检查远程wmi和远程注册表

时间:2014-12-09 09:07:28

标签: powershell

我在脚本中使用以下代码片段来检查远程WMI和远程注册表是否正常工作。如果这是正确的方法,并且有更好的方法来检查远程WMI和远程注册表是否正常工作,请帮助我。

#WMI
GWMI -Query "Select * from Win32_PingStatus where Address = '$server'" -Credential $altcreds -ErrorAction SilentlyContinue

#REMOTE REGISTRY
get-wmiobject -list "StdRegProv" -namespace root\default -computername $server -credential $altcreds -ErrorAction SilentlyContinue

谢谢!

1 个答案:

答案 0 :(得分:0)

您的第一次检查确定$server是否响应ping次请求。这并没有告诉你任何关于它通过WMI的可访问性。

第二次检查确定远程主机上的StdRegProv WMI类是否可访问。这并没有告诉您有关RemoteRegistry服务状态的任何信息。

如果要检查远程主机上RemoteRegistry服务的状态(并在未运行时启动它),您可以执行以下操作:

$svc = Get-WmiObject -Class Win32_Service -Computer $server `
         -Filter "Name='RemoteRegistry'" -ErrorAction SilentlyContinue `
         -Credential $altcreds

if (-not $svc) {
  "Cannot connect to $server."
  exit 1
}

if ($svc.State -eq 'Stopped') { $svc.StartService() }

或(更多PoSh)像这样:

Invoke-Command -Computer $server -ScriptBlock {
  Get-Service 'RemoteRegistry' | ? { $_.State -eq 'Stopped' } | Start-Service
} -Credential $altcreds

编辑:要测试远程注册表或WMI服务的可访问性,您可以执行以下操作:

$ErrorActionPreference = 'SilentlyContinue'
$reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey($hive, $server)
$svc = Get-WmiObject -List -Class Win32_OperatingSystem -Computer $server
$ErrorActionPreference = 'Stop'

if ($reg) {
  "Access to registry on $server succeeded."
} else {
  "Cannot access registry on $server."
}

if ($svc) {
  "Access to WMI on $server succeeded."
} else {
  "Cannot access WMI on $server."
}

或者,如果您对某些错误信息感兴趣,请执行以下操作:

try {
  $reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey($hive, $server)
} catch {
  "Cannot access registry on {0}. Error: {1:x}" -f $server, $_.Exception.HResult
}

try {
  $svc = Get-WmiObject -List -Class Win32_OperatingSystem -Computer $server `
           -ErrorAction Stop
} catch {
  "Cannot access WMI on {0}. Error: {1:x}" -f $server, $_.Exception.HResult
}

Edit2:根据this thread中的答案,您可以使用Impersonation模块验证远程注册表访问权限:

$cred = New-Object Management.Automation.PSCredential($username, $password)

Import-Module Impersonation
Push-ImpersonationContext $cred
try {
  $reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey($hive, $server)
} catch {
  "Cannot access registry on {0}. Error: {1:x}" -f $server, $_.Exception.HResult
}
Pop-ImpersonationContext

我没有测试过这个。

相关问题
最新问题