Read Remote Registry PowerShell

Posted on by

Read Remote Registry PowerShell

Hello,

You may used to read the registry of a remote computer with RegEdit.exe and “Connect Network Registry” (Require “Remote Registry service running on remote computer):

Read Remote Registry PowerShell - RegEdit

Read Remote Registry PowerShell – RegEdit

With PowerShell, there is a provider that allow us to browse the local registry just like a local drive :

Get-ItemProperty -Path HKLM:SOFTWAREMicrosoftNotepadDefaultFonts -Name iPointSize

Read Remote Registry PowerShell

If you want to read the registry from a remote computer, you can use “Invoke-Command”, this require you to setup PowerShell Remoting (Enable-PSRemoting) first:

Invoke-Command -ComputerName DC2-Core -Command {Get-ItemProperty -Path HKLM:SOFTWAREMicrosoftNotepadDefaultFonts -Name iPointSize}
Read Remote Registry PowerShell - Invoke-Command

Read Remote Registry PowerShell – Invoke-Command

If you can’t use PowerShell Remoting, you can use .Net to query a remote computer. To do that, you need use the “Microsoft.Win32.RegistryKey” .Net class.

First, prepare some variables for later use :

$ComputerName = 'DC2-Core'
$Hive = 'LocalMachine'
$KeyPath = 'SOFTWAREMicrosoftNotepadDefaultFonts'
$Value = 'iPointSize'

Then, create the RegistryKey object :

$reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey("$hive", "$ComputerName")

Use the “OpenRemoteBaseKey” method :

$key = $reg.OpenSubKey("$KeyPath")

And finally, get the value :

$key.GetValue($Value)
Read Remote Registry PowerShell - PowerShell

Read Remote Registry PowerShell – PowerShell

Wrapup

So hereunder, all the lines together:

$ComputerName = 'DC2-Core'
$Hive = [Microsoft.Win32.RegistryHive]::LocalMachine
$KeyPath = 'SOFTWAREMicrosoftNotepadDefaultFonts'
$Value = 'iPointSize'

$reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey($Hive, $ComputerName)
$key = $reg.OpenSubKey($KeyPath)

$key.GetValue($Value)

You see the possible values of “Microsoft.Win32.RegistryHive” with IntelliSense or, with :

[Enum]::GetValues('Microsoft.Win32.RegistryHive')
Read Remote Registry PowerShell - Hive

Hive

Edit Remote Registry PowerShell

As asked in the comments, I published a very basic example about how to edit remote registry:

https://github.com/edemilliere/Misc/blob/master/Set-RemoteRegistryKey.ps1

The process is quite similar as reading, but you’ll notice that I used an Overload of the OpenSubKey method to tell I need to edit the subkey.

This example will work with PowerShell in version 2, without PowerShell Remoting enabled.

6 thoughts on “Read Remote Registry PowerShell

    • Just need to use the overload of OpenSubKey :
      $key=$reg.OpenSubKey(\”$KeyPath\”,$true)
      The $true tells that you open the subkey with intent to edit it.

      Reply

      • Thank you for being concise, just what I needed and the last comment about $True for editing was the final piece of the puzzle. All I needed to do was read a value and then delete it. (Remotely)
        Regards,
        DeployGuy

        Reply

  2. Pingback: Get Windows Update Configuration PowerShell - It for DummiesIt for Dummies

  3. what kind of entitlements are needed for this? can a power user do this or is it administrator privileges only

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.