Menu

Virtual Geek

Tales from real IT system administrators world and non-production environment

Powershell: Get registry value data from remote computer

Finding and fetching registry value data information using PowerShell is very easy, I found in one of the organization administrators where doing unnecessary changes to the registry to specific settings, for one of the example ie: I had to get information from one of the setting under HKey_Local_Machine\System\CurrentControlSet\Services\USBSTOR\Start. If value data is set to 4, USB storage devices will disabled and would not work. But admins where changing it on the system to 3. To check the status I created script for windows 2008 and 2008 R2, This script uses traditional way to connect remote registry. Make sure Remote Registry service status is running before trying to attempt. Same can be verify using Get-Service RemoteRegistry command. 

Part 1: Powershell: Get registry value data from remote computer
Part 2: Microsoft Powershell: remotely write, edit, modify new registry key and data value
Part 3: Microsoft Powershell: Delete registry key or values on remote computer

Powershell Services.msc vcloud-lab.com  remote registry get-service remoteregistry

To verify you can open remote registry using File>>Connect Netowork Registry.

Powershell Registry Editor file, connect network registry successful

Next I need a Hive name (There are 5 root nodes ClassesRoot, CurrentUser, LocalMachine, Users, CurrentConfig) and key name is System\CurrentControlSet\Services\USBStor as highlighted. ValueName is Start

Below are the hive name mappings. 
ClassesRoot --> HKEY_CLASSES_ROOT
CurrentUser  --> HKEY_CURRENT_USER
LocalMachine --> HKEY_LOCAL_MACHINE1
Users --> HKEY_USERS
CurrentConfig   --> HKEY_CURRENT_CONFIG

Microsoft Powershell Registry Editor hklm, hkey local machine, system, currentcontrolset, services

Use below script to store in $PROFILE location. and relaunch the PowerShell. Procedure has been given on Powershell Active Directory: Show treeview of User or Group memberof hierarchy. This script created created using registry .net object [Microsoft.Win32.RegistryKey]. It will use your logged in user account to connect remote registry. If you multiple computer names provide it separating comma, or store them in text file and use cat to get the list.

Get-RegistryValueData -ComputerName Server01, Member01, test -RegistryHive LocalMachine -RegistryKeyPath SYSTEM\CurrentControlSet\Services\USBSTOR -ValueName Start

Powershell get registry value, Get-RegistryValueData, Registry hive, Registry key path, value name data

Useful Blogs
Different ways to bypass Powershell execution policy :.ps1 cannot be loaded because running scripts is disabled
Installing, importing and using any module in powershell

1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
function Get-RegistryValueData {
    [CmdletBinding(SupportsShouldProcess=$True,
        ConfirmImpact='Medium',
        HelpURI='http://vcloud-lab.com')]
    Param
    ( 
        [parameter(Position=0, ValueFromPipeline=$True, ValueFromPipelineByPropertyName=$True)]
        [alias('C')]
        [String[]]$ComputerName = '.',
        [Parameter(Position=1, Mandatory=$True, ValueFromPipelineByPropertyName=$True)] 
        [alias('Hive')]
        [ValidateSet('ClassesRoot', 'CurrentUser', 'LocalMachine', 'Users', 'CurrentConfig')]
        [String]$RegistryHive = 'LocalMachine',
        [Parameter(Position=2, Mandatory=$True, ValueFromPipelineByPropertyName=$True)]
        [alias('KeyPath')]
        [String]$RegistryKeyPath = 'SYSTEM\CurrentControlSet\Services\USBSTOR',
        [parameter(Position=3, Mandatory=$True, ValueFromPipelineByPropertyName=$true)]
        [alias('Value')]
        [String]$ValueName = 'Start'
    )
    Begin {
        $RegistryRoot= "[{0}]::{1}" -f 'Microsoft.Win32.RegistryHive', $RegistryHive
        try {
            $RegistryHive = Invoke-Expression $RegistryRoot -ErrorAction Stop
        }
        catch {
            Write-Host "Incorrect Registry Hive mentioned, $RegistryHive does not exist" 
        }
    }
    Process {
        Foreach ($Computer in $ComputerName) {
            if (Test-Connection $computer -Count 2 -Quiet) {
                $reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey($RegistryHive, $Computer)
                $key = $reg.OpenSubKey($RegistryKeyPath)
                $Data = $key.GetValue($ValueName)
                $Obj = New-Object psobject
                $Obj | Add-Member -Name Computer -MemberType NoteProperty -Value $Computer
                $Obj | Add-Member -Name RegistryValueName -MemberType NoteProperty -Value "$RegistryKeyPath\$ValueName"
                $Obj | Add-Member -Name RegistryValueData -MemberType NoteProperty -Value $Data
                $Obj
            }
            else {
                Write-Host "$Computer not reachable" -BackgroundColor DarkRed
            }
        }
    }
    End {
        #[Microsoft.Win32.RegistryHive]::ClassesRoot
        #[Microsoft.Win32.RegistryHive]::CurrentUser
        #[Microsoft.Win32.RegistryHive]::LocalMachine
        #[Microsoft.Win32.RegistryHive]::Users
        #[Microsoft.Win32.RegistryHive]::CurrentConfig
    }
}


Get-RegistryValueData -ComputerName Server01, Member01, testcomp -RegistryHive LocalMachine -RegistryKeyPath SYSTEM\CurrentControlSet\Services\USBSTOR -ValueName 'Start'

Another way I can use another process to connect registry using Invoke-Command but require special configuration POWERSHELL PS REMOTING BETWEEN STANDALONE WORKGROUP COMPUTERS, This is best option if you have configured PS remoting, and you don't have to run above script or need extra stepd. You can use default inbuilt commands Get-ItemProperty combining with Invoke-Command. Below is the example cmdlet for getting information from local computer.
Get-ItemProperty -Path 'HKLM:\SOFTWARE\VMware, Inc.\VMware Tools\' -Name InstallPath | select InstallPath

Below procedure is for remote server using Invoke-Command and enclose command within carly brackets {}.
Invoke-Command -ComputerName Member01, Server01 {Get-ItemProperty -Path 'HKLM:\SOFTWARE\VMware, Inc.\VMware Tools\' -Name InstallPath | select InstallPath}

Powershell Registry remotely Invoke-command Get-ItemProperty -path select-object

I use command prompt, CMD some times, to get registry key information. this is old fashion way to know and fetch value data from remote machine.

REG QUERY \\member01\HKLM\System\CurrentControlSet\Services\USBSTOR\ /v Start

microsoft powershell, command prompt, cmd, reg query, regedit powershell, registry

Useful Blogs
Microsoft Powershell generate random anything (Filename, TempPath, GUID, Password)
How to Install and Use Microsoft PowerShell on Linux

Go Back



Comment

Blog Search

Page Views

11240130

Follow me on Blogarama