Does anyone know of a good way to get the security settings on specific
registry keys? I need to audit the registry on several hundred Windows
2000 machines, part of which is looking at the security settings of
specific keys.

I have Python code using WMI and the win32all package to get some of
this information, but I was curious if anyone knew of a commandline
tool that would get this information remotely.
Thanks for any help,

Wayne

Hi,
Use the following command:
"telnet ip port"
"reg export keyname filename"
You can use them in a *.bat file.



"paw" <(E-Mail Removed)> дÈëÏûÏ¢ÐÂÎÅ
:(E-Mail Removed)...
> Does anyone know of a good way to get the security settings on specific
> registry keys? I need to audit the registry on several hundred Windows
> 2000 machines, part of which is looking at the security settings of
> specific keys.
>
> I have Python code using WMI and the win32all package to get some of
> this information, but I was curious if anyone knew of a commandline
> tool that would get this information remotely.
> Thanks for any help,
>
> Wayne
>

In microsoft.public.win2000.registry Heelen Diyond wrote:


> "paw" <(E-Mail Removed)> дÈëÏûÏ¢ÐÂÎÅ
>:(E-Mail Removed)...
>> Does anyone know of a good way to get the security settings on
>> specific registry keys? I need to audit the registry on several
>> hundred Windows 2000 machines, part of which is looking at the
>> security settings of specific keys.
>>
>> I have Python code using WMI and the win32all package to get some
>> of this information, but I was curious if anyone knew of a
>> commandline tool that would get this information remotely.
>> Thanks for any help,

> Hi,
> Use the following command:
> "telnet ip port"
> "reg export keyname filename"
> You can use them in a *.bat file.

I think the OP wanted the registry ACLs, not content. And I suspect
that a telnet server is not very likely running on "several hundred",
most probably, LAN-client systems.

psexec.exe (Sysinternals) and setacl.exe (Sourceforge) might be
useful in this case perhaps. I do not think the OP gave enough
details to be certain.

Sorry for the delay, I was AFK for a little while.

I am looking for way to export who has access to read, edit or delete
specific registry keys. Someone pointed me to a program called
DumpACLL, which works but the output is in a binary format that my
program cannot read.

I'll take a look at the two programs you suggested and see if they
work. Thanks for the informaiton.