynames, 'Test_Key_Long' and
> 'Long_Test_Key' ?
No, the test I use will only be true for a case insensitive exact match:
If LCase(Right(sStartKeyPath, Len(sKey) + 1)) = "\" & LCase(sKey) Then
If you want to delete keys based on a substring hit, substitute the line
above with the two following lines:
aTmpPath = Split(sStartKeyPath, "\")
If InStr(1, aTmpPath(UBound(aTmpPath)), sKey, vbTextCompare) > 0 Then
Paul Rubin
I tried the code below, however it doesn't seem to delete the registry
entries! It does seem to be doing something, as the hard drive runs
when the vbs file is launched. Any ideas?
Sincerely,
Paul Rubin
pru...@equilter.com
'Constants for WMI StdRegProv
Const HKCU = &H80000001
Const HKLM = &H80000002
Const HK_USERS = &H80000003
sStartKeyPath = ""
sKey = "Symantec"
Set oReg = GetObject _
("WinMgmts:{impersonationLevel=impersonate}!//./root/default:StdRegProv")
SearchAndDeleteRegistryKey HKCU, sStartKeyPath, sKey
SearchAndDeleteRegistryKey HKLM, sStartKeyPath, sKey
SearchAndDeleteRegistryKey HK_USERS, sStartKeyPath, sKey
Sub SearchAndDeleteRegistryKey(ByVal sHive, ByVal sStartKeyPath, ByVal
sKey)
Dim aSubKeys, sSubKey, iRC
On Error Resume Next
iRC = oReg.EnumKey(sHive, sStartKeyPath, aSubKeys)
If iRC = 0 And IsArray(aSubKeys) Then
For Each sSubKey In aSubKeys
If Err.Number <> 0 Then
Err.Clear
Exit Sub
End If
SearchAndDeleteRegistryKey sHive, sStartKeyPath & "\" & sSubKey,
sKey
Next
End If
aTmpPath = Split(sStartKeyPath, "\")
If InStr(1, aTmpPath(UBound(aTmpPath)), sKey, vbTextCompare) > 0
Then
DeleteRegistryKey sHive, sStartKeyPath
End If
End Sub
Sub DeleteRegistryKey(ByVal sHive, ByVal sKey)
Dim aSubKeys, sSubKey, iRC
On Error Resume Next
iRC = oReg.EnumKey(sHive, sKey, aSubKeys)
If iRC = 0 And IsArray(aSubKeys) Then
For Each sSubKey In aSubKeys
If Err.Number <> 0 Then
Err.Clear
Exit Sub
End If
DeleteRegistryKey sHive, sKey & "\" & sSubKey
Next
End If
oReg.DeleteKey sHive, sKey
End Sub
"Torgeir Bakken (MVP)" <Torgeir.B...@hydro.com> wrote in message news:<403BD41E...@hydro.com>...
Torgeir Bakken (MVP)
> Hi Torgeir and thank you for your kind reply.
> I tried the code below, however it doesn't seem to delete the registry
> entries! It does seem to be doing something, as the hard drive runs
> when the vbs file is launched. Any ideas?
Hi
Here is a bug fixed version, I have added a message box as well that
will tell how long time the script used (it will take some time to go
through the whole registry).
' Script that will do a substring search in all key names
' for the string in the variable sKey and delete the key
' if the string is found.
'
' You can set a key path in the variable sStartKeyPath if
' you want to limit the search to a specific registry branch.
'
'Constants for WMI StdRegProv
Const HKCU = &H80000001
Const HKLM = &H80000002
Const HK_USERS = &H80000003
sStartKeyPath = ""
sKey = "Test_Key"
Set oReg = GetObject _
("WinMgmts:{impersonationLevel=impersonate}!//./root/default:StdRegProv")
sStart = Now
SearchAndDeleteRegKey HKCU, sStartKeyPath, sKey
SearchAndDeleteRegKey HKLM, sStartKeyPath, sKey
SearchAndDeleteRegKey HK_USERS, sStartKeyPath, sKey
MsgBox "Finished in " & DateDiff("n", sStart, Now) & " minutes", _
vbSystemModal, "SearchAndDelete"
Sub SearchAndDeleteRegKey(ByVal sHive, ByVal sStartKeyPath, ByVal sKey)
Dim aSubKeys, sSubKey, iRC
If sStartKeyPath = "" Then
sDelim = ""
Else
sDelim = "\"
End If
On Error Resume Next
iRC = oReg.EnumKey(sHive, sStartKeyPath, aSubKeys)
If iRC = 0 And IsArray(aSubKeys) Then
For Each sSubKey In aSubKeys
If Err.Number <> 0 Then
Err.Clear
Exit Sub
End If
SearchAndDeleteRegKey sHive, sStartKeyPath & sDelim & sSubKey, sKey
Next
End If
If InStr(sStartKeyPath, "\") > 0 Then
aTmpPath = Split(sStartKeyPath, "\")
If InStr(1, aTmpPath(UBound(aTmpPath)), sKey, vbTextCompare) > 0 Then
DeleteRegistryKey sHive, sStartKeyPath
End If
End If
End Sub
Sub DeleteRegistryKey(ByVal sHive, ByVal sKey)
Dim aSubKeys, sSubKey, iRC
On Error Resume Next
iRC = oReg.EnumKey(sHive, sKey, aSubKeys)
If iRC = 0 And IsArray(aSubKeys) Then
For Each sSubKey In aSubKeys
If Err.Number <> 0 Then
Err.Clear
Exit Sub
End If
DeleteRegistryKey sHive, sKey & "\" & sSubKey
Next
End If
oReg.DeleteKey sHive, sKey
End Sub
Paul Rubin
and I'll let you know!
