Posts RSS Comments RSS 253 Posts and 411 Comments till now

Powershell, Remote Registry and You! Part 1 (Overview)

I was reading the news groups (as I do all the time) and I have notice numerous request/questions regarding remote registry access in powershell. I thought I would try to see if I could shed some light on the subject. So without further delay… on with the show!

Overview:
———-
Registry access in Posh is realatively simple and extremely powerful.
From a local stand point its as simple as:
PS> Set-Location HKLM:System
From a remote standpoint… you have to utilize the powers of .NET.
$ServerKey = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey([Microsoft.Win32.RegistryHive]::LocalMachine, ServerName)

For the purpose of this post… I am going to focus on the remote aspect. Local is cover in tons of documentation. So, cause of time, I am only going to address the .NET method.

I will start by giving you the Remote Registry Object useful Properties/Methods

Object
——-
[Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey([Microsoft.Win32.RegistryHive]::LocalMachine,MachineName)

Properties
————-
Name
SubKeyCount
ValueCount

Methods (Not all.. just the ones I use often)
—————————————————
CreateSubKey
DeleteSubKey
DeleteSubKeyTree
DeleteValue
GetAccessControl
GetLifetimeService
GetSubKeyNames
GetType
GetValue
GetValueKind
GetValueNames
OpenSubKey
SetAccessControl
SetValue

As you can see… You can do basically everything you could ever want.

Now that you have a basic idea of what the .NET provider can give you… let put it to practical use.

Examples:
———-
Purpose: Get a list of Subkeys and Values of Specific Registry Key.

[code]$key = "SOFTWARE\Microsoft\Windows\CurrentVersion"
$type = [Microsoft.Win32.RegistryHive]::LocalMachine
$regKey = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey($type, $Srv)
$regKey = $regKey.OpenSubKey($key)
Write-Host "Sub Keys"
Write-Host "--------"
Foreach($sub in $regKey.GetSubKeyNames()){$sub}
Write-Host
Write-Host "Values"
Write-Host "------"
Foreach($val in $regKey.GetValueNames()){$val}[/code]

Result (only showing first 10 of each:)

Sub Keys
——–
App Management
App Paths
Applets
BITS
Control Panel
Controls Folder
CSCSettings
DateTimeDynamic
DirectoryExplorer

Values
——
DevicePath
MediaPath
Unexpanded
SM_GamesName
SM_Configure
ProgramsName
ProgramFilesDir
CommonFilesDir
ProductId
WallPaperDir
MediaPath
ProgramFilesPath

——————————————-
Purpose: Get the Value of each of the Values.

[code]$key = "SOFTWARE\Microsoft\Windows\CurrentVersion"
$type = [Microsoft.Win32.RegistryHive]::LocalMachine
$regKey = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey($type, $Srv)
$regKey = $regKey.OpenSubKey($key)
Write-Host "Values"
Write-Host "------"
Foreach($val in $regKey.GetValueNames()){
   Write-Host $val.PadRight(30) -nonewline
   Write-Host $regKey.GetValue("$val")
}[/code]

Result (only showing first 10:)

Values
——
DevicePath = [C:\WINDOWS\inf;C:\Drivers\Broadcom\Win2003]
MediaPathUnexpanded = [C:\WINDOWS\Media]
SM_GamesName = [Games]
SM_ConfigureProgramsName = [Set Program Access and Defaults]
ProgramFilesDir = [C:\Program Files]
CommonFilesDir = [C:\Program Files\Common Files]
ProductId = [69713-640-4031427-45876]
WallPaperDir = [C:\WINDOWS\Web\Wallpaper]
MediaPath = [C:\WINDOWS\Media]
ProgramFilesPath = [C:\Program Files]

————————————————

Summary:
———–
As you now can see. POSH is really powerful given its .NET access to the registry. Honestly… there is virtually nothing you can’t do and its easy to boot. You have complete access to Registry keys/subkeys/values. You can even Create, Delete, and evaluate Values and keys. In the future I will be sharing a function I wrote to compare Registry Subkeys between machines. That has proven to be super valuable.

Well… That about does it (at least for today 🙂 ) I think this is a pretty good start to your POSH .NET registry adventure. I will be expanding this as I have time.

