How to browse remote registry in Powershell

For many system administrator it is useful to browse Windows Registry remotely to verify or set settings on remote computers.  It is a lot more useful if you can script it through Microsoft’s official scripting language : PowerShell.  Today we will see how to browse remote registry in powershell.  We will also see how to get Active Directory user SID so we can access to the right registry settings for that specific user.

First of all, before doing anything you need to make sure you run below script on an Active Directory server using domain administrator privileges.  Otherwise, you won’t have access to domain users registry.  This tutorial is tested on Windows 2008 R2 and Windows 2012 R2.

Also, following Windows Service must be activated and running on remote computers : Remote Registry.

1. Remotely get user’s SID

One thing you will need is user’s SID.  Why you need this ? Because, you will need to access users’ registry settings for desktop or control panel configuration such as screen saver or anything alike.  To do so, we need the following information in variables as below :

<# Replace following domain.name with yours and userAccountName with remote username #>

$userLogin = New-Object System.Security.Principal.NTAccount(“domain.name“,”userAccountName“)

$userSID = $userLogin.Translate([System.Security.Principal.SecurityIdentifier])

2. Open and read remote user’s registry key and values

As soon as we have user’s SID we can browse registry and retrieve any value we want.  We can also set (write) values to user’s registry, but, for some specific settings you will need to reboot remote computer for change(s) to take effect.

<# We will open HKEY_USERS and with accurate user’s SID from remoteComputer #>

$remoteRegistry = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey(‘Users’,”remoteComputer“)

<# We will then retrieve LocalName value from Control Panel / International subkeys #>

$key = $userSID.value+”\Control Panel\International”

$openKey = $remoteRegistry.OpenSubKey($key)

<# We can now retrieve any values #>

$localName = $openKey.GetValue(‘LocaleName’)

Registry LocalName

Conclusion

If you need to verify and validate settings from your domain’s network, it is easy to do so using Powershell and Scheduled Task on any Windows server.

Spread the love...Share on FacebookShare on Google+Pin on PinterestShare on RedditTweet about this on TwitterEmail this to someone