Get Even More Visitors To Your Blog, Upgrade To A Business Listing >>

Powershell: Get registry value data

Finding and fetching Registry value data information using PowerShell is very easy, I found in one of the organization administrators where doing unnecessary changes to the registry to specific settings, for one of the example ie: I had to get information from one of the setting under HKey_Local_Machine\System\CurrentControlSet\Services\USBSTOR\Start. If value data is set to 4, USB storage devices will disabled and would not work. But admins where changing it on the system to 3. To check the status I created script for windows 2008 and 2008 R2, This script uses traditional way to connect remote registry. Make sure Remote Registry service status is running before trying to attempt. Same can be verify using Get-Service RemoteRegistry command. 

To verify you can open remote registry using File>>Connect Netowork Registry.

Next I need a Hive name (There are 5 root nodes ClassesRoot, CurrentUser, LocalMachine, Users, CurrentConfig) and key name is System\CurrentControlSet\Services\USBStor as highlighted. ValueName is Start

Below are the hive name mappings. 
ClassesRoot --> HKEY_CLASSES_ROOT
CurrentUser  --> HKEY_CURRENT_USER
LocalMachine --> HKEY_LOCAL_MACHINE1
Users --> HKEY_USERS
CurrentConfig   --> HKEY_CURRENT_CONFIG

Use below script to store in $PROFILE location. and relaunch the PowerShell. Procedure has been given on Powershell Active Directory: Show treeview of User or Group memberof hierarchy. This script created created using registry .net object [Microsoft.Win32.RegistryKey]. It will use your logged in user account to connect remote registry. If you multiple computer names provide it separating comma, or store them in text file and use cat to get the list.

Get-RegistryValueData -ComputerName Server01, Member01, test -RegistryHive LocalMachine -RegistryKeyPath SYSTEM\CurrentControlSet\Services\USBSTOR -ValueName Start

Useful Blogs
Different ways to bypass Powershell execution policy :.ps1 cannot be loaded because running scripts is disabled
Installing, importing and using any module in powershell

1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
function Get-RegistryValueData {
    [CmdletBinding(SupportsShouldProcess=$True,
        ConfirmImpact='Medium',
        HelpURI='http://vcloud-lab.com')]
    Param
    ( 
        [parameter(Position=0, ValueFromPipeline=$True, ValueFromPipelineByPropertyName=$True)]
        [alias('C')]
        [String[]]$ComputerName = '.',
        [Parameter(Position=1, Mandatory=$True, ValueFromPipelineByPropertyName=$True)] 
        [alias('Hive')]
        [ValidateSet('ClassesRoot', 'CurrentUser', 'LocalMachine', 'Users', 'CurrentConfig')]
        [String]$RegistryHive = 'LocalMachine',
        [Parameter(Position=2, Mandatory=$True, ValueFromPipelineByPropertyName=$True)]
        [alias('KeyPath')]
        [String]$RegistryKeyPath = 'SYSTEM\CurrentControlSet\Services\USBSTOR',
        [parameter(Position=3, Mandatory=$True, ValueFromPipelineByPropertyName=$true)]
        [alias('Value')]
        [String]$ValueName = 'Start'
    )
    Begin {
        $RegistryRoot= "[{0}]::{1}" -f 'Microsoft.Win32.RegistryHive', $RegistryHive
        try {
            $RegistryHive = Invoke-Expression $RegistryRoot -ErrorAction Stop
        }
        catch {
            Write-Host "Incorrect Registry Hive mentioned, $RegistryHive does not exist" 
        }
    }
    Process {
        Foreach ($Computer in $ComputerName) {
            if (Test-Connection $computer -Count 2 -Quiet) {
                $reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey($RegistryHive, $Computer)
                $key = $reg.OpenSubKey($RegistryKeyPath)
                $Data = $key.GetValue($ValueName)
                $Obj = New-Object psobject
                $Obj | Add-Member -Name Computer -MemberType NoteProperty -Value $Computer
                $Obj | Add-Member -Name RegistryValueName -MemberType NoteProperty -Value "$RegistryKeyPath\$ValueName"
                $Obj | Add-Member -Name RegistryValueData -MemberType NoteProperty -Value $Data
                $Obj
            }
            else {
                Write-Host "$Computer not reachable" -BackgroundColor DarkRed
            }
        }
    }
    End {
        #[Microsoft.Win32.RegistryHive]::ClassesRoot
        #[Microsoft.Win32.RegistryHive]::CurrentUser
        #[Microsoft.Win32.RegistryHive]::LocalMachine
        #[Microsoft.Win32.RegistryHive]::Users
        #[Microsoft.Win32.RegistryHive]::CurrentConfig
    }
}


Get-RegistryValueData -ComputerName Server01, Member01, testcomp -RegistryHive LocalMachine -RegistryKeyPath SYSTEM\CurrentControlSet\Services\USBSTOR -ValueName 'Start'

Another way I can use another process to connect registry using Invoke-Command but require special configuration POWERSHELL PS REMOTING BETWEEN STANDALONE WORKGROUP COMPUTERS, This is best option if you have configured PS remoting, and you don't have to run above script or need extra stepd. You can use default inbuilt commands Get-ItemProperty combining with Invoke-Command. Below is the example cmdlet for getting information from local computer.
Get-ItemProperty -Path 'HKLM:\SOFTWARE\VMware, Inc.\VMware Tools\' -Name InstallPath | select InstallPath

Below procedure is for remote server using Invoke-Command and enclose command within carly brackets {}.
Invoke-Command -ComputerName Member01, Server01 {Get-ItemProperty -Path 'HKLM:\SOFTWARE\VMware, Inc.\VMware Tools\' -Name InstallPath | select InstallPath}



This post first appeared on Tales From Real IT System Administrators World And Non-production Environment, please read the originial post: here

Share the post

Powershell: Get registry value data

×

Subscribe to Tales From Real It System Administrators World And Non-production Environment

Get updates delivered right to your inbox!

Thank you for your subscription

×