Script to Scan for Registry Value on Remote computer

This topic contains 17 replies, has 2 voices, and was last updated by  Jon 3 weeks, 4 days ago.

  • Author
    Posts
  • #82963

    Cory
    Participant

    I have a answer key with computer names in it that I want to scan. What I need to do is scan each computer to see if they have a certain registry entry. From my understanding for this to work you have to have Remote Registry enabled and started. Is this true? If that is true then I need help with my script so that it will first check each computer for the RemoteRegistry status. If it is running it will then check the registry key and report back if it is there. If the service is not running I need the script to enable the service check for the registry key and then stop the RemoteRegistry service again. This all then needs to output to a csv file. I just started on the script so there is not much there but this is what I have so far

    $CompList = Get-Content ".\CompList.txt"
    foreach ($Computer in $CompList)
    {
    Get-Service -Name "RemoteRegistry" -ComputerName $Computer | Format-Table -Property MachineName, Status
    reg query "\\$computer\HKLM\software\policies\microsoft\windows\explorer"
    }

    Any help would be appreciated

  • #82969

    Jon
    Participant

    Are you just trying to see if the registry entry exists? If so I would do something like this

    Invoke-Command -ComputerName (gc C:\complist.txt) -scriptblock {

    Test-path '\HKLM\software\policies\microsoft\windows\explorer'

    }

    • #82976

      Cory
      Participant

      Yes I really just need to make sure the entry exists. Does this still require that RemoteRegistry is started or will it work if it is set to stopped.

      This is the error I get when I try to run that command...

      Connecting to remote server convoff01 failed with the following error message : The client cannot connect to the
      destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the
      logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the
      WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig". For more
      information, see the about_Remote_Troubleshooting Help topic.

  • #82979

    Jon
    Participant

    It does not require remote registry. However that sounds like you don't have powershell remoting enabled. If you do "enter-session hcdcconvoff01" does that work? What OS is that machine?

    • #82982

      Cory
      Participant

      Windows 10 Pro

      I get an error that says enter-session is not recognized

    • #82984

      Jon
      Participant

      Sorrry, "enter-pssession"

    • #82987

      Cory
      Participant

      That one I get an error saying that The client cannot connect to the
      destination specified in the request. Verify that the service on the destination is running and is accepting requests.

      WinRM is running as a service on the computer

  • #82988

    Jon
    Participant

    Service is running but by default on desktops still some config needed to get it up and running. Not sure of your administrative capabilities across your domain but this article will show you how to turn it on via GPO.

    https://devops-collective-inc.gitbooks.io/secrets-of-powershell-remoting/content/manuscript/configuring-remoting-via-gpo.html

    • #82991

      Cory
      Participant

      appreciate the help... looks like I got past the whole services issue. Now I am getting an error message that states.
      Invoke-Command : Cannot validate argument on parameter 'ComputerName'. The argument is null or empty. Provide an argument that is not
      null or empty, and then try the command again.

      going to close out of powershell and go back in to make sure there isn't something just messed up with the program

  • #82993

    Jon
    Participant

    Is that running it against one specific computer or a list in a text file?

    If against one specific computer, can you ping the computer by the name that you put in?
    If it's the text file you may have spaces or something in there it doesn't like.

  • #82996

    Cory
    Participant

    Thank you again for the help. I am no longer getting any errors. I am getting results that say FALSE. I assume that means that the entry is not there... the problem with that is I logged into the registry and it is there. So not for sure why it is saying False

  • #82997

    Cory
    Participant

    I had returns in the text file.

    The only issue I have right now is that no matter what registry key I put in they all come back as FALSE. so maybe I am still missing a permission somewhere and the script is still not able to scan the registry

  • #83006

    Jon
    Participant

    Check one remote computer and see if it works. I verified in my domain it shows true for me.

  • #83009

    Cory
    Participant

    Ok I got. I removed the \ from the front of HKLM and now it works....THANKS AGAIN!!!

  • #83012

    Jon
    Participant

    Anytime!

You must be logged in to reply to this topic.