Administrators perform software audits to ensure that licensing agreements are followed, detect unauthorized software, and prepare for upgrades and migrations. To facilitate software audits, you can install a variety of third-party utilities and agents, some of which, in addition to gathering a list of installed software, can also collect information, such as the amount of free disk space, service status, and BIOS version, and even deploy software. However, at times you might want to remotely determine which software is installed on a workstation or server. The Control Panel Add/Remove Programs applet looks at one registry subkey (and its values), and you can query this subkey to display a list of installed applications. The script QueryInstalledSoftware.cmd, which Listing 1 shows, uses this querying process to easily and quickly perform a low-cost software audit.
Using Reg.exe to Query the Subkey
The HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall subkey contains the values that Add/Remove Programs uses to display a computer's installed software. You can use the reg.exe utility to remotely query this subkey. (Reg.exe used to be part of the Microsoft Windows NT 4.0 Resource Kit but now is part of Windows 2000 Support Tools.) You can also use reg.exe to locally and remotely add, delete, and update subkeys from the command line. The Uninstall subkey contains values that represent applications and contain information such as software name, installation source, and uninstall string. The displayname value contains the software name that Add/Remove Programs displays. To use reg.exe to query the subkey, you can type the following command on the command line:
Reg Query HKLM\SOFTWARE Microsoft\Windows CurrentVersion\Uninstall
/S \\compname
(Although this command appears on several lines here, you would enter it on one line on the command line. The same holds true for the other multiline commands in this article.) This command outputs all the Uninstall subkey values for the specified computer (compname). Because you don't need all this output, you can massage the output to display only the displayname values. The simplest way to do this is to pipe the output of the Reg Query command to the Find command:
Reg Query HKLM\SOFTWARE Microsoft\Windows CurrentVersion\Uninstall
/S \\compname | Find /I
"displayname"
Although this output is a significant improvement over the raw output of the Reg Query command, the output also displays quietdisplayname values. Add/Remove Programs doesn't show quiet display names because they're either intermediate programs or dependent modules of other programs. Because you typically won't be interested in these values, you can pipe the output once again to the Find command, this time using the /V and /I switches with the quietdisplayname parameter:
Reg Query HKLM\SOFTWARE Microsoft\Windows CurrentVersion\Uninstall
/S \\compname | Find /I
"displayname" | Find /V /I
"quietdisplayname"
This command sequence excludes from the output any lines that contain quietdisplayname. Figure 1 shows an example of what this command's output looks like.
You can use this command sequence to obtain the output you need, but using a script instead is a good idea for two reasons. First, the command sequence is fairly long and is tedious to type each time you want to obtain the output. Second, you can use a script to manipulate the output so that only the actual display names appear on the screen. In other words, you can suppress the REG_SZ DisplayName part of the output.
To run the script, you use the syntax
QueryInstalledSoftware.cmd
computername
where computername is the name of the computer you want to query. Because the script uses the computer's name several times, the script stores this value in the targetcomp variable to make the script more legible. To avoid unnecessary waiting, the script uses the Nbtstat command to determine whether the specified computer name is available on the network, as the code at callout A in Listing 1 shows. If the script can't connect to that computer, it informs the user and quits immediately.
The next part of the script involves running the Reg Query command sequence. The For command is a good way to split columns of data. If you look at the command sequence's output in Figure 1, you'll see that it contains three columns, with the application name displayed in the third column. By default, the For command uses white space (i.e., spaces and tabs) as delimiters, which is a problem if you want to single out the third column. By default, the For command treats only the third word as the third column. Take, for example, the first line of output in Figure 1. The third column lists Microsoft Office XP Professional, but the For command understands the third column (or token, in For command lingo) to only be the word Microsoft. To actually display the entire string Microsoft Office XP Professional, you need to use the third, fourth, fifth, and sixth tokens when you echo the string.