获取远程注册表值

Question

我有下面的脚本，我希望它出去多个服务器并获得注册表的值。不幸的是，它现在只是发回我正在运行脚本的机器的本地注册表值。

如何让脚本对远程注册表运行？

SCRIPT：

clear 
#$ErrorActionPreference = "silentlycontinue" 

$Logfile = "C:\temp\NEWnetbackup_version.log" 

Function LogWrite 
{ 
    param([string]$logstring) 

    Add-Content $Logfile -Value $logstring 
} 

$computer = Get-Content -Path c:\temp\netbackup_servers1.txt 

foreach ($computer1 in $computer){ 

$Service = Get-WmiObject Win32_Service -Filter "Name = 'NetBackup Client Service'" -ComputerName $computer1 

    if (test-connection $computer1 -quiet) 
    { 
      $NetbackupVersion1 = $(Get-ItemProperty hklm:\SOFTWARE\Veritas\NetBackup\CurrentVersion).PackageVersion 

      if($Service.state -eq 'Running') 
      { 
       LogWrite "$computer1 STARTED $NetbackupVersion1" 
      } 
      else 
      { 
       LogWrite "$computer1 STOPPED $NetbackupVersion1" 
      } 
    } 
    else 
    { 
     LogWrite "$computer1 is down" -foregroundcolor RED 
    } 
} 

Answer 1

您可以尝试使用.NET：

$Reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $computer1) 
$RegKey= $Reg.OpenSubKey("SOFTWARE\\Veritas\\NetBackup\\CurrentVersion") 
$NetbackupVersion1 = $RegKey.GetValue("PackageVersion") 

Answer 2

如果你有PowerShell远程处理和CredSSP的设置，那么你可以更新您的代码如下：

$Session = New-PSSession -ComputerName $Computer1 -Authentication CredSSP 
$NetbackupVersion1 = Invoke-Command -Session $Session -ScriptBlock { $(Get-ItemProperty hklm:\SOFTWARE\Veritas\NetBackup\CurrentVersion).PackageVersion} 
Remove-PSSession $Session 

Answer 3

尝试Remote Registry Module，注册表提供程序无法远程操作：

Import-Module PSRemoteRegistry 
Get-RegValue -ComputerName $Computer1 -Key SOFTWARE\Veritas\NetBackup\CurrentVersion -Value PackageVersion 

Answer 4

对于远程注册表你如果需要用户的SID使用.NET使用PowerShell 2.0

$w32reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine',$computer1) 
$keypath = 'SOFTWARE\Veritas\NetBackup\CurrentVersion' 
$netbackup = $w32reg.OpenSubKey($keypath) 
$NetbackupVersion1 = $netbackup.GetValue('PackageVersion') 

Answer 5

和浏览远程HKEY_USERS文件夹，你可以按照这个脚本：

<# Replace following domain.name with yours and userAccountName with remote username #> 
$userLogin = New-Object System.Security.Principal.NTAccount(“domain.name“,”userAccountName“) 
$userSID = $userLogin.Translate([System.Security.Principal.SecurityIdentifier]) 

<# We will open HKEY_USERS and with accurate user’s SID from remoteComputer #> 
$remoteRegistry = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey(‘Users’,”remoteComputer“) 

<# We will then retrieve LocalName value from Control Panel/International subkeys #> 

$key = $userSID.value+”\Control Panel\International” 
$openKey = $remoteRegistry.OpenSubKey($key) 

<# We can now retrieve any values #> 

$localName = $openKey.GetValue(‘LocaleName’) 

来源：http://techsultan.com/how-to-browse-remote-registry-in-powershell/

Answer 6

使用python和wmi模块。

import wmi 

conn = wmi.WMI('172.20.58.34', user='UserName', password='Password') 
command = r'cmd /c reg query "HKLM\SOFTWARE\Microsoft" /ve > C:\output.txt' 
conn.Win32_Process.Create(CommandLine=command) 

更多信息$ reg /？在命令提示符下。

Answer 7

另一种选择......需要远程...

(invoke-command -ComputerName mymachine -ScriptBlock {Get-ItemProperty HKLM:\SOFTWARE\VanDyke\VShell\License -Name Version }).version