Sincerely,
Paul Rubin
pru...@equilter.com
"Torgeir Bakken (MVP)" <Torgeir.B...@hydro.com> wrote in message news:<403F9A40...@hydro.com>...
Paul Rubin
minutes to run, it doesn't delete the registry items that contain the
keyword supplied in the variable. Also, it doesn't display any message
box when finished.
Please advise,
Sincerely,
Paul Rubin
pru...@equilter.com
"Torgeir Bakken (MVP)" <Torgeir.B...@hydro.com> wrote in message news:<403F9A40...@hydro.com>...
> Paul Rubin wrote:
Paul Rubin
minutes to run, it doesn't delete the registry items that contain the
keyword supplied in the variable. Also, it doesn't display any message
box when finished.
Please advise,
Sincerely,
Paul Rubin
pru...@equilter.com
"Torgeir Bakken (MVP)" <Torgeir.B...@hydro.com> wrote in message news:<403F9A40...@hydro.com>...
Torgeir Bakken (MVP)
> Hi again Torgeir, I tried the script, and while it takes several
> minutes to run, it doesn't delete the registry items that contain the
> keyword supplied in the variable. Also, it doesn't display any message
> box when finished.
Hi
What OS and SP level does the computer have?
The script works fine on my WinXP computer, deleting all keys that
have the specified text in it. The messagebox popped up, and the
script used 22 minutes to finish.
On a Win2k SP3 computer, the script deleted all the keys (in all
three registry branches HKCU, HKLM and HK_USERS, but it doesn't
look like it will finish. It has deleted a key near the end of
the registry, but it still ran a couple of hours after that.
I will let it run over the night and see if it has stopped then.
--
torgeir
Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of the 1328 page
Scripting Guide: http://www.microsoft.com/technet/community/scriptcenter/default.mspx
Torgeir Bakken (MVP)
> Paul Rubin wrote:
>
> > Hi again Torgeir, I tried the script, and while it takes several
> > minutes to run, it doesn't delete the registry items that contain the
> > keyword supplied in the variable. Also, it doesn't display any message
> > box when finished.
>
> Hi
>
> What OS and SP level does the computer have?
>
> The script works fine on my WinXP computer, deleting all keys that
> have the specified text in it. The messagebox popped up, and the
> script used 22 minutes to finish.
>
> On a Win2k SP3 computer, the script deleted all the keys (in all
> three registry branches HKCU, HKLM and HK_USERS, but it doesn't
> look like it will finish. It has deleted a key near the end of
> the registry, but it still ran a couple of hours after that.
> I will let it run over the night and see if it has stopped then.
Hi
The script was still running 8 hours later. Instead of terminating
the script, I stopped the WMI service, then script did finish and
the messagebox popped up.
Conclusion of my experience with this script:
Works fine for WinXP (a 22 minutes run to finish).
On Win2k SP3, all registry keys are deleted within approximately the
same time as WinXP, but after that, the script goes into an eternal
hibernation until the WMI service is stopped.
Paul Rubin
I'm running WinXP Service Pack 1.
Perhaps there's a test we could devise, by manually adding a few keys
and then running the script? Let me know what you think.
Sincerely,
Paul Rubin
"Torgeir Bakken (MVP)" <Torgeir.B...@hydro.com> wrote in message news:<40468681...@hydro.com>...
NotMyReal.Name
I wish I could go into an eternal hibernation.....
