-
Notifications
You must be signed in to change notification settings - Fork 94
/
Copy pathRemote-Registry.ps1
104 lines (99 loc) · 3.94 KB
/
Remote-Registry.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
# this is my own learning of accessing the registry on remote computers.
# for a more complete solution, i recommend https://psremoteregistry.codeplex.com/
function Set-RemoteRegistry {
param (
$comp = $env:COMPUTERNAME,
[ValidateSet('ClassesRoot', 'CurrentUser', 'LocalMachine', 'Users', 'PerformanceData', 'CurrentConfig', 'DynData')]
[string]$hive = 'LocalMachine',
[string]$key = $(Throw 'No Key provided'),
[ValidateSet('Binary', 'DWord', 'ExpandString', 'MultiString', 'None', 'QWord', 'String', 'Unknown')]
[string]$type,
[string]$value = $(Throw 'No Value provided'),
[string]$data,
[switch]$delete = $false
)
$registry = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey($hive, $comp).OpenSubKey($key, [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree)
if (!$delete) {
try {
$registry.SetValue($value, $data, $type)
[pscustomobject]@{
Computer = $comp;
Hive = $hive;
Key = $key;
Value = $value;
Data = $data;
Type = $type;
Delete = $delete
}
} catch {
write-error $error[0]
return
}
} else {
try {
$registry.DeleteValue($value)
[pscustomobject]@{
Computer = $comp;
Hive = $hive;
Key = $key;
Value = $value;
Data = $data;
Type = $type;
Delete = $delete
}
} catch {
write-error $error[0]
return
}
}
}
function Get-RemoteRegistry {
param (
$comps = $env:COMPUTERNAME,
[ValidateSet('ClassesRoot', 'CurrentUser', 'LocalMachine', 'Users', 'PerformanceData', 'CurrentConfig', 'DynData')]
[string]$hive = 'LocalMachine',
[string[]]$keys = '',
$subs = $true
)
foreach ($comp in $comps) {
$registry = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey($hive, $comp)
foreach ($key in $keys) {
if ($subs) {
$subkeys = $registry.OpenSubKey($key).GetSubKeyNames()
foreach ($subkey in $subkeys) {
try{ $subregistry = $registry.OpenSubKey("$key\$subkey") }catch{}
$hash = @{}
$hash.Add('RegKeyName', $subkey)
try{ $hash.Add('RegKeyParent', $key) }catch{}
try{ $hash.Add('RegKeyChildren', $subregistry.GetSubKeyNames()) }catch{}
try{ $names = $subregistry.GetValueNames() }catch{}
foreach ($name in ($names | ? {$_})) {
$hash.Add($name, $(
[pscustomobject]@{
Type = $subregistry.GetValueKind($name)
Value = $subregistry.GetValue($name)
}
))
}
[pscustomobject]$hash
}
} else {
try{ $subregistry = $registry.OpenSubKey($key) }catch{}
$hash = @{}
$hash.Add('RegKeyName', $(Split-Path $subregistry -Leaf))
try{ $hash.Add('RegKeyParent', $(Join-Path $hive (Split-Path $key))) }catch{}
try{ $hash.Add('RegKeyChildren', $subregistry.GetSubKeyNames()) }catch{}
try{ $names = $subregistry.GetValueNames() }catch{}
foreach ($name in ($names | ? {$_})) {
$hash.Add($name, $(
[pscustomobject]@{
Type = $subregistry.GetValueKind($name)
Value = $subregistry.GetValue($name)
}
))
}
[pscustomobject]$hash
}
}
}
}