Getting Properties of Registry Key with PowerShell

Share
Viewing 10 reply threads
  • Author
    Posts
    • #1554435
      Leonard Hopkins
      Participant
      Post count: 3
      Member Points: 653
      Rank: Level 2

      Seems simple and seen a lot of “complex” solutions but don’t understand them. I am simply trying to get the data out of a remote computer registry. I can see the data but don’t know how to retrieve it. What is the little secret to populate the Property info?

      0
    • #1554438
      Leos Marek
      Moderator
      Post count: 173
      Member Points: 9,304
      Rank: Level 3

      You need to use methods of the object. Use

      to see what values you have there and then use

      to retrieve the specific value. Note this is just a quick hint, if you have more keys you will need to parse them one by one.

      0
    • #1554449
      Leonard Hopkins
      Participant
      Post count: 3
      Member Points: 653
      Rank: Level 2

      These methods are not available.

      Methods not available

      0
    • #1554450
      Leos Marek
      Moderator
      Post count: 173
      Member Points: 9,304
      Rank: Level 3

      See your object TypeName: it says Deserialized. That is because the call was done on remote computer with invoke-command and you only got deserialized XML result which strips the methods from the object. You need to make the method calls on the remote computer and then get the result to your screen. Thats it.

      0
    • #1554451
      Leonard Hopkins
      Participant
      Post count: 3
      Member Points: 653
      Rank: Level 2

      OK, understood. But how do I do this? The reason for this is that I am build a script to audit the value of a registry on remote computers. I will have a list of Computers to check for a certain value to produce a report. How else would you do this. I have done this several times before without running into this.

      0
    • #1554452
      David Figueroa
      Participant
      Post count: 12
      Member Points: 2,622
      Rank: Level 3

      You do it as part of your invoke-command. (and an important note after the code block)

      Now – the important thing here, is your pic shows you trying to pull HKCU.

      HKCU is not available to you on a remote computer.. you only have access to HKU (or HKLM).  (You might be able to grab HKCU if you are trying to request data from the same account that you are invoking with).  You would need to get the SID and query it through HKU\<sid>\….

      David F.

      0
      • #1554453
        Leos Marek
        Moderator
        Post count: 173
        Member Points: 9,304
        Rank: Level 3

        Not sure on your last statement David. Registry keys for current user are loaded during logon from NTUSER.DAT file in users profile, they are not always available in registry.

        Cheers L

        0
    • #1554454
      Leonard Hopkins
      Participant
      Post count: 3
      Member Points: 653
      Rank: Level 2

      Got it solved and don’t know why I didn’t do it earlier. Employing PSSession solves the problem. The value in UseRWHlinkNavigation is what I am looking for. However, not sure why I am getting an error on “Exit-PSSession” but that’s not that big right now.

      Now I can enumerate all profiles on a remote computer by querying HKLM:\Software\Microsoft\Windows NT\CurrentVersion\ProfileList for all profile GUID’s and then look to see if this value is present.

      0
    • #1554455
      Leonard Hopkins
      Participant
      Post count: 3
      Member Points: 653
      Rank: Level 2

      Got it solved and don’t know why I didn’t do it earlier. Employing PSSession solves the problem. The value in UseRWHlinkNavigation is what I am looking for. However, not sure why I am getting an error on “Exit-PSSession” but that’s not that big right now.

      Now I can enumerate all profiles on a remote computer by querying HKLM:\Software\Microsoft\Windows NT\CurrentVersion\ProfileList for all profile GUID’s and then look to see if this value is present.

      0
    • #1554457
      Leos Marek
      Moderator
      Post count: 173
      Member Points: 9,304
      Rank: Level 3

      Leonard,

      Enter-PSsession is not intended to be used in scripts, but interactively. What David typed you works, another example here

      The thing you say with getting user SID from Profile list and then query it in HKUsers will not work. I have 3 accounts on my computer and only 1 account is currently loaded in my registry.

      That is because registry do not store those information at all times, but they are loaded from NTUSER.DAT file when user logs on. Otherwise, on RDS servers with thousands of user profiles, the registry would be enormeously large.

      0
    • #1554477
      Leonard Hopkins
      Participant
      Post count: 3
      Member Points: 653
      Rank: Level 2

      Simplifed things and this works and gives me what I want.

      Also, you are correct on Profiles List from HKCU. Nothing to grabe there. Also, unable to parse HKEY_User for each value in $CommonInternetKey.

      I can get the GUID’s by

      but trying to enumerte the $CommonInternetKey value from each one it elluding me. I can get it from HKCU and will have to settle for that I suppose.

       

       

       

      0
    • #1554482
      Leos Marek
      Moderator
      Post count: 173
      Member Points: 9,304
      Rank: Level 3

      I am afraid none of that will work for you.

      First – when you query HKCU via Invoke-Command, you are logging to the system using your account, that means your profile NTUSER.DAT file will load to the registry and HKCU key will be your own user account. You are querying the settings for yourself.

      With HKUSERS that would work, but you would need each and every user that you want to query to be logged on at the same time you run the script. If the user is not logged in the system, his registry are not available in HKUSERS.

      0
Viewing 10 reply threads
  • You must be logged in to reply to this topic.
© 4sysops 2006 - 2020

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account