How can I delete Regedit records that in the directory contain the serial "SID" by a file. bat

Asked

Viewed 16 times

-1

I’m trying to create a file .bat delete specific records within Regedit that works on any computer. When I try to delete the records inside the directory (Computer HKEY_LOCAL_MACHINE SYSTEM Controlset001 Services bam State Usersettings S-1-5...), it shows a large number that when I went deeper, I discovered that this serial is called "SID" and she switches from computer to computer.

I wish I had a code that would take the supposed "SID" and add it to the line of code. An example of this would be:

REG DELETE HKLM SYSTEM Controlset001 Services bam State Usersettings %SID%

During my attempts, I realized that it was not possible and would have to write a code/script that caught the SID with "whoami /user" and put it next to the "REG DELETE", but currently I do not have the capacity to do this and I am here looking for help.

cmd bat

  • Out of curiosity why do you want to delete this key? From what I saw it refers to the background processes Monitoramente...

  • After the key is erased it must be recreated?

1 answer

1

Try this:

@echo off

net session >nul 2>&1 || (powershell start -verb runas '"%~0"' &exit /b)


for /f "tokens=2 Delims=," %%a in ('whoami /user /fo csv /nh') do (
                                                                   echo \Registry\Machine\SYSTEM\ControlSet001\Services\bam\State\UserSettings\%%~a [1 8 17] >"%temp%\ArquivoTemp.txt"
                                                                   regini "%temp%\ArquivoTemp.txt"
                                                                   reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\%%~a" /va /f
                                                                  )

del /q "%temp%\ArquivoTemp.txt"

Browser other questions tagged cmd bat

You are not signed in. Login or sign up in order to post.