Powershell Microsoft.win32.registrykey Openremotebasekey Credentials
I'm trying to write an application that will get some registry values from a remote computer. The user can provide a hostname or IP in a string and should be getting a registry value displayed on their screen. When I was debugging the program, it turned out that it gives an error whenever the input I provide is either 'localhost' or '127.0.0.1', but it works when I provide 'mxcz', which is my computer name.
Oct 08, 2014 I noticed when I execute the above code in Windows 2003 machine in our domain I do access the registry but when I execute the PowerShell script in. Dec 22, 2016 - Win32.RegistryKey]::OpenRemoteBaseKey($type, $Computer) $regKey. I'm also trying to target the script to run in Powershell 2.0 if possible.
The application uses the OpenRemoteRegistryKey method in Microsoft.Win32.RegistryKey. I decided to isolate this line and just run it in PowerShell. You can see what happens in the picture below. These two PowerShell lines work:
These don't work:
Using my actual LAN IP address 192.168.0.136 instead of 127.0.0.1 gives the exact same behavior. It works without the quotes and doesn't work in quotes.
It's clear to me, I think, why the second line works and why the fourth line doesn't. But I can't figure out why the first line works and why the third and the fifth don't. The Microsoft webpage for the OpenRemoteRegistryKey method clearly says that the second argument is supposed to be a string. Why doesn't 'localhost' in quotes work then? Why does 127.0.0.1 without quotes work? I don't understand how the method interprets this value. Why doesn't '127.0.0.1' in quotes work?
And most importantly, how can I pass whatever the method needs to it, when the user input is a string, either 'hostname' or 'ipaddress' (preferably using the same variable regardless of which one the user decides to use)? Simply feeding it a string with the value '127.0.0.1' clearly doesn't work. Or should I use a different way of accessing a remote registry altogether?
This is on Windows 8.1, x64.
EDIT
In C# neither the quoted nor the unquoted version works. With the quotes, it will give the same error, 'network path not found', and without them it won't compile, see below.
3 Answers
I think your issue is the error is misleading. One of the prerequisites of this working is that the remote registry service needs to be running.
In order for a key to be opened remotely, both the server and client machines must be running the remote registry service, and have remote administration enabled.
I would suggest on your own machine and target machines that you verify that service is running. I was able to replicate the issue by toggling the service off and on. When the method assumes localhost it works by accessing locally it seems. When it is explicitly stated it appears to attempt to use the service.
Also you have to quote those string. Else PowerShell will attempt to evaluate the text as an exe/function/cmdlet etc. Just type in localhost or 127.0.0.1 and you will get errors from the parser. In the case of the latter:
This is the same error I get for one of your working examples.. which unfortunately doesnt seem to help
The problem is that powershell is handling the 127.0.0.1 without quotes weirdly. If you crack open powershell and type 127.0.0.1 by itself, it will return with no output and no error. If you try to do something like '> 127.0.0.1 gm' it will throw an exception.
I noticed then that doing anything with more than two periods is treated differently. Try typing '127.0' at the prompt and then '127.0.0' at the prompt. Different behavior.
Finally - try this:
So - I think, long story short is PowerShell is doing weird stuff to that IP address without you having to quote it. Would love some additional info on this from someone who might have dived deeper than I.
PowerShell
Restituto sierra bravo pdf. I believe this may be due to PowerShell's way of doing Type Inference in earlier versions as i'm not seeing the same results using PowerShell 5 on Windows 10.
PowerShell has it's own unique way of finding out which type you need to use certain .Net methods:
For example:
and
are the same, the only difference is that PowerShell translates 'LocalMachine' to [Microsoft.Win32.RegistryHive]::LocalMachine at Runtime because OpenRemoteBaseKey requires the first parameter to be of type Microsoft.Win32.RegistryHive.
Here are some things you can try though:
(1) Let PowerShell evalute a variable first and then pass the variable to OpenRemoteBaseKey, PowerShell will evaulate the variable rather than a string:
(2) Use literal quotes to tell PowerShell you want to pass 127.0.0.1 literally:
C#
The reason it doesn't work in C# is because unlike Powershell 127.0.0.1 without quotes is not valid syntax for anything (As mentioned in the error message).
If you put the IP Address in quotes you will be telling C# which computers LocalMachine you'd like to connect to:
Hope this helps, please let us know if you make any progress :)
Not the answer you're looking for? Browse other questions tagged .netwindowspowershellregistry or ask your own question.
I'm attempting to use powershell to access a remote registry like so:
Depending on some factors that I'm not yet able to determine I either get
Exception calling 'OpenSubKey' with '1' argument(s): 'Requested registry access is not allowed.'
Or
System.UnauthorizedAccessException: Attempted to perform an unauthorized operation. at Microsoft.Win32.RegistryKey.Win32ErrorStatic(Int32 errorCode, String str) at Microsoft.Win32.RegistryKey.OpenRemoteBaseKey(RegistryHive hKey, String machineName)
It seems pretty clear that this is because the user I'm running the powershell script as doesn't have the appropriate credentials to access the remote registry. I'd like to be able to supply a set of credentials to use for the remote registry access, but I can find no documentation anywhere of a way to do this. I'm also not clear on exactly where to specify which users are allowed to access the registry remotely.
7 Answers
Just thought I'd add my answer to anyone with this problem as well. It seems there is no way to add Credentials using RemoteRegistry. You can however use WMI to query a remote registry using alternative credentials as follows:
From here you can call standard Registry methods. The below example will return the operating system.
Hope this helps someone :)
Are you running remote registry service? It is disabled by default and that must be causing the issue. Check the status of this service on all remote machines you are trying to access.
I couldn't comment directly on bentaylr's entry above, but I've taken what he contributed and added PSCredentials creation (figured out from here) to allow you to hard code credentials into the script.
Peace of mind disclaimer: Be careful when using plaintext credentials in a script. In my case, I'm using generic credentials on machines I'm launching. Depending on your case, you might consider creating an encrypted credential file to store the password in (see link above).
The credentials you use would need to be able to access the registry if you were logged into that user on the machine you are targeting.
OverloadDefinitions
try
$key.OpenSubKey($subkeyName) opens the subkey in write protected mode,$key.OpenSubKey($subkeyName,$true) opens it in writable mode
Therefore after $key.OpenSubKey($subkeyName,$true) you should be able to create a new subkey or value
If you try the same thing after $key.OpenSubKey($subkeyName) you will get 'UnauthorizedAccessException'
Came looking for the answer to your question, but in a little googling this morning I noticed that the first parameter is a type rather than a String.. hope this helps:
Exception Calling Openremotebasekey
Openremotebasekey Powershell
I wanted to first thank all for answers above really helpful, wanted to add that you can use Get-Credential command to collect credentials without having to hard code it in your script. I have written using the above suggestions into my script the following code and query:
The above code returns all sub key names in the specified key so that I can determine installed updates other than OS which have been applied to a server. If you want to determine all collection possibilities with the $objReg variable then run:
You will see a list of all possible queries which can be performed against the registry. Hope this helps!