|
 |  |  |  |  |  |  |
| Welcome to Windows Vista Forums. Our forum is dedicated to helping you find solutions with any problems, errors or issues you are experiencing with Windows Vista. The Vista forum also covers news and updates and has an extensive Windows Vista tutorial section that covers a wide range of tips and tricks. |
| |||||||
 |
| |
08-30-2009
| #1 (permalink) |
| | Script: change in real time the key in the registry I need a script that notifies any change in real time the key in the registry: KHLM \ Microsoft \ system \ CurrentControlSet \ Enum \ USBSTOR The notice may be by courier to my team and by email. As I do? Thank you |
My System Specs |
|
08-30-2009
| #2 (permalink) |
| | Re: Script: change in real time the key in the registry "Salvador" <salvador.carrero@xxxxxx> wrote in message news:O$eAzFYKKHA.4168@xxxxxx Quote: >I need a script that notifies any change in real time the key in the >registry: > KHLM \ Microsoft \ system \ CurrentControlSet \ Enum \ USBSTOR > > The notice may be by courier to my team and by email. > > As I do? > Thank you > Note that the registry key you quote (KHLM \ Microsoft \ system \ CurrentControlSet \ Enum \ USBSTOR) does not exist. You must specify the correct key in order to get the script to work. sHive = "'HKEY_LOCAL_MACHINE'" sPath = "'SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run'" Set objWMIService = GetObject("winmgmts:\\.\root\default") Set colEvents = objWMIService.ExecNotificationQuery _ ("SELECT * FROM RegistryKeyChangeEvent " _ & "WHERE Hive= " & sHive _ & "And KeyPath=" & sPath) Do Set objLatestEvent = colEvents.NextEvent WScript.Echo Now & ": The registry key" & VbCrLf _ & Replace(sHive & "\" & Replace(sPath, "\\", "\"), "'", "") _ & VbCrLf & "has been modified." Loop What do you mean with "by courier"? |
| My System Specs |
|
08-30-2009
| #3 (permalink) |
| | Re: Script: change in real time the key in the registry Thanks, I mean that the user does not leave any popup, it is sent by email if you can notify the administrator that the user has connected a USB or is a popup to the administrator. Is it possible? With the key is: HKLM / system / currentcontrolset / enum / usbstor "Pegasus [MVP]" <news@xxxxxx> wrote in message news:Oe55V$YKKHA.4376@xxxxxx Quote: > > "Salvador" <salvador.carrero@xxxxxx> wrote in message > news:O$eAzFYKKHA.4168@xxxxxx Quote: >>I need a script that notifies any change in real time the key in the >>registry: >> KHLM \ Microsoft \ system \ CurrentControlSet \ Enum \ USBSTOR >> >> The notice may be by courier to my team and by email. >> >> As I do? >> Thank you >> > Here you go (based on an idea by the Scripting Guy). > Note that the registry key you quote (KHLM \ Microsoft \ system \ > CurrentControlSet \ Enum \ USBSTOR) does not exist. You must specify the > correct key in order to get the script to work. > > sHive = "'HKEY_LOCAL_MACHINE'" > sPath = "'SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run'" > Set objWMIService = GetObject("winmgmts:\\.\root\default") > Set colEvents = objWMIService.ExecNotificationQuery _ > ("SELECT * FROM RegistryKeyChangeEvent " _ > & "WHERE Hive= " & sHive _ > & "And KeyPath=" & sPath) > > Do > Set objLatestEvent = colEvents.NextEvent > WScript.Echo Now & ": The registry key" & VbCrLf _ > & Replace(sHive & "\" & Replace(sPath, "\\", "\"), "'", "") _ > & VbCrLf & "has been modified." > Loop > > What do you mean with "by courier"? > |
| My System Specs |
|
08-30-2009
| #4 (permalink) |
