CIS Remediation Batch Script

BATCH SCRIPT

@echo off

setlocal enabledelayedexpansion

:: ========================================

:: Simple Registry SID Processor - Batch Version

:: ========================================

:: This simplified batch script processes Windows Registry files listed in a text file.

:: It replaces <***USER_SID***> placeholders with the current user's actual SID and

:: applies the registry changes.

::

:: Usage: process_registry_simple.bat <file_list.txt>

:: Example: process_registry_simple.bat registry_files_list.txt

:: ========================================

:: Configuration - Edit these paths as needed

set "REGISTRY_SOURCE_PATH=.\registry_files\"

set "TEMP_DIR=%TEMP%"

:: Statistics

set "PROCESSED_COUNT=0"

set "FAILED_COUNT=0"

echo.

echo Simple Registry SID Processor - Batch Version

echo ==============================================

echo.

:: Check if file list parameter is provided

if "%~1"=="" (

echo ERROR: No file list specified.

echo Usage: %~nx0 ^<file_list.txt^>

echo Example: %~nx0 registry_files_list.txt

pause

exit /b 1

)

set "FILE_LIST=%~1"

:: Check if file list exists

if not exist "%FILE_LIST%" (

echo ERROR: File list "%FILE_LIST%" not found.

pause

exit /b 1

)

:: Get current user's SID

echo [%TIME%] INFO: Getting current user SID...

call :GetUserSID

if "!USER_SID!"=="" (

echo [%TIME%] ERROR: Could not determine user SID.

echo Please run this script as an administrator or check your permissions.

pause

exit /b 1

)

echo [%TIME%] INFO: User SID: !USER_SID!

echo [%TIME%] INFO: Source path: %REGISTRY_SOURCE_PATH%

echo [%TIME%] INFO: File list: %FILE_LIST%

echo.

:: Read and display files to be processed

echo [%TIME%] INFO: Reading file list...

set "FILE_COUNT=0"

echo Files to be processed:

for /f "usebackq tokens=* delims=" %%a in ("%FILE_LIST%") do (

set "line=%%a"

:: Skip empty lines and comments

if not "!line!"=="" (

if not "!line:~0,1!"=="#" (

echo - !line!

set /a FILE_COUNT+=1

)

)

)

if !FILE_COUNT! equ 0 (

echo [%TIME%] WARN: No files to process

pause

exit /b 0

)

echo.

echo [%TIME%] INFO: Found !FILE_COUNT! files in list

echo.

:: Confirmation

set /p "CONFIRM=Do you want to proceed? (Y/N): "

if /i not "!CONFIRM!"=="Y" (

echo [%TIME%] WARN: Operation cancelled by user

pause

exit /b 0

)

echo.

:: Process each file in the list

for /f "usebackq tokens=* delims=" %%a in ("%FILE_LIST%") do (

set "line=%%a"

:: Skip empty lines and comments

if not "!line!"=="" (

if not "!line:~0,1!"=="#" (

call :ProcessRegistryFile "!line!"

)

)

)

:: Summary

echo.

echo Processing Summary:

echo ==================

echo Files processed successfully: !PROCESSED_COUNT!

echo Files failed: !FAILED_COUNT!

set /a TOTAL_COUNT=!PROCESSED_COUNT!+!FAILED_COUNT!

echo Total files: !TOTAL_COUNT!

echo.

if !FAILED_COUNT! gtr 0 (

echo [%TIME%] WARN: Some files failed to process

set "EXIT_CODE=1"

) else (

echo [%TIME%] SUCCESS: All files processed successfully

set "EXIT_CODE=0"

)

echo.

echo Operation completed.

pause

exit /b !EXIT_CODE!

:: ========================================

:: SUBROUTINES

:: ========================================

:GetUserSID

:: Get current user's SID using multiple methods

for /f "tokens=2 delims==" %%i in ('wmic useraccount where name^="%USERNAME%" get sid /value 2^>nul ^| find "SID="') do (

set "USER_SID=%%i"

)

:: Alternative method if WMIC fails

if "!USER_SID!"=="" (

echo [%TIME%] INFO: WMIC method failed, trying alternative method...

for /f "tokens=1" %%i in ('whoami /user /fo table /nh 2^>nul ^| findstr /r "S-1-"') do (

set "USER_SID=%%i"

)

)

goto :eof

:ProcessRegistryFile

:: Process a single registry file

set "FILENAME=%~1"

set "SOURCE_FILE=%REGISTRY_SOURCE_PATH%%FILENAME%"

set "TEMP_FILE=%TEMP_DIR%\processed_%RANDOM%_%FILENAME%"

echo [%TIME%] INFO: Processing: %FILENAME%

:: Check if source file exists

if not exist "%SOURCE_FILE%" (

echo [%TIME%] ERROR: File not found: %SOURCE_FILE%

set /a FAILED_COUNT+=1

goto :eof

)

:: Process the file - replace SID placeholders

(

for /f "usebackq delims=" %%a in ("%SOURCE_FILE%") do (

set "line=%%a"

set "line=!line:<***USER_SID***>=!USER_SID!!"

echo !line!

)

) > "%TEMP_FILE%"

:: Verify the temporary file was created

if not exist "%TEMP_FILE%" (

echo [%TIME%] ERROR: Failed to create processed file for "%FILENAME%"

set /a FAILED_COUNT+=1

goto :eof

)

:: Apply the registry changes

regedit /s "%TEMP_FILE%"

if !ERRORLEVEL! equ 0 (

echo [%TIME%] SUCCESS: Successfully applied: %FILENAME%

set /a PROCESSED_COUNT+=1

) else (

echo [%TIME%] ERROR: Failed to apply: %FILENAME% - Error code: !ERRORLEVEL!

set /a FAILED_COUNT+=1

)

:: Clean up temporary file

del "%TEMP_FILE%" 2>nul

goto :eof