Posted by: Preetam | January 15, 2007

Accessing Registry using PowerShell

Accessing registry is quite common in Powershell Now, so lets get into it. Idea was to gather inventory of entire computer. I thought lets start with simple code.

$regpath=”HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion”
$items=$regpath get-itemproperty
$items.RegisteredOwner
$items.systemroot
$items.SourcePath

Then I felt like exploring little more. I came with Idea of getting IP address of machine. When I wrote code I felt it was easy but it went too long than I felt.

$NICSPOOL=”HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards”
$NOSNIC=get-childitem $NICSPOOL
$EACHNIC=$NOSNIC select-object pschildname
for($i=0;$i -lt $EACHNIC.length; $i++) {
$CardName=$EACHNIC[$i].pschildname
#Write-host CNAME $CARDNAME
$NICCARDS=”HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards\$CardName”
$NICPROP=$NICCARDS Get-ItemProperty
$SVCNAME=$NICPROP.ServiceName
#Write-host $SVCNAME
$Des=$NICPROP.Description
Write-host $Des
$IPPOOL=”HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces”
$IPS=$IPPOOL + “\” + $SVCNAME
write-host IPS $IPS
$IPPROP=$IPS Get-itemproperty
#$IPPROP
if ($IPPROP.EnableDHCP -eq 1) {
Write-host IPAddress $IPPROP.DhcpIPAddress
Write-host SubnetMask $IPPROP.DhcpSubnetMask
Write-host DefaultGateway $IPPROP.DhcpDefaultGateway
Write-host DhcpServer $IPPROP.DhcpServer
}
if ($IPPROP.EnableDHCP -eq 0) {
Write-host IPAddress $IPPROP.ipaddress
Write-host SubnetMask $IPPROP.SubnetMask
Write-host DefaultGateway $IPPROP.DefaultGateway
Write-host DNSServer $IPPROP.NameServer
}
write-host “”
}

Few interesting things I discovered I’ve marked as pink.Above script assumes you have multiple NIC, nowadays it is more common. And I wanted this script to be enterprize compatible. Script would look for one parameter, DHCP if it is enabled it will get different out. Script did what I wished but only in parts. Again this won;t work across enterprize. So next step was googling.

Found

http://abhishek225.spaces.live.com/blog/cns!13469C7B7CE6E911!145.entry

http://mybsinfo.blogspot.com/2007/01/powershell-remote-registry-and-you-part.html

Both the blogs are quite interesting to an extend which explains remote registry access is possible.

Let’s take simple example

LOCAL REGISTRY ACCESS

$regpath=”HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards\2″
$items=$regpath get-itemproperty
$items.Servicename

REMOTE REGISTRY ACCESS

$Srv=”Singaporelt”
$key = “SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards”
$type = [Microsoft.Win32.RegistryHive]::LocalMachine
$regKey = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey($type, $Srv)
$regKey = $regKey.OpenSubKey($key)
Write-Host “Sub Keys”
Write-Host “——–“
Foreach($sub in $regKey.GetSubKeyNames()){
$NICPOOLS = “SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards\$sub”
$regKey = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey($type, $Srv)
$regKey = $regKey.OpenSubKey($NICPOOLS)
Foreach($val in $regKey.GetValueNames()) {
if ( $val -eq “Servicename”) {
$Keyvalue= $regKey.GetValue(“$val”)
$Keyvalue
}
}
}

See the difference in code. No No….it is not about lines in the code but it is property and methods available in local registry are not easily available while accessing remote registry. I was able to get the IP address using remote registry class but output was not quite satisfying and code manipulation was nothing but another vbscript. Yeah I can’t expect best of both the worlds…not so early. For simple reason, without .net knowledge struggle will continue.


Responses

  1. That was some educative piece of writing


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: