Menu

Virtual Geek

Tales from real IT system administrators world and non-production environment

Microsoft Powershell: Export remote registry information to excel

Part 1: Powershell: Get registry value data from remote computer
Part 1.1: Microsoft Powershell: Export remote registry information to excel
Part 2: Microsoft Powershell: remotely write, edit, modify new registry key and data value
Part 3: Microsoft Powershell: Delete registry key or values on remote computer

This is just a extended part of my earlier article Part 1. In that part I wrote a code to get a value from single registry key. But here I wanted a complete registry info under key and was also looking for all subkey list. Here I am showing 3 methods to pull report. In first method there should be rights and remote registry enabled on remote server.

remote registry editor powershell, local users and hkey local machine, get information to excel.png

Here first command shows the all valuenames with valuedata and what kind it is. This information can be easily exported to excel using pipeline "| Export-Csv c:\info.csv".
Get-RemoteRegistryInfo -ComputerName server01, member01 -RegistryHive Users -RegistryKeyPath S-1-5-18\Environment -Type ValueData

This next command shows and list all the childkeys.
Get-RemoteRegistryInfo -ComputerName server01, member01 -RegistryHive Users -RegistryKeyPath S-1-5-18 -Type ChildKey

microsoft windows powershell, remote registry info, childkey, and valuename and value kind.png

Useful Blogs
Different ways to bypass Powershell execution policy :.ps1 cannot be loaded because running scripts is disabled
Installing, importing and using any module in powershell

Download script here, this is also available on GitHub

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
function Get-RemoteRegistryInfo {
[CmdletBinding(SupportsShouldProcess=$True,
    ConfirmImpact='Medium',
    HelpURI='http://vcloud-lab.com',
    DefaultParameterSetName='GetValue')]
    Param ( 
        [parameter(Position=0, ValueFromPipeline=$True, ValueFromPipelineByPropertyName=$True)]
        [alias('C')]
        [String[]]$ComputerName = '.',

        [Parameter(Position=1, Mandatory=$True, ValueFromPipelineByPropertyName=$True)]
        [alias('Hive')]
        [ValidateSet('ClassesRoot', 'CurrentUser', 'LocalMachine', 'Users', 'CurrentConfig')]
        [String]$RegistryHive = 'LocalMachine',

        [Parameter(Position=2, Mandatory=$True, ValueFromPipelineByPropertyName=$True)]
        [alias('ParentKeypath')]
        [String]$RegistryKeyPath,

        [parameter(Position=3, Mandatory=$True, ValueFromPipelineByPropertyName=$true)]
        [ValidateSet('ChildKey', 'ValueData')]
        [String]$Type
    
    )
    Begin {
        $RegistryRoot= "[{0}]::{1}" -f 'Microsoft.Win32.RegistryHive', $RegistryHive
        try {
            $RegistryHive = Invoke-Expression $RegistryRoot -ErrorAction Stop
        }
        catch {
            Write-Host "Incorrect Registry Hive mentioned, $RegistryHive does not exist" 
        }
    }
    Process {
        Foreach ($Computer in $ComputerName) {
            if (Test-Connection $Computer -Count 2 -Quiet) {
                try {
                    $reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey($RegistryHive, $Computer)
                    $key = $reg.OpenSubKey($RegistryKeyPath, $true)
                }
                catch {
                    Write-Host "Check permissions on computer name $Computer, cannot connect registry" -BackgroundColor DarkRed
                    Continue
                }
                if ($key.GetSubKeyNames() -eq $null -or $key.GetValueNames() -eq $null) {
                    Write-Host "Incorrect registry path on $computer" -BackgroundColor DarkRed
                    continue
                }
                switch ($Type) {
                    'ChildKey' {
                        foreach ($ck in $key.GetSubKeyNames()) {
                            $obj =  New-Object psobject
                            $obj | Add-Member -Name ComputerName -MemberType NoteProperty -Value $Computer
                            $obj | Add-Member -Name RegistryKeyPath -MemberType NoteProperty -Value "$RegistryHive\$RegistryKeyPath"
                            $obj | Add-Member -Name ChildKey -MemberType NoteProperty -Value $ck
                            $obj
                        }
                        break
                    }
                    'ValueData' {
                        foreach ($vn in $key.GetValueNames()) {
                            $obj =  New-Object psobject
                            $obj | Add-Member -Name ComputerName -MemberType NoteProperty -Value $Computer
                            $obj | Add-Member -Name RegistryKeyPath -MemberType NoteProperty -Value "$RegistryHive\$RegistryKeyPath"
                            $obj | Add-Member -Name ValueName -MemberType NoteProperty -Value $vn
                            $obj | Add-Member -Name ValueData -MemberType NoteProperty -Value $key.GetValue($vn)
                            $obj | Add-Member -Name ValueKind -MemberType NoteProperty -Value $key.GetValueKind($vn)
                            $obj
                        }
                        break
                    }
                }
            }
            else {
                Write-Host "Computer Name $Computer not reachable" -BackgroundColor DarkRed
            }
        }
    }
    End {
        #[Microsoft.Win32.RegistryHive]::ClassesRoot
        #[Microsoft.Win32.RegistryHive]::CurrentUser
        #[Microsoft.Win32.RegistryHive]::LocalMachine
        #[Microsoft.Win32.RegistryHive]::Users
        #[Microsoft.Win32.RegistryHive]::CurrentConfig
    }
}

#Get-RegistryInfo -ComputerName server01, member01 -RegistryHive Users -RegistryKeyPath S-1-5-18 -Type ChildKey
#Get-RemoteRegistryInfo -ComputerName server01, member01 -RegistryHive Users -RegistryKeyPath S-1-5-18\Environment -Type ValueData

Another method can be used PowerShell Remoting with combination of Get-Itemproperty and Get-ChildItem to get information. In PowerShell when using Get-Itemproperty and Get-ChildItem, the only registry hives paths available by default are HKLM: and HKCU:. Below command shows value names and value and in the second command list sub keys.
Invoke-Command -ComputerName Server01 {Get-ItemProperty "HKCU:\Environment"}

Next command is shows directory listing of Registry keys.
Invoke-Command -ComputerName Server01 {Get-ChildItem "HKCU:\"} | Select PSComputerName, Name

microsoft windows powershell, invoke-command get-childitem, get-itemproperty, get-item, remote registry information, hkcu, hlm, localmachine examples

This 3rd method is very simple and easy one, and command prompt can be used, no spacial requirement expect need remote registry to be enabled on remote computer and privileges on remote.

REG Query \\Server01\HKLM\SYSTEM

REG Query \\Server01\HKLM\SYSTEM\RNG

CMD, command prompt old school Reg Query, remote registry, powershell easy setup

Useful Blogs
Microsoft Powershell generate random anything (Filename, TempPath, GUID, Password)
How to Install and Use Microsoft PowerShell on Linux

Go Back

Comment

Blog Search

Page Views

11240120

Follow me on Blogarama