Manipulating the registry remotely with alternate Credentials

As an IT pro I frequently need to read and write to registry keys on remote computers, either ad-hoc or via script. Sure I could use Regedit, or RDP to the server in question, but that involves a lot of clicking, and to be honest, moving my right hand to my mouse seems like such hard work 🙂

I  though I’d show you a number of ways of doing this, as well as their limitations, as well as my personal favourite.

Option 1 – Get-ItemProperty

The Powershell cmdlet Get-ItemProperty can be used in conjunction with Invoke-Command to execute a command on a remote computer.

The nice thing about this command is you can also specify alternate credentials. However, it does require that WsMan is correctly configured for powershell remoting to work. Which, 9 times out of 10 in most environments it is not.

Option 2 – The Microsoft.Win32.RegistryKey Class

The Microsoft.Win32.RegistryKey class is another way of accessing registry settings remotely. An example using this method is as follows:

This is more likely to work as it is not reliant on WsMan being configured. However, it does require the RemoteRegistry service to be running on the target computer. Which, by default is not. Also, there is no way to specify alternate credentials, which can present a few problems depending on the computer you are talking to. e.g. non domain-joined machines mounted on the back of a 42″ LED TV mounted 5 meters off the floor… Quite a specific example there.

Option 3 (preferred) – WMI

My final and preferred option is using WMI. They beautiful thing about this method is WMI is typically available (I’m my experience) in most environments, also it accepts alternative credentials and is not reliant on the RemoteRegistry service.

You will be prompted for alternate credentials when running this script, if you wish these can be hardcoded, although I strongly discourage saving passwords as plain text.

You can view all the required methods of the StdRegProv WMI class on MSDN here: https://msdn.microsoft.com/en-us/library/aa393664(v=vs.85).aspx

The only downside to this option was it took me a while to stumble across it!

I hope this is of use , thanks for taking the time to read my blog!

Leave a Reply

Your email address will not be published. Required fields are marked *