Menu

Virtual Geek

Tales from real IT system administrators world and non-production environment

Microsoft Powershell: remotely write, edit, modify new registry key and data value

Part 1: Powershell: Get registry value data from remote computer
Part 1.1: Microsoft Powershell: Export remote registry information to excel
Part 2: Microsoft Powershell: remotely write, edit, modify new registry key and data value
Part 3: Microsoft Powershell: Delete registry key or values on remote computer

Recently I had a another requirement to write edit, modify new windows registry keys and value data on remote server using Microsoft PowerShell. Here I have used 3 scripting ways, to perform this task. This is second part of my earlier written script Powershell: Get registry value data from remote computer. This script is written using in powershell using .net registry class. This require remote registry service enabled on remote server and there should be permissions registry. For modification or editing of regedit on localhost run powershell as an administrator. here I am showing 3 methods you can achieve this taks.

Method 1

Microsoft powershell remote registry modify, write, new value key data .net write-registryvalue demo key, registry value name, .net object.png

First command creates sub key (sub folder) on remote computer in selected registry key path. In the parameter RegistryHive you can use 5 values. ClassesRoot, CurrentUser, LocalMachine, Users and CurrentConfig. Computernames can have multiple server names separated with , comma.
Write-RegistryValue -ComputerName RemoteComputer -RegistryHive LocalMachine -RegistryKeyPath SYSTEM\DemoKey -ChildKey test

Next command can be used to create a new value data under the selected registry key path, It can also used to edit existing data changing ValueData. There are 6 value types in registry. String, Binary, DWord, QWord, MultiString and ExpandString. 
Write-RegistryValue -ComputerName RemoteComputer  -RegistryHive LocalMachine -RegistryKeyPath SYSTEM\DemoKey -ValueName 'Start' -ValueData 10 -ValueType DWord

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
function Write-RegistryValue {
[CmdletBinding(SupportsShouldProcess=$True,
    ConfirmImpact='Medium',
    HelpURI='http://vcloud-lab.com',
    DefaultParameterSetName='NewValue')]
    Param ( 
        [parameter(ParameterSetName = 'NewValue', Position=0, ValueFromPipeline=$True, ValueFromPipelineByPropertyName=$True)]
        [parameter(ParameterSetName = 'NewKey', Position=0, ValueFromPipeline=$True, ValueFromPipelineByPropertyName=$True)]
        [alias('C')]
        [String[]]$ComputerName = '.',

        [Parameter(ParameterSetName = 'NewValue', Position=1, Mandatory=$True, ValueFromPipelineByPropertyName=$True)]
        [parameter(ParameterSetName = 'NewKey', Position=1, ValueFromPipelineByPropertyName=$True)]
        [alias('Hive')]
        [ValidateSet('ClassesRoot', 'CurrentUser', 'LocalMachine', 'Users', 'CurrentConfig')]
        [String]$RegistryHive = 'LocalMachine',

        [Parameter(ParameterSetName = 'NewValue', Position=2, Mandatory=$True, ValueFromPipelineByPropertyName=$True)]
        [parameter(ParameterSetName = 'NewKey', Position=2, ValueFromPipelineByPropertyName=$True)]
        [alias('ParentKeypath')]
        [String]$RegistryKeyPath = 'SYSTEM\CurrentControlSet\Software',

        [parameter(ParameterSetName = 'NewKey',Position=3, Mandatory=$True, ValueFromPipelineByPropertyName=$true)]
        [String]$ChildKey = 'TestKey',
    
        [parameter(ParameterSetName = 'NewValue',Position=4, Mandatory=$True, ValueFromPipelineByPropertyName=$true)]
        [alias('Type')]
        [ValidateSet('String', 'Binary', 'DWord', 'QWord', 'MultiString', 'ExpandString')]
        [String]$ValueType = 'DWORD',

        [parameter(ParameterSetName = 'NewValue',Position=5, Mandatory=$True, ValueFromPipelineByPropertyName=$true)]
        [String]$ValueName = 'ValueName',

