Announcement

Guest · 12-14-2010, 03:28 PM

Re: Pull startup registry values

When you look at the key path in Registry Editor, or Hyena, is the information you need on the right-hand side as values, or beneath that point as sub-keys?

Guest · 12-15-2010, 07:38 AM

Re: Pull startup registry values

The information I need is on the right hand side as values. For example, I see the following on the right hand side:

Name Type Data
Adobe ARM REG_SZ (Shows full dir path)
iTunesHelper REG_SZ (Shows full dir path)

Hope this helps

Thx for the reply

Guest · 12-15-2010, 08:12 AM

Re: Pull startup registry values

Those will be your Registry Value Names:

%OBJECT_PATH%
Adobe ARM
iTunesHelper

Guest · 12-15-2010, 12:01 PM

Re: Pull startup registry values

<div class="ubbcode-block"><div class="ubbcode-header">Quote:</div><div class="ubbcode-body">Originally posted by cmccullough:
<span style="font-weight: bold">Those will be your Registry Value Names:

%OBJECT_PATH%
Adobe ARM
iTunesHelper</span></div></div>

Thanks for the info. Do I need to list each individual application, or if I just use %OBJECT PATH% will it return all values?

Thx again

Guest · 12-15-2010, 12:49 PM

Re: Pull startup registry values

You would have to list each one separately.

Guest · 12-15-2010, 02:13 PM

Re: Pull startup registry values

<div class="ubbcode-block"><div class="ubbcode-header">Quote:</div><div class="ubbcode-body">Originally posted by cmccullough:
<span style="font-weight: bold">You would have to list each one separately.</span></div></div>

That was what I was afraid of because I'm trying to pull the information from every PC to do a comparison as every PC has the potential to have different startup values in that registry key.

Is there anyway to pull all of the values from the registry key, or do they need to be explicitly listed?

If I can't pull all of the values from the registry key, is there a way to modify the Startup WMI Query to exclude all locations but the HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run registry key?

When I run the Startup WMI Query, values are pulled from the HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and Startup, which lists thousands of files - .DLLs, .exes, etc.

Thx

Guest · 12-15-2010, 02:30 PM

Re: Pull startup registry values

I created one and believe it give the results you are looking for. Change it to this and see if that works for you:

%OBJECT_PATH%
%KEY_NAME%
%VALUE_NAME%
%VALUE%

Guest · 12-15-2010, 03:11 PM

Re: Pull startup registry values

<div class="ubbcode-block"><div class="ubbcode-header">Quote:</div><div class="ubbcode-body">Originally posted by cmccullough:
<span style="font-weight: bold">I created one and believe it give the results you are looking for. Change it to this and see if that works for you:

%OBJECT_PATH%
%KEY_NAME%
%VALUE_NAME%
%VALUE%</span></div></div>

Changed to the values you listed, but no results. Appears to not be pulling any of the values.

Guest · 12-15-2010, 03:13 PM

Re: Pull startup registry values

<div class="ubbcode-block"><div class="ubbcode-header">Quote:</div><div class="ubbcode-body">Originally posted by cmccullough:
<span style="font-weight: bold">I created one and believe it give the results you are looking for. Change it to this and see if that works for you:

%OBJECT_PATH%
%KEY_NAME%
%VALUE_NAME%
%VALUE%</span></div></div>

The error I get when running the export is:

Unable to open registry software key on 'workstation name'. The system cannot find the file specified.

Guest · 12-15-2010, 03:13 PM

Re: Pull startup registry values

Send a screenshot of your template to [email protected].

Guest · 12-15-2010, 03:16 PM

Re: Pull startup registry values

<div class="ubbcode-block"><div class="ubbcode-header">Quote:</div><div class="ubbcode-body">Originally posted by cmccullough:
<span style="font-weight: bold">I created one and believe it give the results you are looking for. Change it to this and see if that works for you:

%OBJECT_PATH%
%KEY_NAME%
%VALUE_NAME%
%VALUE%</span></div></div>

I figured out the problem - I had the full registry key entered in the Registry Key paths file so HLKM was listed twice. Once I removed that and left just SOFTWARE\Microsoft\Windows\CurrentVersion\Run in the registry key path, it worked like a charm!

Thanks a million for your time and expertise! Greatly appreciated.

Announcement

Pull startup registry values

Pull startup registry values

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment