windows – 递归搜索HKU注册表配置单元的DWORD值

我需要一个VBScript的帮助,它将以递归方式在 Windows HKU注册表配置单元中搜索DWORD值.如果脚本可以忽略仅查看S-1-5-21 *键的系统帐户,将会很有帮助.我必须使用HKU配置单元而不是HKCU配置单元来完成此操作,因为我计划用于运行脚本的程序在系统环境中运行.没办法解决这个问题.

谢谢.

Const HKCU = &H80000001  
Const HKLM = &H80000002  
Const HKU =  &H80000003  

strComputer = "."

Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!" & _
   strComputer & "rootdefault:StdRegProv")

'Read the HKEY_CURRENT_USER hive,registry path,and valuename to retrieve settings
strKeyPath = "SoftwarePoliciesMicrosoftWindowsSystemPower"
strValueName = "PromptPasswordOnResume"
oReg.GetDWORDValue HKCU,strKeyPath,strValueName,dwValue

'Return a failure exit code if entry does not exist
If IsNull(dwValue) Then
   Wscript.Echo "The value is either Null or could not be found in the registry."
   WScript.Quit 1

'Return a failure exit code if value does not equal STIG setting    
ElseIf dwValue <> 1 Then
   Wscript.Echo "This is a finding. ","=",dwValue
   WScript.Quit 1

'Return a passing exit code if value matches STIG setting   
ElseIf dwValue = 1 Then
   Wscript.Echo "This is not a finding. "
   WScript.Quit 0

End If

所有这些都是我最终想出来解决我的问题.

Const HKEY_CURRENT_USER = &H80000001  
Const HKEY_LOCAL_MACHINE = &H80000002  
Const HKEY_USERS = &H80000003  

'Set the local computer as the target

strComputer = "."

'set the objRegistry Object 
Set objRegistry = GetObject("winmgmts:{impersonationLevel=impersonate}!" & strComputer & "rootdefault:StdRegProv")

'Enumerate All subkeys in HKEY_USERS
objRegistry.EnumKey HKEY_USERS,"",arrSubkeys

'Define variables
strKeyPath = "SoftwareMicrosoftWindowsCurrentVersionPoliciesAttachments"  
strValueName = "HideZoneInfoOnProperties"  
strSID = "S-1-5-21-d*-d*-d*-d{4,5}"  
strValue = 1  

f = True

For Each i in arrSubKeys
    Set objRegExp = New RegExp
        objRegExp.IgnoreCase = True
        objRegExp.Global = True
        objRegExp.Pattern = strSID

    Set colMatches = objRegExp.Execute(i + strKeyPath)  
        For Each objMatch In colMatches
        objRegistry.GetDWORDValue HKEY_USERS,i + strKeyPath,dwValue

            If IsNull(dwValue) Then
                WScript.Echo "This is a finding,the key " & i + strKeyPath & "" & strValueName & " does not exist."
                f = False
            ElseIf dwValue <> strValue Then
                WScript.Echo "This is a finding,the " & i + strKeyPath & "" & strValueName & ": " & dwValue & " does not equal REG_DWORD = " & strValue & "."
                f = False
            ElseIf dwValue = strValue Then
                WScript.Echo "This is not a finding " & i + strKeyPath & "" & strValueName & " = " & dwValue
            End If
        Next


Next

    If f Then
        WScript.Quit 0
    Else
        WScript.Quit 1
    End If

Const HKEY_USERS = &h80000003

subkey = "SoftwarePoliciesMicrosoftWindowsSystemPower"
name   = "PromptPasswordOnResume"

computer = "."

Set reg = GetObject("winmgmts://" & computer & "/root/default:StdRegProv")

reg.EnumKey HKEY_USERS,sidList
For Each sid In sidList
  key = sid & "" & subkey
  rc = reg.GetDWORDValue(HKEY_USERS,key,name,val)
  If rc = 0 Then
    If val = 1 Then
      WScript.Echo "OK"
      WScript.Quit 0
    Else
      WScript.Echo "Not OK"
      WScript.Quit 1
    End If
  End If
Next