Wednesday, 27 March 2019

Remote Registry Query for Multiple Computers in a Domain


You may use this method to query any registry information from a batch of servers/computers in your network.

In this example I have queried the Symantec Endpoint Protection version currently installed on the servers and it's reporting servers.

Basically I need to query the value of the below registry keys in the remote server.

Location : HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\Public-Opstate

Reg Key : LastServerIP

Location : HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion

Reg Key : PRODUCTVERSION

Basic Requirement

a. Make sure that you have admin privilege on the machine you are running the query.

b. Make sure that Remote Registry Service is started on the target machines.

Method

1. Create a .bat file and paste the below script

@echo off
set file=c:\serverlist.txt
for /f "Tokens=*" %%g in (%file%) do (
echo %%g>> c:\regquery.txt
reg query "\\%%g\HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\Public-Opstate" /v LastServerIP>> c:\regquery.txt
reg query "\\%%g\HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion" /v PRODUCTVERSION>> c:\regquery.txt
echo.>> c:\regquery.txt
echo.>> c:\regquery.txt
)

{Note :  The one I marked in red is what you need to modify in your case
            Also if you have multiple reg queries please add them one by one on the script}


2. Create a text file c:\serverlist.txt and paste the name of server you need to check.

3. Run the script in cmd with admin access.


4. Results will be present in c:\regquery.txt and is similar to below :


Cheers !

No comments:

Post a Comment