how can I write a script to read a remote registry - using different credentials?

Printable View

15-01-2008
Mark

how can I write a script to read a remote registry - using different credentials?

I've got a authentication-related script question. If anyone can help out or
point me toward someone/something with a clue or hint I would be really
really appreciative.

Basically my issue is I want to run a script (vbscript) that reads the
registry on a remote win2003 server using different NT Domain credentials
from my own. I have the credentials (pulled from a database) and I can
connect to the remote computer and make wmi calls (such as
win32_ComputerSysem) using them via SWbemLocator:

Set objSWbemLocator = CreateObject("WbemScripting.SWbemLocator")
Set WmiObjSet = objSWbemLocator.ConnectServer(strComputer, _
"root\CIMV2", _
strUser, _
strPassword, _
"MS_409", _
"NTLMDomain:" + strDomain)

But that won't work for the registry calls, because I need to use
"winmgmts:" and I can't find any docs on how to use it with different
credentials.

Set objReg = Getobject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer _
& "\root\default:stdregprov")

All I have been able to find on MS site is information about the
"impersonationLevel" in the call and using kerberos versus ntlm but nothing
about how to actually validate as a different domain user.

I did find the following info on page:
http://msdn2.microsoft.com/en-us/library/aa389292.aspx

"You cannot specify a password in a WMI moniker string. If you must change
the password (strPassword parameter) or the type of authentication
(strAuthority parameter) when connecting to WMI, then call
SWbemLocator.ConnectServer."

However I have yet to find any info on a script that reads a registry key
without using "winmgmts"

Can anyone help me?
Mark Butler
16-01-2008
Richard Mueller [MVP]

Re: how can I write a script to read a remote registry - using different credentials?

Mark wrote:

> I've got a authentication-related script question. If anyone can help out
> or point me toward someone/something with a clue or hint I would be really
> really appreciative.
>
> Basically my issue is I want to run a script (vbscript) that reads the
> registry on a remote win2003 server using different NT Domain credentials
> from my own. I have the credentials (pulled from a database) and I can
> connect to the remote computer and make wmi calls (such as
> win32_ComputerSysem) using them via SWbemLocator:
>
> Set objSWbemLocator = CreateObject("WbemScripting.SWbemLocator")
> Set WmiObjSet = objSWbemLocator.ConnectServer(strComputer, _
> "root\CIMV2", _
> strUser, _
> strPassword, _
> "MS_409", _
> "NTLMDomain:" + strDomain)
>
> But that won't work for the registry calls, because I need to use
> "winmgmts:" and I can't find any docs on how to use it with different
> credentials.
>
> Set objReg = Getobject("winmgmts:" _
> & "{impersonationLevel=impersonate}!\\" & strComputer _
> & "\root\default:stdregprov")
>
> All I have been able to find on MS site is information about the
> "impersonationLevel" in the call and using kerberos versus ntlm but
> nothing about how to actually validate as a different domain user.
>
>
> I did find the following info on page:
> http://msdn2.microsoft.com/en-us/library/aa389292.aspx
>
> "You cannot specify a password in a WMI moniker string. If you must change
> the password (strPassword parameter) or the type of authentication
> (strAuthority parameter) when connecting to WMI, then call
> SWbemLocator.ConnectServer."
>
> However I have yet to find any info on a script that reads a registry key
> without using "winmgmts"

WMI can be very obtuse. I found no help on the Microsoft site, but
fortunately I found an old newsgroup thread that gave me the solution.

First, for reasons unknown, you cannot specify the name space
"root\default:StdRegProv" in the objSWbemLocator.ConnectServer method. But
you can specify the namespace "root\default". The trick is how to get at
methods of the "StdRegProv" class, and the answer is to use the Get method.
So in brief:
===========
Set objSWbemLocator = CreateObject("wbemScripting.SwbemLocator")
Set objSWbemServices = objSWbemLocator.ConnectServer _
(strComputer, "root\default", strUser, strPassword)
Set objReg = objSWbemServices.Get("StdRegProv")
objReg.GetStringValue HKEY_LOCAL_MACHINE, strKeyPath, strEntryName, strValue
Wscript.Echo strValue
============
where you provide values for strComputer, strUser, strPassword, strKeyPath,
strEntryName, and HKEY_LOCAL_MACHINE.

I'm going to have to sock this snippet away somewhere for future reference.
It was a bit of work to find.

--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--
16-01-2008
urkec

RE: how can I write a script to read a remote registry - using differe

"Mark" wrote:

> I've got a authentication-related script question. If anyone can help out or
> point me toward someone/something with a clue or hint I would be really
> really appreciative.
>
> Basically my issue is I want to run a script (vbscript) that reads the
> registry on a remote win2003 server using different NT Domain credentials
> from my own. I have the credentials (pulled from a database) and I can
> connect to the remote computer and make wmi calls (such as
> win32_ComputerSysem) using them via SWbemLocator:
>
> Set objSWbemLocator = CreateObject("WbemScripting.SWbemLocator")
> Set WmiObjSet = objSWbemLocator.ConnectServer(strComputer, _
> "root\CIMV2", _
> strUser, _
> strPassword, _
> "MS_409", _
> "NTLMDomain:" + strDomain)
>
> But that won't work for the registry calls, because I need to use
> "winmgmts:" and I can't find any docs on how to use it with different
> credentials.
>
> Set objReg = Getobject("winmgmts:" _
> & "{impersonationLevel=impersonate}!\\" & strComputer _
> & "\root\default:stdregprov")
>
> All I have been able to find on MS site is information about the
> "impersonationLevel" in the call and using kerberos versus ntlm but nothing
> about how to actually validate as a different domain user.
>
>
> I did find the following info on page:
> http://msdn2.microsoft.com/en-us/library/aa389292.aspx
>
> "You cannot specify a password in a WMI moniker string. If you must change
> the password (strPassword parameter) or the type of authentication
> (strAuthority parameter) when connecting to WMI, then call
> SWbemLocator.ConnectServer."
>
> However I have yet to find any info on a script that reads a registry key
> without using "winmgmts"
>
> Can anyone help me?
> Mark Butler
>
>

You can use SWbemLocator to connect to StdRegProv class. This is a sample
script from Microsoft Script Center, I modified it to use
SWbemLocator.ConnectServer instead of the moniker:

Const HKEY_LOCAL_MACHINE = &H80000002
Const REG_SZ = 1
Const REG_EXPAND_SZ = 2
Const REG_BINARY = 3
Const REG_DWORD = 4
Const REG_MULTI_SZ = 7

strComputer = "."

Set objSWbemLocator = CreateObject("WbemScripting.SWbemLocator")

Set objSWbemService= objSWbemLocator.ConnectServer _
(strComputer, "root\default")

Set oReg = objSWbemService.Get ("StdRegProv")

strKeyPath = "SYSTEM\CurrentControlSet\Control\Lsa"

oReg.EnumValues HKEY_LOCAL_MACHINE, strKeyPath, _
arrValueNames, arrValueTypes

For i=0 To UBound(arrValueNames)
Wscript.Echo "Value Name: " & arrValueNames(i)

Select Case arrValueTypes(i)
Case REG_SZ
Wscript.Echo "Data Type: String"
Wscript.Echo
Case REG_EXPAND_SZ
Wscript.Echo "Data Type: Expanded String"
Wscript.Echo
Case REG_BINARY
Wscript.Echo "Data Type: Binary"
Wscript.Echo
Case REG_DWORD
Wscript.Echo "Data Type: DWORD"
Wscript.Echo
Case REG_MULTI_SZ
Wscript.Echo "Data Type: Multi String"
Wscript.Echo
End Select
Next

I tested this on a local machine, so I'm not sure if this will run remotely.

--
urkec
16-01-2008
Mark

Re: how can I write a script to read a remote registry - using different credentials?

That works absolutely perfectly!

Thank you so much, I had been banging my head against this for quite some
time.

Mark

"Richard Mueller [MVP]" <rlmueller-nospam@ameritech.nospam.net> wrote in
message news:el6f6b6VIHA.4684@TK2MSFTNGP06.phx.gbl...
>
> WMI can be very obtuse. I found no help on the Microsoft site, but
> fortunately I found an old newsgroup thread that gave me the solution.
>
> First, for reasons unknown, you cannot specify the name space
> "root\default:StdRegProv" in the objSWbemLocator.ConnectServer method. But
> you can specify the namespace "root\default". The trick is how to get at
> methods of the "StdRegProv" class, and the answer is to use the Get
> method. So in brief:
> ===========
> Set objSWbemLocator = CreateObject("wbemScripting.SwbemLocator")
> Set objSWbemServices = objSWbemLocator.ConnectServer _
> (strComputer, "root\default", strUser, strPassword)
> Set objReg = objSWbemServices.Get("StdRegProv")
> objReg.GetStringValue HKEY_LOCAL_MACHINE, strKeyPath, strEntryName,
> strValue
> Wscript.Echo strValue
> ============
> where you provide values for strComputer, strUser, strPassword,
> strKeyPath, strEntryName, and HKEY_LOCAL_MACHINE.
>
> I'm going to have to sock this snippet away somewhere for future
> reference. It was a bit of work to find.
>
> --
> Richard Mueller
> Microsoft MVP Scripting and ADSI
> Hilltop Lab - http://www.rlmueller.net
> --
>
>