DOWNLOAD THE CODE:
Download the Code 40714.zip

Understanding How the Script Works
As I mentioned previously, ApplyReg.vbs relies on several technologies to do its work. WSH 5.6 provides the engine that processes the script's code and provides some key objects, such as the WshArguments object, which passes the command-line parameters to the script, and the Regular Expression (RegExp) object, which evaluates registry strings. ADSI lets the script connect (i.e., bind) to AD and read each computer object's attributes. WMI lets the script bind to a remote registry and use StdRegProv to update the registry.

ApplyReg.vbs begins by defining several constants and global variables, then calls the CheckForCScript subroutine, which Web Listing 1 shows (http://www.winnetmag.com, InstantDoc ID 40714). This subroutine verifies that you're running the script with the CScript host. You must use CScript because WScript doesn't support the WScript object's StdOut property.

After verifying the host, the script sets the input file you specified with the /f parameter and the registry file you specified with the /r parameter to the strRptFileName and strRegFileName variables, respectively, as Web Listing 2 shows. (If you don't specify the /f and /r parameters when you launch ApplyReg.vbs, the script displays a message informing you that both parameters are necessary.) The script calls the SampleCommandLine function to display the command-line syntax, then terminates.

Next, ApplyReg.vbs uses the Script Runtime Library's Dictionary object to define the five registry root keys (e.g., HKEY_LOCAL_MACHINE, HKEY_CLASSES_ROOT) as constants. The script later uses these constants to access the registry keys and subkeys that the registry file specifies. Using the Dictionary object is a straightforward scripting operation, so I haven't included a listing for it. If you're unfamiliar with the Dictionary Object, see the Microsoft Developer Network (MSDN) documentation at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/script56/html/jsobjdictionary.asp.

ApplyReg.vbs creates a comma-separated value (CSV) report that you can view after the script runs. To uniquely name this report, the script uses the GenFileName function, which takes a filename (without the extension) as an input parameter (i.e., the prefix parameter). In this case, the prefix parameter is ApplyReg, as Web Listing 3 shows. GenFileName creates a unique filename by appending the date and time to the filename ApplyReg. For example, if you ran ApplyReg.vbs on April 16, 2003, at 11:43 a.m. and 53 seconds, GenFileName would generate a file named ApplyReg-030416-114353.csv. Note that the date follows the YYMMDD format. Callout A in Web Listing 3 shows the GenFileName function call. The rest of the code is the function itself.

Given the report name, ApplyReg.vbs creates an instance of the Script Runtime Library's FileSystemObject object, which the script uses to create, open, and write to the report. The script also uses this object to open the registry file for reading, as the code in Web Listing 4 shows.

ApplyReg.vbs creates a RegExp object to evaluate each line of the registry file. This evaluation lets the script determine whether it should create a registry key or a registry entry. A registry entry is a value name, a data type, and a value. If the script needs to create a registry entry, RegExp also determines the type of entry to make: String, Binary, DWORD, Expandable String, or Multi-String. The code in Web Listing 5 demonstrates how the script creates the RegExp object and sets that object's properties.

Before the registry file evaluation begins, ApplyReg.vbs calls the BindDN function to attempt an ADSI bind operation for each DN in the input file. BindDN takes as input one line from the input file at a time and returns a string of values, depending on the success or failure of various operations within the function, as Figure 2 shows.

Listing 1 shows the BindDN function. Notice how the function sets the BindDN output values that appear in Figure 2. In the case of BindDN = strDN||None||Invalid, which callout A in Listing 1 shows, the function doesn't find the DN in AD. Either the specified DN is invalid or the computer name has been deleted from AD. In the case of BindDN = strDN||strComptName||Host, which callout B in Listing 1 shows, the function finds the DN and sets the strComptName variable to the dNSHostName attribute (i.e., the computer's DNS host name). In the case of BindDN = strDN||strComptName||NetBIOS, which callout C in Listing 1 shows, the function finds the DN but doesn't set the dNSHostName attribute for the computer. Therefore, BindDN retrieves the cn attribute, which is mandatory for computer objects. The cn attribute is usually the computer's NetBIOS name.

Prev. page     1 2 [3] 4     next page



You must log on before posting a comment.

If you don't have a username & password, please register now.

