Reputation: 57
check remote wmi and remote registry
I am using the below code snippet in my script to check if Remote WMI and Remote Registry is working. Could you please help me if this is the right way to do it and if there is a better way of checking if remote WMI and Remote Registry is working.
#WMI
GWMI -Query "Select * from Win32_PingStatus where Address = '$server'" -Credential $altcreds -ErrorAction SilentlyContinue
#REMOTE REGISTRY
get-wmiobject -list "StdRegProv" -namespace root\default -computername $server -credential $altcreds -ErrorAction SilentlyContinue
Thanks!
Upvotes: 1
Views: 9579
Answers (1)
Reputation: 200233
Your first check determines if $server responds to ping requests. That does not tell you anything about its accessibility via WMI.
The second check determines if the StdRegProv WMI class on the remote host is accessible. That does not tell you anything about the status of the RemoteRegistry service.
If you want to check the state of the RemoteRegistry Service on a remote host (and start it in case it's not running) you could do something like this:
$svc = Get-WmiObject -Class Win32_Service -Computer $server `
-Filter "Name='RemoteRegistry'" -ErrorAction SilentlyContinue `
-Credential $altcreds
if (-not $svc) {
"Cannot connect to $server."
exit 1
}
if ($svc.State -eq 'Stopped') { $svc.StartService() }
or (more PoSh) like this:
Invoke-Command -Computer $server -ScriptBlock {
Get-Service 'RemoteRegistry' | ? { $_.State -eq 'Stopped' } | Start-Service
} -Credential $altcreds
Edit: To test the accessibility of a remote registry or WMI service you could do something like this:
$ErrorActionPreference = 'SilentlyContinue'
$reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey($hive, $server)
$svc = Get-WmiObject -List -Class Win32_OperatingSystem -Computer $server
$ErrorActionPreference = 'Stop'
if ($reg) {
"Access to registry on $server succeeded."
} else {
"Cannot access registry on $server."
}
if ($svc) {
"Access to WMI on $server succeeded."
} else {
"Cannot access WMI on $server."
}
Or, if you're interested in some error information, something like this:
try {
$reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey($hive, $server)
} catch {
"Cannot access registry on {0}. Error: {1:x}" -f $server, $_.Exception.HResult
}
try {
$svc = Get-WmiObject -List -Class Win32_OperatingSystem -Computer $server `
-ErrorAction Stop
} catch {
"Cannot access WMI on {0}. Error: {1:x}" -f $server, $_.Exception.HResult
}
Edit2: According to an answer in this thread you can authenticate remote registry access by using the Impersonation module:
$cred = New-Object Management.Automation.PSCredential($username, $password)
Import-Module Impersonation
Push-ImpersonationContext $cred
try {
$reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey($hive, $server)
} catch {
"Cannot access registry on {0}. Error: {1:x}" -f $server, $_.Exception.HResult
}
Pop-ImpersonationContext
I haven't tested this, though.
Upvotes: 3
Related Questions
- Test if powershell remoting is enabled
- How to get wmi providers registered in the system
- Checks about WinRM service in remote machine
- Query remote machine if specific program installed using wmic and powershell
- Remote Registry Key Checker
- Check if a Registry Path Exists in Remote Machine
- Determine PowerShell version remotely via WMI
- Microsoft Diagnostic Tool via C# remotely
- Using Powershell to verify registry entries remotely
- powershell to Ping,RDP,RemoteRegistry,WMI