WMI Tasks: Registry
WMI tasks for the registry create and modify registry keys and values. For other examples, see the TechNet ScriptCenter at https://www.microsoft.com/technet.
The script examples shown in this topic obtain data only from the local computer. For more information about how to use the script to obtain data from remote computers, see Connecting to WMI on a Remote Computer.
The following procedure describes how to run a script.
To run a script
- Copy the code and save it in a file with a .vbs extension, such as filename.vbs. Ensure that your text editor does not add a .txt extension to the file.
- Open a command prompt window and navigate to the directory where you saved the file.
- Type cscript filename.vbs at the command prompt.
- If you cannot access an event log, check to see if you are running from an Elevated command prompt. Some Event Log, such as the Security Event Log, may be protected by User Access Controls (UAC).
By default, cscript displays the output of a script in the command prompt window. Because WMI scripts can produce large amounts of output, you might want to redirect the output to a file. Type cscript filename.vbs > outfile.txt at the command prompt to redirect the output of the filename.vbs script to outfile.txt.
The following table lists script examples that can be used to obtain various types of data from the local computer.
|How do I...||WMI classes or methods|
|...read registry key values using WMI?||Use the StdRegProv class, located in root\default namespace. You cannot get any instances of this class because the System Registry Provider is a method and event provider only. However, you can get registry data through methods such as EnumKey or EnumValue. The Win32_Registry, located in root\cimv2 namespace, gets data about the registry as a whole, such as how large it is.
|...create a new registry key?||
Use the StdRegProv class, located in root\default namespace, and the CreateKey method.
|...create a new registry value under a key?||
Use the StdRegProv class, located in the root\default namespace, and the CreateKey method. Then use one of the Set methods, depending on what registry datatype the value is, such as the SetDWORDValue. The Set methods create a value if it does not already exist. For more information, see Mapping a Registry Data Type to a WMI Data Type.
|...avoid getting an Invalid Class error when trying to write a script to read the registry?||
Use the root\default namespace when accessing the StdRegProv class. StdRegProv is not part of the cimv2 namespace, which is why an "Invalid Class" error is generated if you try to connect to "root\cimv2:StdRegProv".
|...check security on a specific registry key?||
Use the StdRegProv class, located in root\default namespace and the CheckAccess method. You can only check the access rights for the current user that is running the script or application. You cannot check the access rights for another specified user.
|...read and write binary registry values?||
Use the StdRegProv class, located in "Root\Default" namespace and the GetBinaryValue and SetBinaryValue methods. Registry values that appear in the RegEdt32 utility as a series of byte hexadecimal values are in the REG_BINARY data format. For more information, see Mapping a Registry Data Type to a WMI Data Type. The following VBScript code example creates a new key with a binary value. The binary value is supplied in the iValues byte array specified in Hex.
The following script reads the binary value.
|...read and write registry values that contain multiple strings?||
Use the StdRegProv class, located in root\default namespace and the GetMultiStringValue and SetMultiStringValue methods. Registry keys that appear in the RegEdt32 utility as a series of strings separated by spaces are in the REG_MULTI_SZ data format. For more information, see Mapping a Registry Data Type to a WMI Data Type. The following VBScript code example creates a new key and a new multistring value.
The following script reads the multistring value.
|...remove a registry key?||
Use the StdRegProv class, located in root\default namespace and the DeleteKey methods.