Reading Remote RegistryKeys inside a Remote Session

rated by 0 users
This post has 3 Replies | 1 Follower

Not Ranked
Posts 2
phoffi1 Posted: 03-30-2012 8:00 AM

Hi,

I am having trouble with the low-level access to the registry as follows:

$rootkey = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $computername)
$key = $rootkey.OpenSubKey('SOFTWARE\Company\Application')
$value = $key.GetValue('Version')

When I run this command on my local computer to access a remote registry it works.

The problem is, I need to compare two remote machines, so I am opening a remote session to machine 1 and run a powershell script which should use this command to connect to machine 2 and compare values. This does not work. I believe there is a problem with running the command within a remote-accessed Powershell. Is there a way around it?

I also tried running it in a script and directly in the console, dot-sourced and with ampersand. Nothing worked. The error looks as follows:

[remotehost1]: PS D:\test> $rootkey = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('
LocalMachine', 'remotehost2')
Exception calling "OpenRemoteBaseKey" with "2" argument(s): "Attempted to perform an unauthorized operation."
At line:1 char:60
+ $rootkey = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey <<<< ('LocalMachine', 'remotehost2')
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : DotNetMethodException

Is there a solution to this problem?

Regards,
Patrick

 

Top 25 Contributor
Posts 296
Microsoft MVP
Top Contributor

Quick question - do you need to run PowerShell with elevated privileges for this to work? If so thats your problem as PowerShell remote sessions do not have elevated privileges

Not Ranked
Posts 2

Yes I think Administrator rights are required. But I am running the remote Session to machine 1 with Credentials of a Domain Administrator, so it should connect to every system the same way. When I run the OpenRemoteBaseKey Command on my Laptop with Credentials of the Domain Admin I can successfully read the registry of Remote Systems. It just doesn't work when I connect to machine 1 and within the Remote Session try to read machine 2 with

[Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $machine2)

Top 10 Contributor
Posts 631
Microsoft MVP
Top Contributor

This is because inside a remote session, you cannot transparently authenticate to someone else. So even though the remote session runs with admin creds, it cannot forward those to log on to another machine.

You would have to either use "net use" with explicit credentials from within the remote session to connect to another machine before accessing the registry (remote registry access uses IPC so any connection you establish should suffice). Or you would have to resort to another way of accessing the remote registry like WMI where you can submit explicit credentials.

A more esoteric approach would be to use CredSSP with your remote session (which requires the remote system to be set up for that). Then, your remote session would be able to forward your credentials.

Page 1 of 1 (4 items) | RSS
Copyright 2012 PowerShell.com. All rights reserved.