        [parameter(ParameterSetName = 'NewValue',Position=6, Mandatory=$True, ValueFromPipelineByPropertyName=$true)]
        [String]$ValueData = 'ValueData'
    )
    Begin {
        $RegistryRoot= "[{0}]::{1}" -f 'Microsoft.Win32.RegistryHive', $RegistryHive
        try {
            $RegistryHive = Invoke-Expression $RegistryRoot -ErrorAction Stop
        }
        catch {
            Write-Host "Incorrect Registry Hive mentioned, $RegistryHive does not exist" 
        }
    }
    Process {
        Foreach ($Computer in $ComputerName) {
            if (Test-Connection $Computer -Count 2 -Quiet) {
                try {
                    $reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey($RegistryHive, $Computer)
                    $key = $reg.OpenSubKey($RegistryKeyPath, $true)
                }
                catch {
                    Write-Host "Check access on computer name $Computer, cannot connect registry" -BackgroundColor DarkRed
                    Continue
                }
                switch ($PsCmdlet.ParameterSetName) {
                    'NewValue' {
                        $ValueType = [Microsoft.Win32.RegistryValueKind]::$ValueType
                        $key.SetValue($ValueName,$ValueData,$ValueType)
                        $Data = $key.GetValue($ValueName)
                        $Obj = New-Object psobject
                        $Obj | Add-Member -Name Computer -MemberType NoteProperty -Value $Computer
                        $Obj | Add-Member -Name RegistryPath -MemberType NoteProperty -Value "$RegistryKeyPath"
                        $Obj | Add-Member -Name RegistryValueName -MemberType NoteProperty -Value $ValueName
                        $Obj | Add-Member -Name RegistryValueData -MemberType NoteProperty -Value $ValueData
                        $Obj
                        break
                    }
                    'NewKey' {
                        try {
                            if ($key.GetSubKeyNames() -contains $ChildKey) {
                                $Obj = New-Object psobject
                                $Obj | Add-Member -Name Computer -MemberType NoteProperty -Value $Computer
                                $Obj | Add-Member -Name RegistryPath -MemberType NoteProperty -Value $RegistryKeyPath
                                $Obj | Add-Member -Name RegistryChildKey -MemberType NoteProperty -Value $Childkey
                                $Obj
                                Continue
                            }
                            [void]$Key.CreateSubKey("$ChildKey")
                        }
                        catch {
                            Write-Host "Not able to create $ChildKey on remote computer name $Computer" -BackgroundColor DarkRed
                            Continue
                        }
                        break
                    }
                }
            }
            else {
                Write-Host "Computer Name $Computer not reachable" -BackgroundColor DarkRed
            }
        }
    }
    End {
        #[Microsoft.Win32.RegistryHive]::ClassesRoot
        #[Microsoft.Win32.RegistryHive]::CurrentUser
        #[Microsoft.Win32.RegistryHive]::LocalMachine
        #[Microsoft.Win32.RegistryHive]::Users
        #[Microsoft.Win32.RegistryHive]::CurrentConfig
    }
}

#Write-RegistryValue -ComputerName server01, Member01, test, 192.168.33.11, 192.168.33.12, server01 -RegistryHive LocalMachine -RegistryKeyPath SYSTEM\DemoKey -ChildKey test
#Write-RegistryValue -ComputerName server01, Member01, test -RegistryHive LocalMachine -RegistryKeyPath SYSTEM\DemoKey -ValueName 'Start' -ValueData 10 -ValueType DWord

Download this script here. It is also available on Github. To use this script follow below articles.
Different ways to bypass Powershell execution policy :.ps1 cannot be loaded because running scripts is disabled
Installing, importing and using any module in powershell

Below is registry screenshot for comparing of created registry, I tested before running script and after the script.

Microsoft powershell, windows remote registry, new key, new registry value name, value data, registry hive


Method 2

Here in this method it is required to setup powershell remoting using POWERSHELL PS REMOTING BETWEEN STANDALONE WORKGROUP COMPUTERS. These commands are one-liner. below command creates new SubKey under the given path.
Invoke-Command -ComputerName server01 {New-Item -Path HKLM:\SYSTEM\DemoKey -Name NewKey}

Next one-liner cmdlet executed on remote server and new registry data key created. In the PropertyType parameter use the reg data key type as listed in method 1.
Invoke-Command -ComputerName server01 {New-ItemProperty -Path HKLM:\SYSTEM\DemoKey -PropertyType String -Name Myvalue -Value 'Hello '}

If it is required to edit existing key value use command as below.
Invoke-Command -ComputerName server01 {Set-ItemProperty -Path HKLM:\SYSTEM\DemoKey -Name Myvalue -Value 'Newvalue'}

Microsoft windows powershell, invoke-command new-item new-itemproperty, set-itemproperty, itemtype, propertytype, my value, remote registry, modify new reg key


Method 3

This is another scripting method and doesn't require powershell, normal cmd command can be used with batch scritping.

Creates new registry subkey (subfolder)
REG ADD \\server01\HKLM\SYSTEM\DemoKey\TestKey

Creates new value name and data under provided remote registry path. valid registry types names are little different  and listed as  [ REG_SZ    | REG_MULTI_SZ | REG_EXPAND_SZ | REG_DWORD | REG_QWORD    | REG_BINARY    | REG_NONE ]
REG ADD \\server01\HKLM\SYSTEM\DemoKey /v BinValueName /t REG_BINARY /d ef001a7a

Modify existing value data on remote registry, every this same but /f option is added in the last (force)
REG ADD \\server01\HKLM\SYSTEM\DemoKey /v BinValueName /t REG_BINARY /d 12ac2b9d /f

Windows Powershell command prompt cmd, remote registry, reg add, reg query, reg delete


Method 4

In this last method, although I am not using any scripting but using Group Policy Object, I have created one on Group Policy server and configured and created new registry value. On the remote server wait for default 90 minutes or run gpupdate /force to apply policy.

Group policy object, gpo, new registry update, create, registry key hive, value name, registry typeUseful Blogs
Microsoft Powershell generate random anything (Filename, TempPath, GUID, Password)
How to Install and Use Microsoft PowerShell on Linux

Go Back



Comment

Blog Search

Page Views

12085183

Follow me on Blogarama