Get Even More Visitors To Your Blog, Upgrade To A Business Listing >>
Idioma: En

Microsoft Powershell: remotely write, edit, modify new registry key and data value

Part 1: Powershell: Get Registry value data from remote computer
Part 2: Microsoft Powershell: remotely write, edit, modify new registry key and data value

Recently I had a another requirement to write edit, modify new windows registry keys and value data on remote server using Microsoft PowerShell. Here I have used 3 scripting ways, to perform this task. This is second part of my earlier written script Powershell: Get registry value data from remote computer. This script is written using in powershell using .net registry class. This require remote registry service enabled on remote server and there should be permissions registry. For modification or editing of regedit on localhost run powershell as an administrator. here I am showing 3 methods you can achieve this taks.

Related Articles

Method 1

First command creates sub key (sub folder) on remote computer in selected registry key path. In the parameter RegistryHive you can use 5 values. ClassesRoot, CurrentUser, LocalMachine, Users and CurrentConfig. Computernames can have multiple server names separated with , comma.
Write-RegistryValue -ComputerName RemoteComputer -RegistryHive LocalMachine -RegistryKeyPath SYSTEM\DemoKey -ChildKey test

Next command can be used to create a new value data under the selected registry key path, It can also used to edit existing data changing ValueData. There are 6 value types in registry. String, Binary, DWord, QWord, MultiString and ExpandString. 
Write-RegistryValue -ComputerName RemoteComputer  -RegistryHive LocalMachine -RegistryKeyPath SYSTEM\DemoKey -ValueName 'Start' -ValueData 10 -ValueType DWord

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
 
function Write-RegistryValue {
[CmdletBinding(SupportsShouldProcess=$True,
    ConfirmImpact='Medium',
    HelpURI='http://vcloud-lab.com',
    DefaultParameterSetName='NewValue')]
    Param ( 
        [parameter(ParameterSetName = 'NewValue', Position=0, ValueFromPipeline=$True, ValueFromPipelineByPropertyName=$True)]
        [parameter(ParameterSetName = 'NewKey', Position=0, ValueFromPipeline=$True, ValueFromPipelineByPropertyName=$True)]
        [alias('C')]
        [String[]]$ComputerName = '.',

        [Parameter(ParameterSetName = 'NewValue', Position=1, Mandatory=$True, ValueFromPipelineByPropertyName=$True)]
        [parameter(ParameterSetName = 'NewKey', Position=1, ValueFromPipelineByPropertyName=$True)]
        [alias('Hive')]
        [ValidateSet('ClassesRoot', 'CurrentUser', 'LocalMachine', 'Users', 'CurrentConfig')]
        [String]$RegistryHive = 'LocalMachine',

        [Parameter(ParameterSetName = 'NewValue', Position=2, Mandatory=$True, ValueFromPipelineByPropertyName=$True)]
        [parameter(ParameterSetName = 'NewKey', Position=2, ValueFromPipelineByPropertyName=$True)]
        [alias('ParentKeypath')]
        [String]$RegistryKeyPath = 'SYSTEM\CurrentControlSet\Software',

        [parameter(ParameterSetName = 'NewKey',Position=3, Mandatory=$True, ValueFromPipelineByPropertyName=$true)]
        [String]$ChildKey = 'TestKey',
    
        [parameter(ParameterSetName = 'NewValue',Position=4, Mandatory=$True, ValueFromPipelineByPropertyName=$true)]
        [alias('Type')]
        [ValidateSet('String', 'Binary', 'DWord', 'QWord', 'MultiString', 'ExpandString')]
        [String]$ValueType = 'DWORD',

        [parameter(ParameterSetName = 'NewValue',Position=5, Mandatory=$True, ValueFromPipelineByPropertyName=$true)]
        [String]$ValueName = 'ValueName',

