Search code examples
batch-filecmdregistry

CMD Batch file trouble with nested IF statements and variables

I am writing a cmd batch file which queries windows registry and then reports back to a file with the output. The keys I am looking to query are around SSL for SCHANNEL.

I want the output to read correct and not necessarily the specific reg value, so turning the value into a variable if that variable matches xyz either set another variable to 'disabled' or echo 'SSLv2 is disabled' so rather an interpretation of what the reg value is, for example if 0x1 is the value i want the output to echo 'SSLv2 is disabled' not 'SSLv2 is 0x1'.

I'm having difficult nesting the if statements also if there is no registry key present at all, ie Empty or null to just display 'SSLv2 is enabled'.

Below is just one example for SSLv2 for client side.

For /f "tokens=1-4 delims=/ " %%a in ('date /t') do (set mydate=%%a-%%b-%%c)
For /f "tokens=1-2 delims=/:" %%a in ("%TIME%") do (set mytime=%%a%%b)
FOR /F "tokens=* USEBACKQ" %%F IN (`hostname`) DO SET hostname=%%F
set hostnamefolder=%~dp0\%hostname%
mkdir %hostnamefolder%\logs
mkdir %hostnamefolder%\logs\files
mkdir %hostnamefolder%\logs\sceenshots
set workingdir=%~dp0

set Logfile=%hostnamefolder%\%hostname%_BRSIS.txt
set curdir=%~dp0
If Exist %Logfile% Del %Logfile%
@echo On
setlocal ENABLEEXTENSIONS

REM ======================================
REM SSLv2 configuration for Client:
REM ======================================

FOR /F "usebackq skip=2 tokens=1,3" %%A IN (`reg query "HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server" /v DisabledByDefault 2^>nul`) DO (
    set ValueName=%%A
    set ValueValue=%%B
)

echo %valueName%
echo %ValueValue%

if defined ValueName (
        if %ValueValue% EQU 0x1 (
            echo SSLv2 protocol for client connections is disabled >> %Logfile%
        ) else (
        if %valueValue% EQU 0x0 (
            echo SSLv2 protocol for client connections is enabled >> %Logfile%
        )) else (
            echo SSLv2 protocol for client connections are enabled >> %Logfile%
        )

I'm not a programmer so please forgive my coding, however, I'm keen to learn.

Solution 
  • if defined ValueName (
   if defined Valuevalue (
     if "%ValueValue%" EQU "0x1" (
        echo SSLv2 protocol for client connections is disabled >> %Logfile%
     ) else (
        if "%valueValue%" EQU "0x0" (
          echo SSLv2 protocol for client connections is enabled >> %Logfile%
        ) else (
          echo SSLv2 protocol for client connections are enabled >> %Logfile%
        )
     )
  ) else (
   echo valuevalue is not defined
  )
) else (
 echo valuename is not defined
)

    The key is to match indent levels. Your code is missing the terminal ) to close the outermost if. Your )) closes the two inner if statements, consequently the else is not paired to an if.

    (I'm an ailurophile...)

    set "message=SSLv2 protocol for client connections are enabled"
if defined valuename if defined valuevalue (
   if "%valueValue%" EQU "0x1" set "message=SSLv2 protocol for client connections is enabled"
   if "%valueValue%" EQU "0x0" set "message=SSLv2 protocol for client connections is enabled"
)
echo %message%>>%logfile%

    Simple. Or as complex as you need.

    Better to clearly say what your desired output is under which circumstances.