At Microsoft.Win32 Registry. Viro 32 ERRstatic (Int32 errorCode, String str) on Microsoft.Win32.RegistryKey.OpenRemoteBaseKey (RegistryHive hKey, String Machine Name) It is very obvious that this is because this user Running PowerShell Script because there is no appropriate credential to access the remote registry. The firewall has to be open on the remote server; not the local ports. There is a firewall rule for Remote Registry. The remote registry service on the remote system has to be running; not on the local system.
Discussion
- Discussion Although PowerShell does not directly let you access and manipulate the registry of a remote computer, it still supports this by working with the.NET Framework. The functionality exposed by the.NET Framework is a bit more developeroriented than we want, so we can instead use a script to make it easier to work with.
- The nice thing about this command is you can also specify alternate credentials. However, it does require that WsMan is correctly configured for powershell remoting to work. Which, 9 times out of 10 in most environments it is not. Option 2 – The Microsoft.Win32.RegistryKey Class.
Although PowerShell does not directly let you access and manipulate the registry of a remote computer, it still supports this by working with the .NET Framework. The functionality exposed by the .NET Framework is a bit more developeroriented than we want, so we can instead use a script to make it easier to work with.
Example 188 lets you set the value of a property on a given remote registry key. In order for this script to succeed, the target computer must have the remote registry service enabled and running.
Example 188. SetRemoteRegistryKeyProperty.ps1
############################################################################## ## ## SetRemoteRegistryKeyProperty.ps1 ## ## Set the value of a remote registry key property ## ## ie: ## ## PS >$registryPath = ## 'HKLM:softwareMicrosoftPowerShell1ShellIdsMicrosoft.PowerShell' ## PS >SetRemoteRegistryKeyProperty LEEDESK $registryPath ` ## 'ExecutionPolicy' 'RemoteSigned' ## ##############################################################################
param( $computer = $(throw 'Please specify a computer name.'), $path = $(throw 'Please specify a registry path'), $property = $(throw 'Please specify a property name'), $propertyValue = $(throw 'Please specify a property value') )
## Validate and extract out the registry key if($path match '^HKLM:(.*)') {
$baseKey = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey
('LocalMachine', $computer) } elseif($path match '^HKCU:(.*)') {
$baseKey = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey ('CurrentUser', $computer) }
Example 188. SetRemoteRegistryKeyProperty.ps1 (continued)
else { WriteError ('Please specify a fullyqualified registry path ' + '(i.e.: HKLM:Software) of the registry key to open.') return }
## Open the key and set its value $key = $baseKey.OpenSubKey($matches[1], $true) $key.SetValue($property, $propertyValue)
## Close the key and base keys $key.Close() $baseKey.Close()
As an IT pro I frequently need to read and write to registry keys on remote computers, either ad-hoc or via script. Sure I could use Regedit, or RDP to the server in question, but that involves a lot of clicking, and to be honest, moving my right hand to my mouse seems like such hard work ?
I though I’d show you a number of ways of doing this, as well as their limitations, as well as my personal favourite.
Option 1 – Get-ItemProperty
The Powershell cmdlet
Get-ItemProperty
can be used in conjunction with Invoke-Command
to execute a command on a remote computer.C# Registrykey
2 | Invoke-Command-scriptblock{Get-ItemProperty-Path'HKLM:SoftwareMicrosoftWindows NTCurrentVersion |
Registrykey
The nice thing about this command is you can also specify alternate credentials. However, it does require that WsManis correctly configured for powershell remoting to work. Which, 9 times out of 10 in most environments it is not.
Option 2 – The Microsoft.Win32.RegistryKey Class
The
Microsoft.Win32.RegistryKey c
lass is another way of accessing registry settings remotely. An example using this method is as follows:2 | $reg=[Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine','Server01') $subkey=$reg.OpenSubKey('SOFTWAREMicrosoftWindows NTCurrentVersion') |
This is more likely to work as it is not reliant on WsMan being configured. However, it does require the RemoteRegistryservice to be running on the target computer. Which, by default is not. Also, there is no way to specify alternatecredentials, which can present a few problems depending on the computer you are talking to. e.g. non domain-joined machines mounted on the back of a 42″ LED TV mounted 5 meters off the floor… Quite a specific example there.
Option 3 (preferred) – WMI
My final and preferred option is using WMI. They beautiful thing about this method is WMI is typically available (I’m my experience) in most environments, also it accepts alternative credentials and is not reliant on the RemoteRegistry service.
2 4 6 | $reg=Get-WmiObject-List-Namespacerootdefault-ComputerName RemotePC-Credential'Alt Credentials'|Where-Object{$_.Name-eq'StdRegProv'} #Get a Value $reg.GetStringValue($HKLM,'SOFTWAREMicrosoftWindows NTCurrentVersion','ProductName').sValue |
You will be prompted for alternate credentials when running this script, if you wish these can be hardcoded, although I strongly discourage saving passwords as plain text.
2 | $pass=ConvertTo-SecureString'Password'-AsPlainText-Force $cred=New-Object-TypeName System.Management.Automation.PSCredential-ArgumentList$user,$pass |
You can view all the required methods of the StdRegProv WMI class on MSDN here: https://msdn.microsoft.com/en-us/library/aa393664(v=vs.85).aspx
The only downside to this option was it took me a while to stumble across it!
C# Registrykey Class
I hope this is of use , thanks for taking the time to read my blog!