        [parameter(ParameterSetName = 'NewValue',Position=6, Mandatory=$True, ValueFromPipelineByPropertyName=$true)]
        [String]$ValueData = 'ValueData'
    )
    Begin {
        $RegistryRoot= "[{0}]::{1}" -f 'Microsoft.Win32.RegistryHive', $RegistryHive
        try {
            $RegistryHive = Invoke-Expression $RegistryRoot -ErrorAction Stop
        }
        catch {
            Write-Host "Incorrect Registry Hive mentioned, $RegistryHive does not exist" 
        }
    }
    Process {
        Foreach ($Computer in $ComputerName) {
            if (Test-Connection $Computer -Count 2 -Quiet) {
                try {
                    $reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey($RegistryHive, $Computer)
                    $key = $reg.OpenSubKey($RegistryKeyPath, $true)
                }
                catch {
                    Write-Host "Check access on computer name $Computer, cannot connect registry" -BackgroundColor DarkRed
                    Continue
                }
                switch ($PsCmdlet.ParameterSetName) {
                    'NewValue' {
                        $ValueType = [Microsoft.Win32.RegistryValueKind]::$ValueType
                        $key.SetValue($ValueName,$ValueData,$ValueType)
                        $Data = $key.GetValue($ValueName)
                        $Obj = New-Object psobject
                        $Obj | Add-Member -Name Computer -MemberType NoteProperty -Value $Computer
                        $Obj | Add-Member -Name RegistryPath -MemberType NoteProperty -Value "$RegistryKeyPath"
                        $Obj | Add-Member -Name RegistryValueName -MemberType NoteProperty -Value $ValueName
                        $Obj | Add-Member -Name RegistryValueData -MemberType NoteProperty -Value $ValueData
                        $Obj
                        break
                    }
                    'NewKey' {
                        try {
                            if ($key.GetSubKeyNames() -contains $ChildKey) {
                                $Obj = New-Object psobject
                                $Obj | Add-Member -Name Computer -MemberType NoteProperty -Value $Computer
                                $Obj | Add-Member -Name RegistryPath -MemberType NoteProperty -Value $RegistryKeyPath
                                $Obj | Add-Member -Name RegistryChildKey -MemberType NoteProperty -Value $Childkey
                                $Obj
                                Continue
                            }
                            [void]$Key.CreateSubKey("$ChildKey")
                        }
                        catch {
                            Write-Host "Not able to create $ChildKey on remote computer name $Computer" -BackgroundColor DarkRed
                            Continue
                        }
                        break
                    }
                }
            }
            else {
                Write-Host "Computer Name $Computer not reachable" -BackgroundColor DarkRed
            }
        }
    }
    End {
        #[Microsoft.Win32.RegistryHive]::ClassesRoot
        #[Microsoft.Win32.RegistryHive]::CurrentUser
        #[Microsoft.Win32.RegistryHive]::LocalMachine
        #[Microsoft.Win32.RegistryHive]::Users
        #[Microsoft.Win32.RegistryHive]::CurrentConfig
    }
}

#Write-RegistryValue -ComputerName server01, Member01, test, 192.168.33.11, 192.168.33.12, server01 -RegistryHive LocalMachine -RegistryKeyPath SYSTEM\DemoKey -ChildKey test
#Write-RegistryValue -ComputerName server01, Member01, test -RegistryHive LocalMachine -RegistryKeyPath SYSTEM\DemoKey -ValueName 'Start' -ValueData 10 -ValueType DWord

Download this script here. It is also available on Github. To use this script follow below articles.
Different ways to bypass Powershell execution policy :.ps1 cannot be loaded because running scripts is disabled
Installing, importing and using any module in powershell

Below is registry screenshot for comparing of created registry, I tested before running script and after the script.

Method 2

Here in this method it is required to setup powershell remoting using POWERSHELL PS REMOTING BETWEEN STANDALONE WORKGROUP COMPUTERS. These commands are one-liner. below command creates new SubKey under the given path.
Invoke-Command -ComputerName server01 {New-Item -Path HKLM:\SYSTEM\DemoKey -Name NewKey}

Next one-liner cmdlet executed on remote server and new registry data key created. In the PropertyType parameter use the reg data key type as listed in method 1.
Invoke-Command -ComputerName server01 {New-ItemProperty -Path HKLM:\SYSTEM\DemoKey -PropertyType String -Name Myvalue -Value 'Hello '}

If it is required to edit existing key value use command as below.
Invoke-Command -ComputerName server01 {Set-ItemProperty -Path HKLM:\SYSTEM\DemoKey -Name Myvalue -Value 'Newvalue'}

Method 3

This is another scripting method and doesn't require powershell, normal cmd command can be used with batch scritping.

Creates new registry subkey (subfolder)
REG ADD \\server01\HKLM\SYSTEM\DemoKey\TestKey

Creates new value name and data under provided remote registry path. valid registry types names are little different  and listed as  [ REG_SZ    | REG_MULTI_SZ | REG_EXPAND_SZ | REG_DWORD | REG_QWORD    | REG_BINARY    | REG_NONE ]
REG ADD \\server01\HKLM\SYSTEM\DemoKey /v BinValueName /t REG_BINARY /d ef001a7a

Modify existing value data on remote registry, every this same but /f option is added in the last (force)
REG ADD \\server01\HKLM\SYSTEM\DemoKey /v BinValueName /t REG_BINARY /d 12ac2b9d /f

Useful Blogs
Microsoft Powershell generate random anything (Filename, TempPath, GUID, Password)
How to Install and Use Microsoft PowerShell on Linux



This post first appeared on Tales From Real IT System Administrators World And Non-production Environment, please read the originial post: here

Share the post

Microsoft Powershell: remotely write, edit, modify new registry key and data value

×

Subscribe to Tales From Real It System Administrators World And Non-production Environment

Get updates delivered right to your inbox!

Thank you for your subscription

×