Find Registry Keys on Remote Servers

I was tasked with writing a script to find a single registry key on all of the server for a domain that my team manages. So after getting the key that we need to know the value of, I put a script together. The script will first check to see if the server is online, and if it is then the scripts looks at the registry to find the key and records the value.  Then generates a report of the keys that were found.

$reportReg = @()
$Computers = Get-Content C:\scripts\logs\ServersToFindRegistryKeyOn.txt
Foreach ($Computer in $computers){
    If(Test-Connection -ComputerName $Computer -Count 1 -ErrorAction 0){
            Try{
                # This is were the registry key is looked for on the remote server
                $RegLine = "" | Select ComputerName, RegistryKey
                $objReg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $Computer)
                $objRegKey= $objReg.OpenSubKey("SYSTEM\\CurrentControlSet\\Control\\Lsa")
                $RegLine.ComputerName = $Computer
                $RegLine.Registrykey = $objRegkey.GetValue("lmcompatibilitylevel")
                $reportReg += $RegLine
            }
            Catch{
                Write-Warning "Unable to reach $Computer, adding to bad list to look at later."
                $Computer | Add-Content C:\scripts\logs\Unreachable.txt
                Continue
            }
    }
}
$reportReg | Export-Csv C:\scripts\Logs\RegistryValue.csv

The beauty of this script, is that it to took about as much time to find the information on the first server as it did to write this script.  So with needing to find this information on 40+ servers, it is well worth writing.  The rule of thumb, if you have to do it more than twice, script it.

 

– Stuart

14 thoughts on “Find Registry Keys on Remote Servers”

  1. Hi Stuart,

    For some reason this script is stating that it can’t reach systems that are clearly online. I can even connect to the remote registry of the systems via regedit. Any ideas as to why this would be happening?

    1. Hi Joe,
      PowerShell connects to remote systems using the Windows Remote Management (WinRM) service. This would need to be configured on the remote systems for this script to function correctly. In my environment we have a GPO that enables this on all of the servers. Here is a TechNet article describing the how and what about WinRM. https://technet.microsoft.com/en-us/magazine/ff700227.aspx. I hope this helps.

      -Stuart

      1. I just double checked, it would appear WinRM is already turned on and Remote PS is enabled. Any other ideas? This is being run with a domain admin account in PS:Administrator mode.

        1. Joe,
          Sorry to hear that you are having so much trouble. You can run a test to verify that WinRM is running on the remote server. Test-WSMan -ComputerName ComputerNameHere is the command. The command syntax can be found at the following link https://technet.microsoft.com/en-us/library/hh849873.aspx. If the WinRM is configured correctly it should return 4 lines of text, and if not there will be an error message as seen in the image below.

          Results of Test-WSMan

          -Stuart

          1. Joe,
            What registry key are you looking for on the remote server? I’ll update the script on my side to see if I get the same issues.

            -Stuart

  2. It is on a remote server. Here’s the key:

    System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server

    the dword value is Enabled.

    It works fine on the system I’m running the script on but the second it checks any other $Computers (Server2008/2012) it’s unable to reach them.

    1. Here is the script, updated with the registry key that you are looking for:

      $reportReg = @()
      $Computers = Get-Content C:\scripts\logs\ServersToFindRegistryKeyOn.txt
      Foreach ($Computer in $computers){
          If(Test-Connection -ComputerName $Computer -Count 1 -ErrorAction 0){
                  Try{
                      # Gets DNS WINS from all servers.
                      $RegLine = "" | Select ComputerName, RegistryKey
                      $objReg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $Computer)
                      $objRegKey= $objReg.OpenSubKey("SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols\\TLS 1.0\\Server")
                      $RegLine.ComputerName = $Computer
                      $RegLine.Registrykey = $objRegkey.GetValue("Enabled")
                      $reportReg += $RegLine
                  }
                  Catch{
                      Write-Warning "Unable to reach $Computer, adding to bad list to look at later."
                      $Computer | Add-Content C:\scripts\logs\DeadServers.txt
                      Continue
                  }
          }
      }
      $reportReg | Export-Csv C:\scripts\Logs\RegistryValue.csv
      

      Results of the script:
      Registry keys from remote servers

      1. Any Idea how to add multiple registry TLS key for checking if its Enabled in the System.Tested the script however the registry key didnt return.
        Thank you.

        1. KS,
          I would be happy to assist. Would you provide the registry keys you are looking for, and I’ll assist with the script.

          – stuart

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.