..... No I don't! EternalHibernation = DeadHedgehog
Torgeir Bakken (MVP)
> Thanks Torgeir,
>
> I'm running WinXP Service Pack 1.
> Perhaps there's a test we could devise, by manually adding a few keys
> and then running the script? Let me know what you think.
Hi
It looks like using WMI's StdRegProv for this is too unreliable, so here
is a totally redesigned version that uses regedit.exe and findstr.exe,
and it is much quicker as well (used less than a minute for me). Note
that I haven't tested it very much, so be a bit careful.
The script uses regedit.exe to export the registry to a file, then
findstr.exe (with regular expression) to find all relevant lines and
redirect them to a file., Then the script creates a registry file on
the fly, adding a "-" on the keys that is to be deleted. Then it is
just to import this registry file to delete the keys.
Here is what is needed in a registry file to delete a key or value:
Delete key:
[-HKEY_LOCAL_MACHINE\SOFTWARE\Brix\Testapp2]
Delete value:
[HKEY_LOCAL_MACHINE\SOFTWARE\Brix\Testapp2]
"Test"=-
' Script that will do a substring search in all key names
' for the string in the variable sKey and delete the key
' if the string is found.
'
' You can set a key path in the variable sStartKeyPathx if
' you want to limit the search to a specific registry branch.
' Adjust callouts to sStartKeyPath1/2/3 as you see fit
Const OpenAsASCII = 0
Const FailIfNotExist = 0
Const ForReading = 1
Const OverwriteIfExist = -1
sStartKeyPath1 = "HKEY_CURRENT_USER"
sStartKeyPath2 = "HKEY_LOCAL_MACHINE"
sStartKeyPath3 = "HKEY_USERS"
sKey = "Test_Key"
Set oShell = CreateObject("WScript.Shell")
Set oFSO = CreateObject("Scripting.FileSystemObject")
' get a temporary registry file name
sTempFile = oFSO.GetSpecialFolder(2).ShortPath & "\" & oFSO.GetTempName
sStart = Now
ExportRegistry sStartKeyPath1, sTempFile
CreateAndRunRegistryFile sKey, sTempFile
ExportRegistry sStartKeyPath2, sTempFile
CreateAndRunRegistryFile sKey, sTempFile
ExportRegistry sStartKeyPath3, sTempFile
CreateAndRunRegistryFile sKey, sTempFile
' delete temp file
If oFSO.FileExists(sTempFile) Then
oFSO.DeleteFile sTempFile
End If
MsgBox "Finished in " & DateDiff("n", sStart, Now) & " minutes", _
vbSystemModal, "SearchAndDelete"
Sub ExportRegistry(sStartKey, sFile)
If Trim(sKey) = "" Then
' export the complete registry
sCmd = "regedit.exe /S /E:A """ & sFile & """"
Else
' export the registry key to a file
sCmd = "regedit.exe /S /E:A """ & sFile & """ " & """" & sStartKey & """"
End If
oShell.Run sCmd, 0, True
End Sub
Sub CreateAndRunRegistryFile(sString, sInFile)
sOutFile = oFSO.GetSpecialFolder(2).ShortPath & "\" & oFSO.GetTempName
' find all string starting with [ and ends with ], and that
' also contains at least one bachslash in addition to the
' text in the variable sString
sCmd = "%comspec% /c findstr.exe " _
& "/i /r ""^\[.*\\.*" & sString & ".*\]$"" """ _
& sInFile & """ >""" & sOutFile & """"
oShell.Run sCmd, 0, True
Set fFile = oFSO.OpenTextFile(sOutFile, ForReading, _
FailIfNotExist, OpenAsASCII)
sResult = ""
On Error Resume Next
sResult = fFile.ReadAll
fFile.Close
oFSO.DeleteFile sOutFile
On Error Goto 0
If sResult <> "" Then
Set fRegFile = oFSO.CreateTextFile(sOutFile, _
OverwriteIfExist, OpenAsASCII)
fRegFile.WriteLine "REGEDIT4" & vbCrLf
aResult = Split(sResult, vbCrLf)
For i = 0 To UBound(aResult)
sLine = aResult(i)
' do the same tests as the regexp in findstr just in case.
