Accessing Registry using PowerShell
Accessing registry is quite common in Powershell Now, so lets get into it. Idea was to gather inventory of entire computer. I thought lets start with simple code.
$regpath="HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion"
$items=$regpath get-itemproperty
$items.RegisteredOwner
$items.systemroot
$items.SourcePath
Then I felt like exploring little more. I came with Idea of getting IP address of machine. When I wrote code I felt it was easy but it went too long than I felt.
$NICSPOOL="HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards"
$NOSNIC=get-childitem $NICSPOOL
$EACHNIC=$NOSNIC select-object pschildname
for($i=0;$i -lt $EACHNIC.length; $i++) {
$CardName=$EACHNIC[$i].pschildname
#Write-host CNAME $CARDNAME
$NICCARDS="HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards\$CardName"
$NICPROP=$NICCARDS Get-ItemProperty
$SVCNAME=$NICPROP.ServiceName
#Write-host $SVCNAME
$Des=$NICPROP.Description
Write-host $Des
$IPPOOL="HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces"
$IPS=$IPPOOL + "\" + $SVCNAME
write-host IPS $IPS
$IPPROP=$IPS Get-itemproperty
#$IPPROP
if ($IPPROP.EnableDHCP -eq 1) {
Write-host IPAddress $IPPROP.DhcpIPAddress
Write-host SubnetMask $IPPROP.DhcpSubnetMask
Write-host DefaultGateway $IPPROP.DhcpDefaultGateway
Write-host DhcpServer $IPPROP.DhcpServer
}
if ($IPPROP.EnableDHCP -eq 0) {
Write-host IPAddress $IPPROP.ipaddress
Write-host SubnetMask $IPPROP.SubnetMask
Write-host DefaultGateway $IPPROP.DefaultGateway
Write-host DNSServer $IPPROP.NameServer
}
write-host ""
}
Few interesting things I discovered I've marked as pink.Above script assumes you have multiple NIC, nowadays it is more common. And I wanted this script to be enterprize compatible. Script would look for one parameter, DHCP if it is enabled it will get different out. Script did what I wished but only in parts. Again this won;t work across enterprize. So next step was googling.
Found
http://abhishek225.spaces.live.com/blog/cns!13469C7B7CE6E911!145.entry
http://mybsinfo.blogspot.com/2007/01/powershell-remote-registry-and-you-part.html
Both the blogs are quite interesting to an extend which explains remote registry access is possible.
Let's take simple example
LOCAL REGISTRY ACCESS
$regpath="HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards\2"
$items=$regpath get-itemproperty
$items.Servicename
REMOTE REGISTRY ACCESS
$Srv="Singaporelt"
$key = "SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards"
$type = [Microsoft.Win32.RegistryHive]::LocalMachine
$regKey = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey($type, $Srv)
$regKey = $regKey.OpenSubKey($key)
Write-Host "Sub Keys"
Write-Host "--------"
Foreach($sub in $regKey.GetSubKeyNames()){
$NICPOOLS = "SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards\$sub"
$regKey = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey($type, $Srv)
$regKey = $regKey.OpenSubKey($NICPOOLS)
Foreach($val in $regKey.GetValueNames()) {
if ( $val -eq "Servicename") {
$Keyvalue= $regKey.GetValue("$val")
$Keyvalue
}
}
}
See the difference in code. No No....it is not about lines in the code but it is property and methods available in local registry are not easily available while accessing remote registry. I was able to get the IP address using remote registry class but output was not quite satisfying and code manipulation was nothing but another vbscript. Yeah I can't expect best of both the worlds...not so early. For simple reason, without .net knowledge struggle will continue.
No comments:
Post a Comment