Reader Comments

Can this same script be used to just reada remote registries and generate a report?

rsharma- November 25, 2003

Where is the link to the 40714.zip file referneced above. I can not find any such link.

Steven Sutherland- November 27, 2003

Enjoyed the article, I think ApplyReg.vbs could become(IS)a valuable utility. However, after I entered 40714 (Enter 40714 in the InstantDocID text box, click the Download the Code link) I'm unable to find this link on the page. What am I overlooking ?? My co-worker has the subscription and she doesn't see it either.

Michael Radzymski- December 03, 2003

I could not find the 'download the code' link mentioned in this article....

Dale- December 03, 2003

In what situation would you use ApplyReg.vbs, and how common is it use in networks.

lewis bailey- December 04, 2003

Since most environments are not strictly microsoft ad, how would you modify the script to use netbios names instead of using the fqdn?

Louis- January 08, 2004

<P>I very much enjoyed this article about updating remote registries. I am always looking for articles like this that show more advanced scripting because I write a lot of VBScripts. I reviewed ApplyReg.vbs and just want to make a couple of remarks. </P>

<P>When I write scripts that perform actions on a series of remote computers, I also have a function that checks whether the remote computer is reachable. Instead of using Ping and reading the output to determine whether the remote machine answered, I prefer to use the Win32_PingStatus WMI class, which is available in Windows XP and Windows Server 2003, for a couple of reasons. First, I think that this method is a more elegant approach to this task. Second, we work in an environment with computers in 5 different countries in Europe, all of which use their local language on their machines. Writing a script that reads the output of a command-line command is difficult when multiple languages are involved.</P>

The other thing I would like to mention is that NetBIOS or Fully Qualified Domain Names (FQDNs) are always easier to remember than distinguished names (DNs). I wrote scripts that used a text file with server NetBIOS names as the input file. I then used ADO to make an Active Directory (AD) search when I need the DN of the server. Because a small function looks up the DN, you don’t have to prepare the input file that you suggested with the DN already in the text file. Using a function to get the DN has another slight advantage: You can reuse the function in every script that requires a DN.

<P><B>A note from Ethan:</B> I’m aware of the Win32_PingStatus class, and I agree with you that this is the best approach. Just to give you some history, I specifically choose the approach I took because the Windows Resource Kit team originally asked me to write these scripts and the team told me that I must make the tool work in a pure Windows 2000 environment. I couldn't even rely on having a Windows XP client for running the script. As a result, I went with the non-localized approach of reading the "reply from..." message. Your approach is much better when you can assume that one client is running Windows XP.</P> <P>You make another great point about using DNs instead of FQDNs or NetBIOS names in the script. Again, a little history is in order. The goal was to take the output from another script as the input for the ApplyReg script. The output from the other script was the DNs of all domain controllers in a domain. If you get a chance, take a look at the two white papers that I reference in the article. The scripts, including ApplyReg, were written specifically to support the security goals delineated in the white paper.</P>

Stefan- January 22, 2004

Hi! I´ve enjoyed a lot reading this article because it helped me very much. I just have one question to make to you that is what if a computer in my network is not available at the time i´m updating the registry´s, the script creates a loop that when the machine is available it sends the new keys or if not how can i resolve this issue???

Thanks a lot!!!

Mario Raposo- March 03, 2004

Can this script be used to change permissions on reg keys?

JC- May 18, 2004

Ethan--excellent script, I am now using it all the time.

One problem however... When the CreateDWORD subroutine converts the hex value using CInt, it can't handle large numbers. For example, it will fail converting the hex value '00010000', and therefore will not write that value to the registry. I resolved this by changing CInt to CLng.

mvanwely- August 19, 2004

Article Rating 5 out of 5

I cant find your sample AAA123Test!!!.reg

Can u direct me there?

Anonymous User- January 03, 2005

Overkill, for what is essentially a very simple procedure

Anonymous User- January 20, 2005

Article Rating 1 out of 5

I am getting the following error "Report records processed: C:\Documents and Settings\spilmanr\My Documents\Tools\Remote Registry Tool\apply reg.vbs(469, 3) Microsoft VBScript runtime error: Invalid procedure call or argu ment: 'Mid'"

Anyone help?

Anonymous User- August 17, 2005

Article Rating 5 out of 5

 
 

ADS BY GOOGLE