If InStr(1, sLine, sString, vbTextCompare) > 0 _
And Left(sLine, 1) = "[" And Right(sLine, 1) = "]" Then
sLine = "[-" & Mid(sLine, 2)
fRegFile.WriteLine sLine
End If
Next
fRegFile.WriteLine vbCrLf ' add two blank lines at the end
fRegFile.Close
sCmd = "regedit.exe /s """ & sOutFile & """"
oShell.Run sCmd, 0, True
End If
If oFSO.FileExists(sOutFile) Then
oFSO.DeleteFile sOutFile
End If
End Sub
Paul Rubin
I tried the script, and it runs in less than a minute, and it properly
displays the dialog box when finished. However it doesn't delete all
the Keys and String Values. For instance, I use the keyword,
"Symantec", and these keys (and some others) remain after running the
vbs:
HKEY_CLASSES_ROOT\CLSID\{00020906-0000-0000-C000-000000000046}\InProcServer32:
C:\Program Files\Common Files\Symantec Shared\Script
Blocking\ScrBlock.dll
HKEY_CLASSES_ROOT\CLSID\{03E0E6C2-363B-11D3-B536-00902771A435}\LocalServer32:
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
HKEY_CLASSES_ROOT\CLSID\{06290BD5-48AA-11D2-8432-006008C3FBFC}\InprocServer32:
C:\Program Files\Common Files\Symantec Shared\Script
Blocking\ScrBlock.dll
Any other ideas?
Sincerely,
Paul Rubin
pru...@equilter.com
"Torgeir Bakken (MVP)" <Torgeir.B...@hydro.com> wrote in message news:<404A9151...@hydro.com>...
Torgeir Bakken (MVP)
> Hi Torgeir,
>
> I tried the script, and it runs in less than a minute, and it properly
> displays the dialog box when finished. However it doesn't delete all
> the Keys and String Values. For instance, I use the keyword,
> "Symantec", and these keys (and some others) remain after running the
> vbs:
>
> HKEY_CLASSES_ROOT\CLSID\{00020906-0000-0000-C000-000000000046}\InProcServer32:
> C:\Program Files\Common Files\Symantec Shared\Script
> Blocking\ScrBlock.dll
>
> HKEY_CLASSES_ROOT\CLSID\{03E0E6C2-363B-11D3-B536-00902771A435}\LocalServer32:
> C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
>
> HKEY_CLASSES_ROOT\CLSID\{06290BD5-48AA-11D2-8432-006008C3FBFC}\InprocServer32:
> C:\Program Files\Common Files\Symantec Shared\Script
> Blocking\ScrBlock.dll
>
> Any other ideas?
Hi
The script will only delete keys containing the text "Symantec".
It does not look for values containing that text.
--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
NotMyReal.Name
on fairly new 2003 test server.. I shall be using this a lot!!
Thanx...
"Torgeir Bakken (MVP)" <Torgeir.B...@hydro.com> wrote in message news:<404A9151...@hydro.com>...
Paul Rubin
values containing the search text?
Sincerely,
Paul Rubin
pru...@equilter.com
"Torgeir Bakken \(MVP\)" <Torgeir.B...@hydro.com> wrote in message news:<exMoXQ8D...@TK2MSFTNGP10.phx.gbl>...
Torgeir Bakken (MVP)
> "Torgeir Bakken \(MVP\)" wrote:
>
>> The script will only delete keys containing the text "Symantec".
>> It does not look for values containing that text.
>
> Thank you Torgeir, is there any way to have the script also
> delete any values containing the search text?
Hi
It should be possible, but you will need to add a lot more logic to
the parsing of the exported registry file. This part I have no time
to look into right now.
Paul Rubin
Thank you,
Paul Rubin
pru...@equilter.com
"Torgeir Bakken \(MVP\)" <Torgeir.B...@hydro.com> wrote in message news:<OaUKEJmE...@TK2MSFTNGP12.phx.gbl>...
jirku...@gmail.com
Sorry to bother you but is there at this time any user friendly solution in a way of program which would do such action??
R.Wieser
I hope you do erealize that the post you have tagged yours to is 14 *years*
old ? Not much chance that the OP will be reading yours anymore ...
But on to your question:
> in a way of program which would do such action??
Explanation:
1) Allowing a user to enter any word and than use it to delete whole
branches from the registry is asking for a lot of hurt. Just imagine the
user entering "software" ...
2) Using a *scripting* language allows a user to (inadvertedly?) change it,
and with the smallest mistake hurt himself even more. :-(
In short, there is nothing "user friendly" about what you are asking.
And in the case you are asking for a VBScript which can crawl the registry
tree, yes, thats possible. But what did you already try yourself ? We're
here to *help* you so that you can learn, not to write such scripts for you
for free ...
Also, google for "vbscript registry iterate" (without the double quotes).
There seem to be quite a number of StackOverflow examples available.
Regards,
Rudy Wieser
<jirku...@gmail.com> wrote in message
news:e75c66e5-ce34-4564...@googlegroups.com...