RegSearch {Search String} searches all registry keys
RegSearch -HKLM | -HKCU {Search String} to search a given registry key
RegSearch -IGNORE ignores the case of the search string
RegSearch -EXCLUDE:{String, String, ...} ignores the excluded keys or values
RegSearch -REMOTE:{FQDN of server} to search a remote machine
RegSearch -USER:{Username} -PASS:{Password} for remote servers that require privileged access to the registry

1. By default searches in the registry are case sensitive
2. The EXCLUDE parameter string is also case sensitive depending on the -IGNORE option
3. The EXCLUDE parameter requires quotation if it contains a space
4. The REMOTE parameter should specify the FQDN of the server e.g. server.domain.local
5. The USER parameter requires the use of UPN usernames e.g.

RegSearch.exe -ignore TcpIP
Performs a search for "TcpIP" in both registry keys, ignoring the case

RegSearch.exe Controller -exclude:LogConfig
Performs a case sensitive search for "Controller" in both registry keys, excluding keys/values that match "LogConfig"

RegSearch.exe Printer -remote:SERVER -user:administrator -pass:secretcode -ignore
Performs a case insensitive search for "Printer" on the remote server {SERVER}, authenticating with user admistrator and password secretcode.

Last edited Oct 22, 2010 at 11:16 PM by Caduceuscoil, version 6


No comments yet.