Find a value in registry and change it

**Octopuss** · August 30, 2011

still the same

**bphlpt** · August 30, 2011

@jaclaz, Since I'm following along, I tried some of these commands as well just trying to learn new things. I'm just running a home machine Win7 x86 Ultimate, if it matters.

Anyway, I got similar results to TheWalrus for the "second" command you suggested, and for your latest suggestion I got

Invalid XSL format <or> file name.

What should we be getting?

Cheers and Regards

**jaclaz** · August 30, 2011

The /format: switch changes the format of the output.

Examples:

http://waynes-world-it.blogspot.com/2008/07/wmic-custom-alias-and-format.html

It seems like something has changed in Windows 7, but cannt say what, if either syntax dod not worlk for you.

As an example what I get on my machine with:

wmic path Win32_networkadapterconfiguration where "IPENABLED=TRUE" get Caption,SettingID

is:

C:\test>wmic path Win32_networkadapterconfiguration where "IPENABLED=TRUE" get
Caption,SettingID
Caption SettingID
[00000008] Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller {4E1252DC-1
884-4B8E-BFF4-B016E790CCF4}

and with:

wmic path Win32_networkadapterconfiguration where "IPENABLED=TRUE" get Caption,SettingID /format:csv

I get:

C:\test>wmic path Win32_networkadapterconfiguration where "IPENABLED=TRUE" get
Caption,SettingID /format:csv
Node,Caption,SettingID
CINQUE,[00000008] Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller,{4E12
52DC-1884-4B8E-BFF4-B016E790CCF4}

(i.e. an easy parsable CSV)

What do you get if you issue:

http://isc.sans.edu/diary.html?storyid=1229

wmic process list /format /?

You should get a number of "keywords".

jaclaz

**iamtheky** · August 30, 2011

I would still go simple using the Find command to filter as needed, the IPenabled=true whittles it down greatly as well. but using the miniports as example

wmic nic get name | find /i "miniport"

wmic nic get name | find /i "miniport" | find /i "WAN"

wmic nic get name | find /i "miniport" | find /i "WAN" | find /i "L2TP"

but in your case i think it might be easier to work with what is not included, thus post #5 or a more generic:

wmic nic where netconnectionID="Local Area Connection" get name | find /V "VPN"

Setting this return, and using it in reg query however.... I'm rooting for that next, I need to learn.

Edited August 30, 2011 by iamtheky

**bphlpt** · August 30, 2011

What do you get if you issue:
wmic process list /format /?
You should get a number of "keywords".

I do.


Keyword/XSL filename to process XML results.

USAGE:

/FORMAT:<format specifier>

NOTE: <formatspecifier> : ((<transformname>|<transformname> : <paramstring>)[,<formatspecifier>]).

where <paramstring>(<parametername>=<value>)[:<paramstring>]).

NOTE: <transformname> is a <key word> or an <xsl file name>.

Keywords:

CSV
HFORM
HTABLE
LIST
MOF
RAWXML
TABLE
VALUE
XML
htable-sortby
htable-sortby.xsl
texttablewsys
texttablewsys.xsl
wmiclimofformat
wmiclimofformat.xsl
wmiclitableformat
wmiclitableformat.xsl
wmiclitableformatnosys
wmiclitableformatnosys.xsl
wmiclivalueformat
wmiclivalueformat.xsl

Cheers and Regards

**jaclaz** · August 30, 2011

I do.

Then there is no reason why it shouldn't work.

Each and every keyword:

CSV
HFORM
HTABLE
LIST
MOF
RAWXML
TABLE
VALUE
XML

corresponds to an available "format", i.e. a valid parameter of the /format:<keyword>.

Can you try with some other of the keywords?

Example of my output with RAWXML:

C:\test>wmic path Win32_networkadapterconfiguration where "IPENABLED=TRUE" get
Caption,SettingID /format:rawxml
<COMMAND SEQUENCENUM="1" ISSUEDFROM="CINQUE" STARTTIME="08-30-2011T16:44:44" EVE
RYCOUNT="0"><REQUEST><COMMANDLINE> path Win32_networkadapterconfiguration where
"IPENABLED=TRUE" get  Caption,SettingID /format:rawxml</COMMANDLINE>
<COMMANDLINECOMPONENTS><NODELIST><NODE>CINQUE</NODE>
</NODELIST>
</COMMANDLINECOMPONENTS>
<CONTEXT><NAMESPACE>root\cimv2</NAMESPACE>
<ROLE>root\cli</ROLE>
<IMPLEVEL>IMPERSONATE</IMPLEVEL>
<AUTHLEVEL>PKTPRIVACY</AUTHLEVEL>
<LOCALE>ms_410</LOCALE>
<PRIVILEGES>ENABLE</PRIVILEGES>
<TRACE>OFF</TRACE>
<RECORD>N/A</RECORD>
<INTERACTIVE>OFF</INTERACTIVE>
<FAILFAST>OFF</FAILFAST>
<OUTPUT>STDOUT</OUTPUT>
<APPEND>STDOUT</APPEND>
<USER>N/A</USER>
<AGGREGATE>ON</AGGREGATE>
</CONTEXT>
</REQUEST>
<RESULTS NODE="CINQUE"><CIM><INSTANCE CLASSNAME="Win32_NetworkAdapterConfigurati
on"><PROPERTY NAME="Caption" TYPE="string"><VALUE>[00000008] Atheros L1 Gigabit
Ethernet 10/100/1000Base-T Controller</VALUE>
</PROPERTY>
<PROPERTY NAME="SettingID" TYPE="string"><VALUE>{4E1252DC-1884-4B8E-BFF4-B016E79
0CCF4}</VALUE>
</PROPERTY>
</INSTANCE>
</CIM>
</RESULTS>
</COMMAND>

I have no idea why the CSV option is not working for you.

