Script to Scan for Registry Value on Remote computer

Welcome Forums General PowerShell Q&A Script to Scan for Registry Value on Remote computer

This topic contains 17 replies, has 2 voices, and was last updated by

Jon
 
Participant
1 year ago.

  • Author
    Posts
  • #82963

    Participant
    Points: 0
    Rank: Member

    I have a answer key with computer names in it that I want to scan. What I need to do is scan each computer to see if they have a certain registry entry. From my understanding for this to work you have to have Remote Registry enabled and started. Is this true? If that is true then I need help with my script so that it will first check each computer for the RemoteRegistry status. If it is running it will then check the registry key and report back if it is there. If the service is not running I need the script to enable the service check for the registry key and then stop the RemoteRegistry service again. This all then needs to output to a csv file. I just started on the script so there is not much there but this is what I have so far

    $CompList = Get-Content ".\CompList.txt"
    foreach ($Computer in $CompList)
    {
    Get-Service -Name "RemoteRegistry" -ComputerName $Computer | Format-Table -Property MachineName, Status
    reg query "\\$computer\HKLM\software\policies\microsoft\windows\explorer"
    }

    Any help would be appreciated

  • #82969
    Jon

    Participant
    Points: 22
    Rank: Member

    Are you just trying to see if the registry entry exists? If so I would do something like this

    Invoke-Command -ComputerName (gc C:\complist.txt) -scriptblock {

    Test-path '\HKLM\software\policies\microsoft\windows\explorer'

    }

    • #82976

      Participant
      Points: 0
      Rank: Member

      Yes I really just need to make sure the entry exists. Does this still require that RemoteRegistry is started or will it work if it is set to stopped.

      This is the error I get when I try to run that command...

      Connecting to remote server convoff01 failed with the following error message : The client cannot connect to the
      destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the
      logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the
      WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig". For more
      information, see the about_Remote_Troubleshooting Help topic.

  • #82979
    Jon

    Participant
    Points: 22
    Rank: Member

    It does not require remote registry. However that sounds like you don't have powershell remoting enabled. If you do "enter-session hcdcconvoff01" does that work? What OS is that machine?

    • #82982

      Participant
      Points: 0
      Rank: Member

      Windows 10 Pro

      I get an error that says enter-session is not recognized

    • #82984
      Jon

      Participant
      Points: 22
      Rank: Member

      Sorrry, "enter-pssession"

    • #82987

      Participant
      Points: 0
      Rank: Member

      That one I get an error saying that The client cannot connect to the
      destination specified in the request. Verify that the service on the destination is running and is accepting requests.

      WinRM is running as a service on the computer

  • #82988
    Jon

    Participant
    Points: 22
    Rank: Member

    Service is running but by default on desktops still some config needed to get it up and running. Not sure of your administrative capabilities across your domain but this article will show you how to turn it on via GPO.

    https://devops-collective-inc.gitbooks.io/secrets-of-powershell-remoting/content/manuscript/configuring-remoting-via-gpo.html

    • #82991

      Participant
      Points: 0
      Rank: Member

      appreciate the help... looks like I got past the whole services issue. Now I am getting an error message that states.
      Invoke-Command : Cannot validate argument on parameter 'ComputerName'. The argument is null or empty. Provide an argument that is not
      null or empty, and then try the command again.

      going to close out of powershell and go back in to make sure there isn't something just messed up with the program

  • #82993
    Jon

    Participant
    Points: 22
    Rank: Member

    Is that running it against one specific computer or a list in a text file?

    If against one specific computer, can you ping the computer by the name that you put in?
    If it's the text file you may have spaces or something in there it doesn't like.

  • #82996

    Participant
    Points: 0
    Rank: Member

    Thank you again for the help. I am no longer getting any errors. I am getting results that say FALSE. I assume that means that the entry is not there... the problem with that is I logged into the registry and it is there. So not for sure why it is saying False

  • #82997

    Participant
    Points: 0
    Rank: Member

    I had returns in the text file.

    The only issue I have right now is that no matter what registry key I put in they all come back as FALSE. so maybe I am still missing a permission somewhere and the script is still not able to scan the registry

    • #83000
      Jon

      Participant
      Points: 22
      Rank: Member

      Very strange, does this return true or false?

      test-path 'hklm:\software\'

      Also check out this:

      Testing for the Presence of a Registry Key and Value

    • #83003

      Participant
      Points: 0
      Rank: Member

      that is TRUE but that also checked my local computer and not the remote computers

  • #83006
    Jon

    Participant
    Points: 22
    Rank: Member

    Check one remote computer and see if it works. I verified in my domain it shows true for me.

  • #83009

    Participant
    Points: 0
    Rank: Member

    Ok I got. I removed the \ from the front of HKLM and now it works....THANKS AGAIN!!!

  • #83012
    Jon

    Participant
    Points: 22
    Rank: Member

    Anytime!

The topic ‘Script to Scan for Registry Value on Remote computer’ is closed to new replies.