| | Re: Script: change in real time the key in the registry "Salvador" <salvador.carrero@xxxxxx> wrote in message news:OJ1RykaKKHA.4608@xxxxxx Quote: > Thanks, I mean that the user does not leave any popup, it is sent by email > if you can notify the administrator that the user has connected a USB or > is a popup to the administrator. > Is it possible? > With the key is: HKLM / system / currentcontrolset / enum / usbstor > level but not at any deeper level. sHive = "'HKEY_LOCAL_MACHINE'" sPath = "'SYSTEM\\CurrentControlSet\\Enum\\USBSTOR'" Set objWMIService = GetObject("winmgmts:\\.\root\default") Set colEvents = objWMIService.ExecNotificationQuery _ ("SELECT * FROM RegistryKeyChangeEvent " _ & "WHERE Hive= " & sHive _ & "And KeyPath=" & sPath) Do Set objLatestEvent = colEvents.NextEvent SendMail sHive, sPath Loop Sub SendMail(Hive, Path) Set oWshShell = CreateObject("WScript.Shell") cdoBasic = 1 schema = "http://schemas.microsoft.com/cdo/configuration/" Set objEmail = CreateObject("CDO.Message") With objEmail .From = "james@xxxxxx" .To = "jack@xxxxxx" .Subject = "Registry change report - " _ & oWshShell.ExpandEnvironmentStrings("%Computername%") .Textbody = "The key " & Hive & "\" & Path _ & " was modified on " & Date & " at " & Time & "." With .Configuration.Fields .Item (schema & "sendusing") = 2 .Item (schema & "smtpserver") = "mail.company.com" .Item (schema & "smtpserverport") = 25 .Item (schema & "smtpauthenticate") = cdoBasic .Item (schema & "sendusername") = "james@xxxxxx" .Item (schema & "smtpaccountname") = "john@xxxxxx" .Item (schema & "sendpassword") = "smtppassword" End With .Configuration.Fields.Update .Send End With End Sub |
| My System Specs |
|
08-31-2009
| #5 (permalink) |
| | Re: Script: change in real time the key in the registry Just a potential gotcha, if you have anti-virus you may want to check the settings because many will not allow a script or custom built application to send emails. troubleshooting ahead  "Pegasus [MVP]" wrote: Quote: > > "Salvador" <salvador.carrero@xxxxxx> wrote in message > news:OJ1RykaKKHA.4608@xxxxxx Quote: > > Thanks, I mean that the user does not leave any popup, it is sent by email > > if you can notify the administrator that the user has connected a USB or > > is a popup to the administrator. > > Is it possible? > > With the key is: HKLM / system / currentcontrolset / enum / usbstor > > > You can try the code below. Note that it will pick up changes at the usbstor > level but not at any deeper level. > > sHive = "'HKEY_LOCAL_MACHINE'" > sPath = "'SYSTEM\\CurrentControlSet\\Enum\\USBSTOR'" > Set objWMIService = GetObject("winmgmts:\\.\root\default") > Set colEvents = objWMIService.ExecNotificationQuery _ > ("SELECT * FROM RegistryKeyChangeEvent " _ > & "WHERE Hive= " & sHive _ > & "And KeyPath=" & sPath) > > Do > Set objLatestEvent = colEvents.NextEvent > SendMail sHive, sPath > Loop > > Sub SendMail(Hive, Path) > Set oWshShell = CreateObject("WScript.Shell") > cdoBasic = 1 > schema = "http://schemas.microsoft.com/cdo/configuration/" > Set objEmail = CreateObject("CDO.Message") > With objEmail > .From = "james@xxxxxx" > .To = "jack@xxxxxx" > .Subject = "Registry change report - " _ > & oWshShell.ExpandEnvironmentStrings("%Computername%") > .Textbody = "The key " & Hive & "\" & Path _ > & " was modified on " & Date & " at " & Time & "." > With .Configuration.Fields > .Item (schema & "sendusing") = 2 > .Item (schema & "smtpserver") = "mail.company.com" > .Item (schema & "smtpserverport") = 25 > .Item (schema & "smtpauthenticate") = cdoBasic > .Item (schema & "sendusername") = "james@xxxxxx" > .Item (schema & "smtpaccountname") = "john@xxxxxx" > .Item (schema & "sendpassword") = "smtppassword" > End With > .Configuration.Fields.Update > .Send > End With > End Sub > > > |
| My System Specs |
|
| Thread Tools | |
| |
Similar Threads | ||||
| Thread | Forum | |||
| Problems with carret in URL (real time ticker sample) | .NET General | |||
| Vista giving me a real hard time please help!!!! | General Discussion | |||
| C#.NET Interview Questions And Real Time Discussions | .NET General | |||
| Real time command line spy | PowerShell | |||
| How to turn on CA EZ Antivirus real-time? | Vista security | |||
