Part 1: Powershell: Get registry value data from remote computer
Part 1.1: Microsoft Powershell: Export remote registry information to excel
Part 2: Microsoft Powershell: remotely write, edit, modify new registry key and data value
Part 3: Microsoft Powershell: Delete registry key or values on remote computer
This is just a extended part of my earlier article Part 1. In that part I wrote a code to get a value from single registry key. But here I wanted a complete registry info under key and was also looking for all subkey list. Here I am showing 3 methods to pull report. In first method there should be rights and remote registry enabled on remote server.
Here first command shows the all valuenames with valuedata and what kind it is. This information can be easily exported to excel using pipeline "| Export-Csv c:\info.csv".
Get-RemoteRegistryInfo -ComputerName server01, member01 -RegistryHive Users -RegistryKeyPath S-1-5-18\Environment -Type ValueData
This next command shows and list all the childkeys.
Get-RemoteRegistryInfo -ComputerName server01, member01 -RegistryHive Users -RegistryKeyPath S-1-5-18 -Type ChildKey
Useful Blogs
Different ways to bypass Powershell execution policy :.ps1 cannot be loaded because running scripts is disabled
Installing, importing and using any module in powershell
Download script here, this is also available on GitHub.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 |
function Get-RemoteRegistryInfo { [CmdletBinding(SupportsShouldProcess=$True, ConfirmImpact='Medium', HelpURI='http://vcloud-lab.com', DefaultParameterSetName='GetValue')] Param ( [parameter(Position=0, ValueFromPipeline=$True, ValueFromPipelineByPropertyName=$True)] [alias('C')] [String[]]$ComputerName = '.', [Parameter(Position=1, Mandatory=$True, ValueFromPipelineByPropertyName=$True)] [alias('Hive')] [ValidateSet('ClassesRoot', 'CurrentUser', 'LocalMachine', 'Users', 'CurrentConfig')] [String]$RegistryHive = 'LocalMachine', [Parameter(Position=2, Mandatory=$True, ValueFromPipelineByPropertyName=$True)] [alias('ParentKeypath')] [String]$RegistryKeyPath, [parameter(Position=3, Mandatory=$True, ValueFromPipelineByPropertyName=$true)] [ValidateSet('ChildKey', 'ValueData')] [String]$Type ) Begin { $RegistryRoot= "[{0}]::{1}" -f 'Microsoft.Win32.RegistryHive', $RegistryHive try { $RegistryHive = Invoke-Expression $RegistryRoot -ErrorAction Stop } catch { Write-Host "Incorrect Registry Hive mentioned, $RegistryHive does not exist" } } Process { Foreach ($Computer in $ComputerName) { if (Test-Connection $Computer -Count 2 -Quiet) { try { $reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey($RegistryHive, $Computer) $key = $reg.OpenSubKey($RegistryKeyPath, $true) } catch { Write-Host "Check permissions on computer name $Computer, cannot connect registry" -BackgroundColor DarkRed Continue } if ($key.GetSubKeyNames() -eq $null -or $key.GetValueNames() -eq $null) { Write-Host "Incorrect registry path on $computer" -BackgroundColor DarkRed continue } switch ($Type) { 'ChildKey' { foreach ($ck in $key.GetSubKeyNames()) { $obj = New-Object psobject $obj | Add-Member -Name ComputerName -MemberType NoteProperty -Value $Computer $obj | Add-Member -Name RegistryKeyPath -MemberType NoteProperty -Value "$RegistryHive\$RegistryKeyPath" $obj | Add-Member -Name ChildKey -MemberType NoteProperty -Value $ck $obj } break } 'ValueData' { foreach ($vn in $key.GetValueNames()) { $obj = New-Object psobject $obj | Add-Member -Name ComputerName -MemberType NoteProperty -Value $Computer $obj | Add-Member -Name RegistryKeyPath -MemberType NoteProperty -Value "$RegistryHive\$RegistryKeyPath" $obj | Add-Member -Name ValueName -MemberType NoteProperty -Value $vn $obj | Add-Member -Name ValueData -MemberType NoteProperty -Value $key.GetValue($vn) $obj | Add-Member -Name ValueKind -MemberType NoteProperty -Value $key.GetValueKind($vn) $obj } break } } } else { Write-Host "Computer Name $Computer not reachable" -BackgroundColor DarkRed } } } End { #[Microsoft.Win32.RegistryHive]::ClassesRoot #[Microsoft.Win32.RegistryHive]::CurrentUser #[Microsoft.Win32.RegistryHive]::LocalMachine #[Microsoft.Win32.RegistryHive]::Users #[Microsoft.Win32.RegistryHive]::CurrentConfig } } #Get-RegistryInfo -ComputerName server01, member01 -RegistryHive Users -RegistryKeyPath S-1-5-18 -Type ChildKey #Get-RemoteRegistryInfo -ComputerName server01, member01 -RegistryHive Users -RegistryKeyPath S-1-5-18\Environment -Type ValueData |
Another method can be used PowerShell Remoting with combination of Get-Itemproperty and Get-ChildItem to get information. In PowerShell when using Get-Itemproperty and Get-ChildItem, the only registry hives paths available by default are HKLM: and HKCU:. Below command shows value names and value and in the second command list sub keys.
Invoke-Command -ComputerName Server01 {Get-ItemProperty "HKCU:\Environment"}
Next command is shows directory listing of Registry keys.
Invoke-Command -ComputerName Server01 {Get-ChildItem "HKCU:\"} | Select PSComputerName, Name
This 3rd method is very simple and easy one, and command prompt can be used, no spacial requirement expect need remote registry to be enabled on remote computer and privileges on remote.
REG Query \\Server01\HKLM\SYSTEM
REG Query \\Server01\HKLM\SYSTEM\RNG
Useful Blogs
Microsoft Powershell generate random anything (Filename, TempPath, GUID, Password)
How to Install and Use Microsoft PowerShell on Linux