Part 1: Powershell: Get registry value data from remote computer
Part 1.1: Microsoft Powershell: Export remote registry information to excel
Part 2: Microsoft Powershell: remotely write, edit, modify new registry key and data value
Part 3: Microsoft Powershell: Delete registry key or values on remote computer
Recently I had a another requirement to write edit, modify new windows registry keys and value data on remote server using Microsoft PowerShell. Here I have used 3 scripting ways, to perform this task. This is second part of my earlier written script Powershell: Get registry value data from remote computer. This script is written using in powershell using .net registry class. This require remote registry service enabled on remote server and there should be permissions registry. For modification or editing of regedit on localhost run powershell as an administrator. here I am showing 3 methods you can achieve this taks.
Method 1
First command creates sub key (sub folder) on remote computer in selected registry key path. In the parameter RegistryHive you can use 5 values. ClassesRoot, CurrentUser, LocalMachine, Users and CurrentConfig. Computernames can have multiple server names separated with , comma.
Write-RegistryValue -ComputerName RemoteComputer -RegistryHive LocalMachine -RegistryKeyPath SYSTEM\DemoKey -ChildKey test
Next command can be used to create a new value data under the selected registry key path, It can also used to edit existing data changing ValueData. There are 6 value types in registry. String, Binary, DWord, QWord, MultiString and ExpandString.
Write-RegistryValue -ComputerName RemoteComputer -RegistryHive LocalMachine -RegistryKeyPath SYSTEM\DemoKey -ValueName 'Start' -ValueData 10 -ValueType DWord
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 |
function Write-RegistryValue { [CmdletBinding(SupportsShouldProcess=$True, ConfirmImpact='Medium', HelpURI='http://vcloud-lab.com', DefaultParameterSetName='NewValue')] Param ( [parameter(ParameterSetName = 'NewValue', Position=0, ValueFromPipeline=$True, ValueFromPipelineByPropertyName=$True)] [parameter(ParameterSetName = 'NewKey', Position=0, ValueFromPipeline=$True, ValueFromPipelineByPropertyName=$True)] [alias('C')] [String[]]$ComputerName = '.', [Parameter(ParameterSetName = 'NewValue', Position=1, Mandatory=$True, ValueFromPipelineByPropertyName=$True)] [parameter(ParameterSetName = 'NewKey', Position=1, ValueFromPipelineByPropertyName=$True)] [alias('Hive')] [ValidateSet('ClassesRoot', 'CurrentUser', 'LocalMachine', 'Users', 'CurrentConfig')] [String]$RegistryHive = 'LocalMachine', [Parameter(ParameterSetName = 'NewValue', Position=2, Mandatory=$True, ValueFromPipelineByPropertyName=$True)] [parameter(ParameterSetName = 'NewKey', Position=2, ValueFromPipelineByPropertyName=$True)] [alias('ParentKeypath')] [String]$RegistryKeyPath = 'SYSTEM\CurrentControlSet\Software', [parameter(ParameterSetName = 'NewKey',Position=3, Mandatory=$True, ValueFromPipelineByPropertyName=$true)] [String]$ChildKey = 'TestKey', [parameter(ParameterSetName = 'NewValue',Position=4, Mandatory=$True, ValueFromPipelineByPropertyName=$true)] [alias('Type')] [ValidateSet('String', 'Binary', 'DWord', 'QWord', 'MultiString', 'ExpandString')] [String]$ValueType = 'DWORD', [parameter(ParameterSetName = 'NewValue',Position=5, Mandatory=$True, ValueFromPipelineByPropertyName=$true)] [String]$ValueName = 'ValueName', [parameter(ParameterSetName = 'NewValue',Position=6, Mandatory=$True, ValueFromPipelineByPropertyName=$true)] [String]$ValueData = 'ValueData' ) Begin { $RegistryRoot= "[{0}]::{1}" -f 'Microsoft.Win32.RegistryHive', $RegistryHive try { $RegistryHive = Invoke-Expression $RegistryRoot -ErrorAction Stop } catch { Write-Host "Incorrect Registry Hive mentioned, $RegistryHive does not exist" } } Process { Foreach ($Computer in $ComputerName) { if (Test-Connection $Computer -Count 2 -Quiet) { try { $reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey($RegistryHive, $Computer) $key = $reg.OpenSubKey($RegistryKeyPath, $true) } catch { Write-Host "Check access on computer name $Computer, cannot