Try checking contents of file %WINDIR%\system32\wbem\xsl-mappings.xml (if any):

http://technet.microsoft.com/en-us/library/cc778755(WS.10).aspx

http://technet.microsoft.com/en-us/library/cc784974(WS.10).aspx

And if you have a %WINDIR%\system32\wbem\csv.xsl file.

And if you have %WINDIR%\system32\wbem\ in path.

(or try navigating to %WINDIR%\system32\wbem\ and run WMIC in it)

jaclaz

Edited September 3, 2011 by jaclaz

**bphlpt** · August 30, 2011

As is often the case, I reran your third suggested command, jaclaz:

wmic path Win32_networkadapterconfiguration where "IPENABLED=TRUE" get Caption,SettingID /format:csv

and got an output this time:


Node,Caption,SettingID
COMP,[00000007] Broadcom NetXtreme Gigabit Ethernet,{DAF2CE16-5B38-4AFF-BF3B-FD3A4AD9D28A}
COMP,[00000012] VMware Virtual Ethernet Adapter for VMnet1,{34E15011-CC8B-4568-8B26-FB3006AC01A4}
COMP,[00000013] VMware Virtual Ethernet Adapter for VMnet8,{001DA8BB-0E77-4622-BA99-0BC59B2417D0}

Won't try to guess why it worked this time but not before. So anyway, I guess it should work for you as well, TheWalrus?

Cheers and Regards

**jaclaz** · August 30, 2011

Won't try to guess why it worked this time but not before. So anyway, I guess it should work for you as well, TheWalrus?

I seem (vaguely) to remember that on first EVER execution of a WMI (or WMIC) query/command on a system the WBEM (whatever it is) is *somehow* "initialized".

Maybe this is the case.

http://ss64.com/nt/wmic.html

When you type WMIC for the first time in Windows 2003 all the aliases are compiled. The second, and subsequent times you run WMIC, it will start immediately. Under XP WMIC is slower to initialise, therefore to run several WMI queries it can be quicker to use interactive mode.

Or maybe it is an Administrator/UAC/permission issue?

Anyway, now that it works, run it like this:

wmic path Win32_networkadapterconfiguration get /format:csv>C:\test\test.csv

and open/import the resulting .csv file in *any* spreadsheet program.

This way you will see easily all the info that is coming from the command and see which conditions you can use in the query and which fields are to be retrieved.

Generic query syntax is:

wmic path <wmi path> where <condition> get <comma separated fields you want to retrieve>

jaclaz

**Octopuss** · September 1, 2011

tried running the command several times in a row, on work and home computers both, and still the same error message

(UAC off, using local admin account)

edit: if I skip the whole /format part, I do get some results.

Edited September 1, 2011 by TheWalrus

**jaclaz** · September 3, 2011

tried running the command several times in a row, on work and home computers both, and still the same error message
(UAC off, using local admin account)
edit: if I skip the whole /format part, I do get some results.

This is a mistery, since it came out as working for bphlpt

I really have no idea why it does not work for you.

Have you actually tried the suggested checks?:

Try checking contents of file %WINDIR%\system32\wbem\xsl-mappings.xml (if any):
http://technet.microsoft.com/en-us/library/cc778755(WS.10).aspx
http://technet.microsoft.com/en-us/library/cc784974(WS.10).aspx
And if you have a %WINDIR%\system32\wbem\csv.xsl file.
And if you have %WINDIR%\system32\wbem\ in path.
(or try navigating to %WINDIR%\system32\wbem\ and run WMIC in it)

jaclaz

Edited September 3, 2011 by jaclaz

**jaclaz** · September 13, 2011

As often happen OT (but not much ) a small app that is useful to do WQL Queries to WMI:

WMI tester

http://www.paessler.com/tools/wmitester

(unlike the Wbemtest that is - to say the least - terrible in usage)

jaclaz

**PatM** · September 18, 2011

There is probably an easy way to do this, but I am not too educated on the command line subject, so if someone could help me out I'd really appreciate it.
I need to rename network adapter names on all the machines of our client from the default "Local area connection" to "LAN" for batch network settings change.
I figured this is stored in registry, and finding it is actually pretty simple: REG QUERY HKLM\SYSTEM\CurrentControlSet\control\network\ /s /e /f "Local area connection"
BUT how do I change it when I don't know where is it located in the first place? There are a few diferent machine types with different adapters, so obviously the registry location is slightly different.

You can use a simple AutoIT script and AutoIT is free.

Sign In

Find a value in registry and change it

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Recently Browsing 0 members