• This article is only available to VIP subscribers. Sign up now and get instant access!
  • [February 12, 2004]
  • Querying Installed Software Remotely
  • Perform simple software audits easily and quickly
  • By:  Steve Seguis
  • Feature
  • InstantDoc #41505
  • Web Exclusive from Windows IT Pro
DOWNLOAD THE CODE:
Download the Code 41505.zip

Administrators perform software audits to ensure that licensing agreements are followed, detect unauthorized software, and prepare for upgrades and migrations. To facilitate software audits, you can install a variety of third-party utilities and agents, some of which, in addition to gathering a list of installed software, can also collect information, such as the amount of free disk space, service status, and BIOS version, and even deploy software. However, at times you might want to remotely determine which software is installed on a workstation or server. The Control Panel Add/Remove Programs applet looks at one registry subkey (and its values), and you can query this subkey to display a list of installed applications. The script QueryInstalledSoftware.cmd, which Listing 1 shows, uses this querying process to easily and quickly perform a low-cost software audit.

Using Reg.exe to Query the Subkey
The HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall subkey contains the values that Add/Remove Programs uses to display a computer's installed software. You can use the reg.exe utility to remotely query this subkey. (Reg.exe used to be part of the Microsoft Windows NT 4.0 Resource Kit but now is part of Windows 2000 Support Tools.) You can also use reg.exe to locally and remotely add, delete, and update subkeys from the command line. The Uninstall subkey contains values that represent applications and contain information such as software name, installation source, and uninstall string. The displayname value contains the software name that Add/Remove Programs displays. To use reg.exe to query the subkey, you can type the following command on the command line:

Reg Query HKLM\SOFTWARE   Microsoft\Windows   CurrentVersion\Uninstall
   /S \\compname

(Although this command appears on several lines here, you would enter it on one line on the command line. The same holds true for the other multiline commands in this article.) This command outputs all the Uninstall subkey values for the specified computer (compname). Because you don't need all this output, you can massage the output to display only the displayname values. The simplest way to do this is to pipe the output of the Reg Query command to the Find command:

Reg Query HKLM\SOFTWARE   Microsoft\Windows   CurrentVersion\Uninstall
   /S \\compname | Find /I 
   "displayname"

Although this output is a significant improvement over the raw output of the Reg Query command, the output also displays quietdisplayname values. Add/Remove Programs doesn't show quiet display names because they're either intermediate programs or dependent modules of other programs. Because you typically won't be interested in these values, you can pipe the output once again to the Find command, this time using the /V and /I switches with the quietdisplayname parameter:

Reg Query HKLM\SOFTWARE   Microsoft\Windows   CurrentVersion\Uninstall
   /S \\compname | Find /I
   "displayname" | Find /V /I
   "quietdisplayname"

This command sequence excludes from the output any lines that contain quietdisplayname. Figure 1 shows an example of what this command's output looks like.

You can use this command sequence to obtain the output you need, but using a script instead is a good idea for two reasons. First, the command sequence is fairly long and is tedious to type each time you want to obtain the output. Second, you can use a script to manipulate the output so that only the actual display names appear on the screen. In other words, you can suppress the REG_SZ DisplayName part of the output.

To run the script, you use the syntax

QueryInstalledSoftware.cmd

   computername

where computername is the name of the computer you want to query. Because the script uses the computer's name several times, the script stores this value in the targetcomp variable to make the script more legible. To avoid unnecessary waiting, the script uses the Nbtstat command to determine whether the specified computer name is available on the network, as the code at callout A in Listing 1 shows. If the script can't connect to that computer, it informs the user and quits immediately.

The next part of the script involves running the Reg Query command sequence. The For command is a good way to split columns of data. If you look at the command sequence's output in Figure 1, you'll see that it contains three columns, with the application name displayed in the third column. By default, the For command uses white space (i.e., spaces and tabs) as delimiters, which is a problem if you want to single out the third column. By default, the For command treats only the third word as the third column. Take, for example, the first line of output in Figure 1. The third column lists Microsoft Office XP Professional, but the For command understands the third column (or token, in For command lingo) to only be the word Microsoft. To actually display the entire string Microsoft Office XP Professional, you need to use the third, fourth, fifth, and sixth tokens when you echo the string.

   Prev. page   [1] 2     next page



You must log on before posting a comment.

If you don't have a username & password, please register now.

Reader Comments

<P>The XP version of reg.exe does query the registries of remote computers. The syntax is \\computer\FullKey. Only HKLM and HKU are available on remote computers.</P>

Eric Case- February 17, 2004

<P>Just FYI. The WXP vergion of REG.EXE does allow you to query remote machines. It just has a slightly different syntax. Instead of <BR> <BR> <DD>Reg query HKLM\.... \\%machine%<BR> <BR>it is expecting <BR> <BR> <DD>Reg query \\%machine%\HKLM\....<BR> <BR> Same as the version that comes with W2K resource kit.</P>

Eric J. Wang- February 18, 2004

<P>I keep getting the following error when I run this program: <I>Installed Software for *machine name*. The syntax of the command is incorrect.</I> I believe the code in callout B in QueryInstalledSoftware.cmd is in error but I just can't "see" the actual error.</P> <P><B>A note from Steve:</B> Without more information, it's hard to tell whether there’s an error with the code or if the code was copied incorrectly. If you email me (steve@seguis.com) a copy of the script you’re using and the command you’re typing to execute the script, I should be able to find out. </P>

B. Nicholl- March 05, 2004

<P>If you change the code:<BR> <BR> <DD>If %ERRORLEVEL% EQU 0 Echo %targetcomp% is <BR> <DD>unavailable at this time & Goto :EOF<BR> <BR> to <BR> <BR> <DD>If %ERRORLEVEL% EQU 1 Echo %targetcomp% is <BR> <DD>unavailable at this time & Goto :EOF <BR> <BR> it's going to continue the script.</P>

Gustavo Pinto- March 16, 2004

<P>This is the right command-line code to get remote computer info <BR> <BR> <DD>For /f "tokens=1,2,*" %%i in <BR> <DD>('Reg Query \\%targetcomp%\HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall <BR> <DD> /S ^| Find /I "DisplayName" ^| Find /V /I "Quiet"')</P>

Gustavo Pinto- March 16, 2004

for /f "tokens=*" %%a in ('reg query hklm\software\microsoft\windows\currentversion\uninstall') do ( for /f "tokens=*" %%b in ('reg query %%a /v displayname ^| find "displayname" /I') do echo "%%b")

browolf- May 24, 2006

Article Rating 5 out of 5

Having made the changes noted by Gustavo, I still get a "syntax of the command is incorrect" error running the batch. However, if I run the 'Reg Query...' component on it's own at the command prompt, I get output.

I'm really not sure what's wrong!

nqetech- February 28, 2008

Article Rating 5 out of 5