connect registry" -BackgroundColor DarkRed Continue } switch ($PsCmdlet.ParameterSetName) { 'NewValue' { $ValueType = [Microsoft.Win32.RegistryValueKind]::$ValueType $key.SetValue($ValueName,$ValueData,$ValueType) $Data = $key.GetValue($ValueName) $Obj = New-Object psobject $Obj | Add-Member -Name Computer -MemberType NoteProperty -Value $Computer $Obj | Add-Member -Name RegistryPath -MemberType NoteProperty -Value "$RegistryKeyPath" $Obj | Add-Member -Name RegistryValueName -MemberType NoteProperty -Value $ValueName $Obj | Add-Member -Name RegistryValueData -MemberType NoteProperty -Value $ValueData $Obj break } 'NewKey' { try { if ($key.GetSubKeyNames() -contains $ChildKey) { $Obj = New-Object psobject $Obj | Add-Member -Name Computer -MemberType NoteProperty -Value $Computer $Obj | Add-Member -Name RegistryPath -MemberType NoteProperty -Value $RegistryKeyPath $Obj | Add-Member -Name RegistryChildKey -MemberType NoteProperty -Value $Childkey $Obj Continue } [void]$Key.CreateSubKey("$ChildKey") } catch { Write-Host "Not able to create $ChildKey on remote computer name $Computer" -BackgroundColor DarkRed Continue } break } } } else { Write-Host "Computer Name $Computer not reachable" -BackgroundColor DarkRed } } } End { #[Microsoft.Win32.RegistryHive]::ClassesRoot #[Microsoft.Win32.RegistryHive]::CurrentUser #[Microsoft.Win32.RegistryHive]::LocalMachine #[Microsoft.Win32.RegistryHive]::Users #[Microsoft.Win32.RegistryHive]::CurrentConfig } } #Write-RegistryValue -ComputerName server01, Member01, test, 192.168.33.11, 192.168.33.12, server01 -RegistryHive LocalMachine -RegistryKeyPath SYSTEM\DemoKey -ChildKey test #Write-RegistryValue -ComputerName server01, Member01, test -RegistryHive LocalMachine -RegistryKeyPath SYSTEM\DemoKey -ValueName 'Start' -ValueData 10 -ValueType DWord |
Download this script here. It is also available on Github. To use this script follow below articles.
Different ways to bypass Powershell execution policy :.ps1 cannot be loaded because running scripts is disabled
Installing, importing and using any module in powershell
Below is registry screenshot for comparing of created registry, I tested before running script and after the script.
Method 2
Here in this method it is required to setup powershell remoting using POWERSHELL PS REMOTING BETWEEN STANDALONE WORKGROUP COMPUTERS. These commands are one-liner. below command creates new SubKey under the given path.
Invoke-Command -ComputerName server01 {New-Item -Path HKLM:\SYSTEM\DemoKey -Name NewKey}
Next one-liner cmdlet executed on remote server and new registry data key created. In the PropertyType parameter use the reg data key type as listed in method 1.
Invoke-Command -ComputerName server01 {New-ItemProperty -Path HKLM:\SYSTEM\DemoKey -PropertyType String -Name Myvalue -Value 'Hello '}
If it is required to edit existing key value use command as below.
Invoke-Command -ComputerName server01 {Set-ItemProperty -Path HKLM:\SYSTEM\DemoKey -Name Myvalue -Value 'Newvalue'}
Method 3
This is another scripting method and doesn't require powershell, normal cmd command can be used with batch scritping.
Creates new registry subkey (subfolder)
REG ADD \\server01\HKLM\SYSTEM\DemoKey\TestKey
Creates new value name and data under provided remote registry path. valid registry types names are little different and listed as [ REG_SZ | REG_MULTI_SZ | REG_EXPAND_SZ | REG_DWORD | REG_QWORD | REG_BINARY | REG_NONE ]
REG ADD \\server01\HKLM\SYSTEM\DemoKey /v BinValueName /t REG_BINARY /d ef001a7a
Modify existing value data on remote registry, every this same but /f option is added in the last (force)
REG ADD \\server01\HKLM\SYSTEM\DemoKey /v BinValueName /t REG_BINARY /d 12ac2b9d /f
Method 4
In this last method, although I am not using any scripting but using Group Policy Object, I have created one on Group Policy server and configured and created new registry value. On the remote server wait for default 90 minutes or run gpupdate /force to apply policy.
Useful Blogs
Microsoft Powershell generate random anything (Filename, TempPath, GUID, Password)
How to Install and Use Microsoft PowerShell on Linux