Posted by: Preetam | January 15, 2007

Accessing Registry using PowerShell

Accessing registry is quite common in Powershell Now, so lets get into it. Idea was to gather inventory of entire computer. I thought lets start with simple code.

$regpath=”HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion”
$items=$regpath get-itemproperty

Then I felt like exploring little more. I came with Idea of getting IP address of machine. When I wrote code I felt it was easy but it went too long than I felt.

$NICSPOOL=”HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards”
$NOSNIC=get-childitem $NICSPOOL
$EACHNIC=$NOSNIC select-object pschildname
for($i=0;$i -lt $EACHNIC.length; $i++) {
$NICCARDS=”HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards\$CardName”
#Write-host $SVCNAME
Write-host $Des
write-host IPS $IPS
$IPPROP=$IPS Get-itemproperty
if ($IPPROP.EnableDHCP -eq 1) {
Write-host IPAddress $IPPROP.DhcpIPAddress
Write-host SubnetMask $IPPROP.DhcpSubnetMask
Write-host DefaultGateway $IPPROP.DhcpDefaultGateway
Write-host DhcpServer $IPPROP.DhcpServer
if ($IPPROP.EnableDHCP -eq 0) {
Write-host IPAddress $IPPROP.ipaddress
Write-host SubnetMask $IPPROP.SubnetMask
Write-host DefaultGateway $IPPROP.DefaultGateway
Write-host DNSServer $IPPROP.NameServer
write-host “”

Few interesting things I discovered I’ve marked as pink.Above script assumes you have multiple NIC, nowadays it is more common. And I wanted this script to be enterprize compatible. Script would look for one parameter, DHCP if it is enabled it will get different out. Script did what I wished but only in parts. Again this won;t work across enterprize. So next step was googling.


Both the blogs are quite interesting to an extend which explains remote registry access is possible.

Let’s take simple example


$regpath=”HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards\2″
$items=$regpath get-itemproperty


$key = “SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards”
$type = [Microsoft.Win32.RegistryHive]::LocalMachine
$regKey = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey($type, $Srv)
$regKey = $regKey.OpenSubKey($key)
Write-Host “Sub Keys”
Write-Host “——–“
Foreach($sub in $regKey.GetSubKeyNames()){
$NICPOOLS = “SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards\$sub”
$regKey = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey($type, $Srv)
$regKey = $regKey.OpenSubKey($NICPOOLS)
Foreach($val in $regKey.GetValueNames()) {
if ( $val -eq “Servicename”) {
$Keyvalue= $regKey.GetValue(“$val”)

See the difference in code. No No….it is not about lines in the code but it is property and methods available in local registry are not easily available while accessing remote registry. I was able to get the IP address using remote registry class but output was not quite satisfying and code manipulation was nothing but another vbscript. Yeah I can’t expect best of both the worlds…not so early. For simple reason, without .net knowledge struggle will continue.



  1. That was some educative piece of writing

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: