获取远程registry值
我有下面的脚本,我希望它出去多个服务器,并获得registry的价值。 不幸的是,它目前只是发回我正在运行脚本的机器的本地registry值。
我如何让脚本运行远程registry?
脚本:
clear #$ErrorActionPreference = "silentlycontinue" $Logfile = "C:\temp\NEWnetbackup_version.log" Function LogWrite { param([string]$logstring) Add-Content $Logfile -Value $logstring } $computer = Get-Content -Path c:\temp\netbackup_servers1.txt foreach ($computer1 in $computer){ $Service = Get-WmiObject Win32_Service -Filter "Name = 'NetBackup Client Service'" -ComputerName $computer1 if (test-connection $computer1 -quiet) { $NetbackupVersion1 = $(Get-ItemProperty hklm:\SOFTWARE\Veritas\NetBackup\CurrentVersion).PackageVersion if($Service.state -eq 'Running') { LogWrite "$computer1 STARTED $NetbackupVersion1" } else { LogWrite "$computer1 STOPPED $NetbackupVersion1" } } else { LogWrite "$computer1 is down" -foregroundcolor RED } }
你可以尝试使用.net:
$Reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $computer1) $RegKey= $Reg.OpenSubKey("SOFTWARE\\Veritas\\NetBackup\\CurrentVersion") $NetbackupVersion1 = $RegKey.GetValue("PackageVersion")
尝试远程registry模块 ,registry提供程序不能远程操作:
Import-Module PSRemoteRegistry Get-RegValue -ComputerName $Computer1 -Key SOFTWARE\Veritas\NetBackup\CurrentVersion -Value PackageVersion
如果你有Powershell远程处理和CredSSP设置,那么你可以更新你的代码如下:
$Session = New-PSSession -ComputerName $Computer1 -Authentication CredSSP $NetbackupVersion1 = Invoke-Command -Session $Session -ScriptBlock { $(Get-ItemProperty hklm:\SOFTWARE\Veritas\NetBackup\CurrentVersion).PackageVersion} Remove-PSSession $Session
对于远程registry,你必须在PowerShell 2.0中使用.NET
$w32reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine',$computer1) $keypath = 'SOFTWARE\Veritas\NetBackup\CurrentVersion' $netbackup = $w32reg.OpenSubKey($keypath) $NetbackupVersion1 = $netbackup.GetValue('PackageVersion')
如果您需要用户的SID并浏览远程HKEY_USERS文件夹,则可以按照以下脚本进行操作:
<# Replace following domain.name with yours and userAccountName with remote username #> $userLogin = New-Object System.Security.Principal.NTAccount(“domain.name“,”userAccountName“) $userSID = $userLogin.Translate([System.Security.Principal.SecurityIdentifier]) <# We will open HKEY_USERS and with accurate user's SID from remoteComputer #> $remoteRegistry = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('Users',”remoteComputer“) <# We will then retrieve LocalName value from Control Panel / International subkeys #> $key = $userSID.value+”\Control Panel\International” $openKey = $remoteRegistry.OpenSubKey($key) <# We can now retrieve any values #> $localName = $openKey.GetValue('LocaleName')
资料来源: http : //techsultan.com/how-to-browse-remote-registry-in-powershell/
使用python和wmi模块。
import wmi conn = wmi.WMI('172.20.58.34', user='UserName', password='Password') command = r'cmd /c reg query "HKLM\SOFTWARE\Microsoft" /ve > C:\output.txt' conn.Win32_Process.Create(CommandLine=command)
更多信息$ reg /? 在命令提示符下。