231
T
hrough Windows
Script Host, you can manage the Windows Registry
and the Windows event logs. The registry stores configuration infor-
mation for the operating system, applications, services, and more.
By examining and changing registry information in scripts, you can recon-
figure a system so that it runs exactly the way you want it to.
The event logs
track essential processes on a system and can also be used in auditing sys-
tem activity. By examining event logs through scripts, you can analyze
system activity and monitor a system for problems.
Some of the scripts in this chapter are not fully working exam-
ples. The scripts may only highlight the syntax of how the com-
mands could be used in a complete script. Also, you may need to replace
registry paths with your own if you are trying the examples on your own
computer.
Working with the Windows Registry
The Windows Registry stores configuration settings. Through Windows
scripts, you can read, write, and delete registry entries. Because the registry
is essential to the proper operation of the operating system, you should only
make changes to the registry when you know how these changes will affect
the system. Improperly modifying the Windows Registry can cause serious
problems.
If the registry gets corrupted, you may have to reinstall the oper-
ating system. Always double-check registry scripts before running them,
and make sure that they do exactly what you intend.
NOTE
NOTE
Working with the Windows
Registry and Event Logs
IN THIS CHAPTER
Understanding the
Windows Registry
Reading and writing
Registry values
Working with Windows
event logs
Reading and writing event logs
86804c12.indd 231
86804c12.indd 231
1/21/09 1:26:53 PM
1/21/09 1:26:53 PM
232
Part
II
Windows VBScript and JScript
Before you edit the registry in any way, you should create or update the system’s existing
emergency repair disk. This way, if you make a mistake, you can recover the registry and
the system. Details on how to back up and restore the registry for Windows XP and Windows Vista can
be found in Microsoft knowledgebase article 322756 (http://support.microsoft.com/kb/322756
).
Understanding the registry structure
The registry stores configuration values for the operating system, applications, user settings, and
more. Registry settings are stored as keys and values. These keys and values are placed under a spe-
cific root key, which controls when and how the keys and values are used.
The root keys are summarized in Table 12-1. This table also shows the short name by which you
can reference the root key in a script. The three keys with short names are the ones you’ll work
with most often.
TABLE 12-1
Working with the Windows Registry and Event Logs
Short Name
Long Name
Description
HKCU
HKEY_CURRENT_USER
Controls configuration settings for the current user.
HKLM
HKEY_LOCAL_MACHINE
Controls system-level configuration settings.
HKCR
HKEY_CLASSES_ROOT
Configuration settings for applications and files. Ensures
the correct application is opened
when a file is started
through Windows Explorer or OLE.
-
HKEY_USERS
Stores default-user and other-user settings by profile.
-
HKEY_CURRENT_CONFIG
Contains information about the hardware profile being used.
Under the root keys, you’ll find the main keys that control system, user, and application settings.
These keys are organized into a tree structure where folders represent keys. For example, under
HKEY_CURRENT_USER\Software\Microsoft
, you’ll find folders for all Microsoft applications
installed by the current user. Under
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services
, you’ll find folders for all services installed on the computer. These folders are officially
referenced as keys.
Through Windows scripts, you change the values of existing keys or you can assign values to new
keys. Keys are
designated by a folder path; for example:
HKEY_LOCAL_MACHINE
\SYSTEM
\CurrentControlSet
\Services
\WINS
\Parameters
NOTE
NOTE
86804c12.indd 232
86804c12.indd 232
1/21/09 1:26:53 PM
1/21/09 1:26:53 PM
233
Working with the Windows Registry and Event Logs
12
Here, the key is
Parameters
. This key has values associated with it. Key values have three compo-
nents: a value name, a value type, and the actual value. In the following example, the value name is
DbFileNm
,
the type is
REG_EXPAND_SZ
, and the actual value is
%windir%\system32\wins\
wins.mdb
:
DbFileNm : REG_EXPAND_SZ : %windir%\system32\wins\wins.mdb
The DbFileNm
value controls the location of the WINS database on a Windows server.
Another useful value for controlling WINS is LogFilePath
, which controls the location
of WINS log fi les on a Windows server. This value is written as:
LogFilePath : REG_EXPAND_SZ : %windir%\system32\wins
For more information, see the section, “Managing WINS through Windows scripts.”
Key values are written by default as normal string values (type
REG_SZ),
but you can assign any of
these data types:
REG_BINARY
■
: Identifies a binary value. Binary values must be entered using base-2 (0 or 1
only).
REG_SZ
■
: Identifies a string value containing a sequence of characters.
REG_DWORD
■
: Identifies a
DWORD
value, which is composed
of hexadecimal data with a
maximum length of four bytes.
REG_MULTI_SZ
■
: Identifies a multiple string value.
REG_EXPAND_SZ
■
: Identifies an expandable string value, which is usually used with direc-
tory paths.
Reading registry keys and values
You can read registry values by passing the full path and name of a key to the
RegRead
method of
the
WshShell
object.
RegRead
then returns the value associated with the key. Listing 12-1 shows
how you can read the
DbFileNm
value.
LISTING 12-1
Reading the Windows Registry
VBScript
readkey.vbs
Set ws = WScript.CreateObject(“WScript.Shell”)
v=ws.RegRead(“HKLM\SYSTEM\CurrentControlSet\Services\WINS\Parameters\DbFileNm”)
WScript.Echo v
NOTE
NOTE
continued
86804c12.indd 233
86804c12.indd 233
1/21/09 1:26:54 PM
1/21/09 1:26:54 PM