How to get the data from a value from the registry using Powershell

Question

I have the following registry key value that I want to check via Powershell:

"SERVER_NAME"

HK_CLASSES_ROOT\AppID\{54C92AE1-77C3-11D1-9B6C-00A024BF0B6D}

the value is "RemoteServerName" and the data from that value is a server that I need to check.

Registry View:

VALUE DATA

---

(Default) WFM Tally Server RemoteServerName DNVR-WFMTAL10

So far I tried the following codes but all I get is the Valuename (RemoteServerName) or the data from the Default value (WFM Tally Server)

Here they are:

foreach ($server in $server_list){
$hklm = 2147483648
$sSubKeyName = "AppID\\{54C92AE1-77C3-11D1-9B6C-00A024BF0B6D}"
$sValueName = "WFM Tally Server"
$wmi = [wmiclass]"Root\default:stdRegProv" 
($wmi.GetStringValue($hklm,$sSubKeyName)).sValue

and here is the other code:

foreach ($server in $server_list){
$hklm = 2147483648
$sSubKeyName = "AppID\\{54C92AE1-77C3-11D1-9B6C-00A024BF0B6D}"
$sValueName = "WFM Tally Server"
$wmi = [wmiclass]"Root\default:stdRegProv" 
($wmi.GetStringValue($hklm,$sSubKeyName)).sValue

What am I missing?

Answer 1

If you are trying to get the value from the registry key on the remote machine "Server", then your main problem is with this piece of code:

$wmi = [wmiclass]"Root\default:stdRegProv"

To browse the key on the remote machine, you need to connect to the registry on the remote host as a UNC path.

[WmiClass]"\\$Server\ROOT\DEFAULT:StdRegProv"

For more info about the WMI StdRegProv see http://msdn.microsoft.com/en-us/library/aa393664(v=vs.85).aspx

Quick Reference, the different registry hives under this class are:

 HKEY_CLASSES_ROOT (2147483648 (0x80000000))
 HKEY_CURRENT_USER (2147483649 (0x80000001))
 HKEY_LOCAL_MACHINE (2147483650 (0x80000002))
 HKEY_USERS (2147483651 (0x80000003))
 HKEY_CURRENT_CONFIG (2147483653 (0x80000005))

So a correct version of your code would be:

foreach ($server in $server_list){
    $HKCR = [uint32]"0x80000000"
    $sSubKeyName = "AppID\{54C92AE1-77C3-11D1-9B6C-00A024BF0B6D}"
    $sValueName = "RemoteServerName"
    $wmi = [wmiclass]"\\$server\ROOT\DEFAULT:StdRegProv" 
    $wmi.GetStringValue($HKCR, $sSubKeyName, $sValueName)
}

FYI, The name of the (Default) value of a registry key is actually a null string. Regedit simply replaces this null string with (Default) when displaying the key's values. So if you need to read the default value of a key you would use:

$wmi.GetStringValue($HKCR, $sSubKeyName, "")

Hope anyone who comes across this finds it useful. o7

Answer 2

We have a cmdlet that will do it (comes with a free trial if you're just after something short term) - http://www.vexasoft.com/cmdletlibrary/support/getregistrykey.html. Then you can do it in one line (and it supports remote computers, 32-bit to 64-bit access, credentials etc.):

foreach ($server in $server_list)
{
    Get-RegistryKey -Key "HKCR:\AppID\{54C92AE1-77C3-11D1-9B6C-00A024BF0B6D}" -ValueName RemoteServerName -Computer $server
}

If you can't use third party cmdlets though, there's OpenRemoteBaseKey in the framework:

    foreach ($server in $server_list)
    {
$reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('ClassesRoot', $Server)
$regkey = $reg.OpenSubkey("AppID\\{54C92AE1-77C3-11D1-9B6C-00A024BF0B6D}")
$regkey.GetValue("RemoteServerName")
    }

Answer 3

Powershell has very good Registry navigation features. You don't have to use wmi:

New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT
cd "HKCR:\AppID\{54C92AE1-77C3-11D1-9B6C-00A024BF0B6D}"
(get-itemproperty -path . -name RemoteServerName).RemoteServerName

http://msdn.microsoft.com/en-us/library/bb648598%28v=vs.85%29.aspx