Finding remote registry entries with Remoting disabled…

I had run into a situation where I quickly needed to check registry entries for various machines, but PowerShell remoting had not properly been enabled for all of the machines [and was not allowed to be set up on short notice].

Since I needed to quickly obtain the information for various keys, I turned to Google for advice.

Local and Remote

Firstly I’ll define the registry keys I’d like to have information about:

So normally you can get the Local information using the following code:

If you want to obtain the information Remotely, try the following:

As you can see, I can’t just use the variables provided locally, but since I’m running an up-to-date version of PowerShell [v3+], I can using the Using scope modifier, as described here.

I’ve also quickly created a PSCustomObject to contain all the information I require, so I can output this in a clean way.

But what if Remoting is not enabled?

Have no fear, you can still use PowerShell to access the data you want, just through an alternative means.

In this situation, PowerShell can use the power of .NET to still get what it wants!
Do note that this does require the Remote Registry Service to be running on the machine.

Firstly, because of the way registry keys are interpreted through the .NET class, this means splitting up our $RegKey1 and $RegKey2 value into a $Hive [since both are in HKLM] and $Key values:

Using the Microsoft.Win32.RegistryKey class provided by .NET, you can open up a remote connection to a specific hive [LocalMachine, Users] on a remote machine  [you can see this method and other methods available to perform various tasks here].

Once you’ve defined the remote registry connection, you can start getting the information you require using the OpenSubKey and GetValue methods.

What does this look like as a final result:

Hopefuly this can help you in a situation where you just NEED to view remote registry entries, but PowerShell Remoting isn’t [fully] configured.

Happy scripting! 🙂

 

Facebooktwitterredditlinkedinmail

Script Dumpster: Find duplicate entries over multiple reports

Another day at the office..

Thanks to our friends who wrote the NotPetya worm, I received an email from our monitoring vendor to run reports to see if our machines are up-to-date on their patching.

Unfortunately their reporting tool doesn’t properly distinguish between Windows Server 2008 and Windows 2008 R2, as well as Windows 2012 and Windows 2012 R2.

Long story short,  I had to create 4 separate reports, telling me if I had or had not installed the proper KB item on each machine.

Because of this flaw I also had to join the reports and check the “Highlight Duplicates” option in Excel to see whether or not servers had their respective Hotfix installed (if the server had a duplicate entry, it meant that it didn’t have either the standard or R2 patch installed, meaning vulnerable).

Each report also came with a 3 row header with random junk that needed to be removed, so a simple Ctrl + A , Ctrl + C, Ctrl + V wouldn’t suffice.

PowerShell to the rescue!

I looked at the email from the vendor and went “Hell no, I’m not going to do that…” and opened up PowerShell ISE.

Having dumped the reports in the folder c:\Temp\NotPetya , I came up with the following script:

While the coding took a little bit longer, the execution was swift and perfect.

Geeks and Automation

 

Happy scripting! 🙂

Facebooktwitterredditlinkedinmail

You’ve got the Power!! plan….

Today I was playing around on some machines on which I noticed the Power Plans were set incorrect, Balanced on a server :'(

Now of course I can do this manually, or I can use PowerShell instead!

Tools not scripts

Since I want to use this more often and want to create my own “toolbelt” [aka module with common tools], I’ve decided to make the solution as advanced functions, not just scripts.

This means that if you simply copy/paste them, you will need to dot source them first in order to use them.
Dutch PowerShell MVP Jeff Wouters has a good article on this in case you want some more info on this.

Quick info:

to the directory in which you have the .ps1 files in case you have them saved seperately and dot source them using

The following functions are provided:

  • Get-AllPowerPlan
  • Get-ActivePowerPlan
  • Set-ActivePowerPlan

I’m guessing the names sort speak for themselves, but do take into account that the Set-ActivePowerPlan relies on the other functions to… well… function 🙂

The Code

 

Happy Scripting! 🙂

Facebooktwitterredditlinkedinmail