Reading the Registry from the Command Line

Often I need to check windows registry values, for example, to see if an addon is working.

From the Microsoft Windows command line (Start | run | cmd) it is easy to see what value a registry key has:

REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\MS Project\Addins\Mindjet.Mm8MsProject.AddIn.4" /v "LoadBehavior"

In this example above, we see if the Mindjet Mindmanager add-on is loaded or not in Microsoft Project.

Using registry values in scripts

I’m often writing scripts to do stuff. It makes my job easier. I’ve often wanted to be able to script the discovery of registry values in the Windows Registry.

Thus here is a short example on using the vanilla windows command line to find the value of a Windows registry key. From my testing these commands are all present by default in Windows XP, Vista, 7, Server 2003 and Server 2008.

Assume we want to find the Microsoft Windows Common Files directory. Using `Regedit` we can find that here: `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir`

So the first thing we want to do is query the registry, we do that with the command line tool `reg` as follows ([more about reg][]):

[more about reg]:http://www.petri.co.il/reg_command_in_windows_xp.htm
“Read up on how to use the reg command for more than just a query”

`reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion /v CommonFilesDir >1.tmp`

This will spit out the following into the text file `1.tmp`:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
CommonFilesDir REG_SZ C:\Program Files\Common Files

However, this isn’t of much use in a script. Really, we just want the value of the folder itself, not all the extra info.

So what we do is use the command line tool ‘findstr’ which essentially is a windows regex tool ([more about findstr][]). We use it to do this:

[more about findstr]:http://www.netexpertise.eu/en/windows/findstr-an-alternative-to-grep.html
“Read up on findstr – regex goodness on windows by default”

`findstr /r REG_SZ 1.tmp >2.tmp`

This spits out just the line that contains REG_SZ and puts it into the text file `2.tmp`. Now that we’ve just just the one line, we want to strip the first 32 characters off it. We do this by first setting it as an enviroment variale and then trimming it down using the following two commands ([more on set][]):

[more on set]:http://www.computing.net/answers/windows-2000/use-file-contents-to-set-variables/63174.html
“Using file contents to set enviroment variables”

`set /p CommFiles=<2.tmp` And then we shorten that ([more on trimming][]): [more on trimming]:http://www.dostips.com/DtTipsStringManipulation.php "Read up on using set to trim environment variables" `set CommFiles=%CommFiles:~32%` Then we can echo the result to the screen using: `Echo The Common Files directory is: %CommFiles%` And here it is all in one easy to copy set: --- Set CommFiles=C:\Temp reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion /v CommonFilesDir >1.tmp
findstr /r REG_SZ 1.tmp >2.tmp
set /p CommFiles=<2.tmp set CommFiles=%CommFiles:~32% Echo The Common Files directory is: %CommFiles% --- With a little editing I'm sure that you can turn this to your own uses, pulling out the value of registry keys and using them in script files. You're not limited to this registry key, you can use it to access all sorts of registry keys. Please do tell me what uses you put this to. Enjoy.

Resurrecting Terminal Server

A Terminal Server I was attempting to work on today gave quite a lot of grief. The first hint was that users were unable to login to it. When I then tried to login, it gave an error message of:
Login Failed
You are connected to the remote computer. Howerver, an error occured while an initial user program was starting, so you are being logged off. Contact the system administrator for assistance.

So I rebooted it remotely using the command shutdown /r /f /m \\TSERVER1 while having a continuous ping running, from the ping results I could see it go down, come back up. However on trying to login now, after entering a username/password I could see the logon script run, but no taskbar, start button appeared. Right clicking the desktop didn’t give any menu.

I could however navigate to the hard drive on that machine by pointing My Computer to \\tserver1\c$\.

Copying some of the tools at live.sysinternals.com I was able to view the event logs, no issues apparent, check status of various services, all ok.

So I connected via RDP once more (mstsc /v:tserver1 /console) and viewed the background (still no start button or taskbar) and pressed CTRL-ALT-END which allowed me to start the Task Manager. This allowed me to run a new task (File | New tas (run...)) so now I was able to copy the sysinternals autoruns program to the root of the C: partition, and run it from the affected terminal server. Running c:\windows\explorer.exe didn’t work tho.

Delving into it’s depths I found an entry for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Explorer – renaming this entry then allowed Explorer to run. So I’ve exported the key (in case I do want it sometime) and then deleted it.

Rebooted the server once more and bingo, it lets everyone log in. Very satisfying after a couple of hours of mad hair tearing.