Announcement

Collapse
No announcement yet.

Pull startup registry values

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Pull startup registry values

    I use Sysinternals autoruns to view the local startup information on my PC.

    I'd like to create a new export for Exporter Pro using the Registry option to pull the startup information. As a test I entered HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run for Registry Key paths, but I'm not sure what to enter for Registry Value Names.

    I did run a Exporter Pro report using the WMI option Startup, but it returned a ton of DLLs that I don't want to export.

    Thx,
    Jeff
    Tags: None
  • #2
    Re: Pull startup registry values

    When you look at the key path in Registry Editor, or Hyena, is the information you need on the right-hand side as values, or beneath that point as sub-keys?

    Comment

    • #3
      Re: Pull startup registry values

      The information I need is on the right hand side as values. For example, I see the following on the right hand side:

      Name Type Data
      Adobe ARM REG_SZ (Shows full dir path)
      iTunesHelper REG_SZ (Shows full dir path)


      Hope this helps

      Thx for the reply

      Comment

      • #4
        Re: Pull startup registry values

        Those will be your Registry Value Names:

        %OBJECT_PATH%
        Adobe ARM
        iTunesHelper

        Comment

        • #5
          Re: Pull startup registry values

          <div class="ubbcode-block"><div class="ubbcode-header">Quote:</div><div class="ubbcode-body">Originally posted by cmccullough:
          <span style="font-weight: bold">Those will be your Registry Value Names:

          %OBJECT_PATH%
          Adobe ARM
          iTunesHelper</span></div></div>

          Thanks for the info. Do I need to list each individual application, or if I just use %OBJECT PATH% will it return all values?

          Thx again

          Comment

          • #6
            Re: Pull startup registry values

            You would have to list each one separately.

            Comment

            • #7
              Re: Pull startup registry values

              <div class="ubbcode-block"><div class="ubbcode-header">Quote:</div><div class="ubbcode-body">Originally posted by cmccullough:
              <span style="font-weight: bold">You would have to list each one separately.</span></div></div>

              That was what I was afraid of because I'm trying to pull the information from every PC to do a comparison as every PC has the potential to have different startup values in that registry key.

              Is there anyway to pull all of the values from the registry key, or do they need to be explicitly listed?

              If I can't pull all of the values from the registry key, is there a way to modify the Startup WMI Query to exclude all locations but the HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run registry key?

              When I run the Startup WMI Query, values are pulled from the HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and Startup, which lists thousands of files - .DLLs, .exes, etc.

              Thx

              Comment

              • #8
                Re: Pull startup registry values

                I created one and believe it give the results you are looking for. Change it to this and see if that works for you:

                %OBJECT_PATH%
                %KEY_NAME%
                %VALUE_NAME%
                %VALUE%

                Comment

                • #9
                  Re: Pull startup registry values

                  <div class="ubbcode-block"><div class="ubbcode-header">Quote:</div><div class="ubbcode-body">Originally posted by cmccullough:
                  <span style="font-weight: bold">I created one and believe it give the results you are looking for. Change it to this and see if that works for you:

                  %OBJECT_PATH%
                  %KEY_NAME%
                  %VALUE_NAME%
                  %VALUE%</span></div></div>

                  Changed to the values you listed, but no results. Appears to not be pulling any of the values.

                  Comment

                  • #10
                    Re: Pull startup registry values

                    <div class="ubbcode-block"><div class="ubbcode-header">Quote:</div><div class="ubbcode-body">Originally posted by cmccullough:
                    <span style="font-weight: bold">I created one and believe it give the results you are looking for. Change it to this and see if that works for you:

                    %OBJECT_PATH%
                    %KEY_NAME%
                    %VALUE_NAME%
                    %VALUE%</span></div></div>

                    The error I get when running the export is:

                    Unable to open registry software key on 'workstation name'. The system cannot find the file specified.

                    Comment

                    • #11
                      Re: Pull startup registry values

                      Send a screenshot of your template to [email protected].

                      Comment

                      • #12
                        Re: Pull startup registry values

                        <div class="ubbcode-block"><div class="ubbcode-header">Quote:</div><div class="ubbcode-body">Originally posted by cmccullough:
                        <span style="font-weight: bold">I created one and believe it give the results you are looking for. Change it to this and see if that works for you:

                        %OBJECT_PATH%
                        %KEY_NAME%
                        %VALUE_NAME%
                        %VALUE%</span></div></div>

                        I figured out the problem - I had the full registry key entered in the Registry Key paths file so HLKM was listed twice. Once I removed that and left just SOFTWARE\Microsoft\Windows\CurrentVersion\Run in the registry key path, it worked like a charm!

                        Thanks a million for your time and expertise! Greatly appreciated.

                        Comment

                        Previous template Next
                        Working...
                        X