As always… PLEASE PROVIDE FEEDBACK!!! 🙂

12 Responses to “Powershell, Remote Registry and You! Part 1 (Overview)”

  1. […] Re: navigating through a remote compyter registry… There is no native Remote Registry Provider which I believe is what your looking for. You can however use [Microsoft.Win32.RegistryKey] I have some examples here [link] also [link] Please let us know if you need more info. Published Tuesday, August 21, 2007 6:32 AM by microsoft.public.windows.powershell Google Group […]

  2. […] Re: Remote Registry Access Try this (((([Microsoft.Win32.RegistryK ey]::OpenRemoteBaseKey(‘LOCALM ACHINE’,"machine")).OpenSubKey ("softwareappname"))).GetValu e("Version")).ToString() Maybe you will find this helpful [link] Published Thursday, August 30, 2007 9:40 AM by microsoft.public.windows.powershell Google Group […]

  3. on 02 Jan 2008 at 7:33 amPSNewBie

    Thanx for this post … got be started on remote registry access without a lot of effort

    But this does not work for all keys … i am an admin on the remote box that i am looking to list installed products (i believe its listed under SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products … . the box does not have the wmi extensions to use win32_product.
    Do i need any special privileges to access that hive/key?

  4. on 02 Jan 2008 at 8:13 amBrandon

    PSNewbie… That is a user key and you wont be able to access that, but what you want is not there. I wrote a script to do what you need. I linked it below.

    Here is a link to a script to get Installed apps
    http://www.powershellcentral.com/scripts/95

    This only shows apps installed by Windows Installer. If you want to see all software use this as the regkey
    “Software”

  5. on 02 Jan 2008 at 2:15 pmPSNewBie

    SUPER!!! Thanx for the help.

  6. on 02 Jan 2008 at 3:10 pmPSNewBie

    First of all, Thanx for the link i tried an implementation but the function returns only a subset of all the products installed on the machine … i also see that there is a difference between me opening up the regkey remotely versus locally. Anything i need to do there to overcome that?

  7. on 02 Jan 2008 at 7:43 pmBrandon

    My script I linked only gives you apps that were installed using the Windows Installer. There is no “sure fire” way to get all the software, but if you trust the applications to use the registry correctly you can Look under the software key.

    In my script replace
    $key = “Software\Microsoft\Windows\CurrentVersion\Uninstall”

    with

    $key = “Software”

  8. on 04 Jan 2008 at 6:11 amPSNewBie

    thanx again … could the problem i am facing be a result of using powershell running on a 32-bit machine trying to access a registry on a 64-bitter, using .Net registry access methods (i seem to be accessing software\wow6432Node\Microsoft instead of software\microsoft — i will try investigating this further) …
    I seem to be able to enumerate more keys using StdRegProv (but i dont seem to be able to use GetStringValue on the keys using this technique) Hope i am making sense here — but there tree derived using the 2 methods are different.

  9. on 08 Jan 2008 at 5:10 pmPSNewBie

    forgot to post latest status … confirmed that error i saw before was due to the 32/64 bit inconsistency. I was able to use stdregprov to get installed apps on a 63-bit machine … for a complete list, however, you will have to look at software\microsoft and software\6432node\microsoft subtrees under HKLM.

  10. on 08 Jan 2008 at 5:34 pmBrandon

    Very cool!

  11. on 24 Jan 2008 at 9:06 pmnishant

    Hi want a complete list of software installed on a remote machine using power shell. I want to do it using remote registry access method in powershell. any idea??

  12. on 30 Mar 2013 at 6:09 amkitesurfer44

    This thread seems dead but I just went through this exercise. Here is what I did…

    Function GetRemoteSoftware ( $computer )
    {

    $sKeyA = “SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall”
    $sKeyB = “SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall”

    $type = [Microsoft.Win32.RegistryHive]::LocalMachine

    $oReg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey($type, $computer)

    write-host “*** Key A: ” + $sKeyA
    $oKeyA1 = $oReg.OpenSubKey($sKeyA)
    foreach($ka1 in $oKeyA1.GetSubKeyNames() )
    {
    $sKeyA2 = $sKeyA + “\” + $ka1
    $oKeyA2 = $oReg.OpenSubKey($sKeyA2)

    foreach ($ka2 in $oKeyA2.GetValueNames() ) {
    if ($ka2 -eq “DisplayName”) { $oKeyA2.GetValue(“DisplayName”) }
    }
    }

    write-host ” ”
    write-host “*** Key B: ” +$sKeyB
    $oKeyB1 = $oReg.OpenSubKey($sKeyB)
    foreach($kb1 in $oKeyB1.GetSubKeyNames() )
    {
    $sKeyB2 = $sKeyB + “\” + $kb1
    $oKeyB2 = $oReg.OpenSubKey($sKeyB2)

    foreach ($kb2 in $oKeyB2.GetValueNames() ) {
    if ($kb2 -eq “DisplayName”) { $oKeyB2.GetValue(“DisplayName”) }
    }
    }

    }

Trackback this post | Feed on Comments to this post

Leave a Reply

You must be logged in to post a comment.