Board logo

标题: [原创教程] PowerShell 技能连载 - 远程读取已安装的软件 [打印本页]

作者: victorwoo    时间: 2014-7-5 15:48     标题: PowerShell 技能连载 - 远程读取已安装的软件

大多数软件都会在注册表中登记自己。以下是一段从能从本地和远程的 32 位及 64 位注册表中读取已安装的软件列表的代码。它还是一个演示如何读取远程注册表的不错的例子。

# NOTE: RemoteRegistry Service needs to run on a target system!
$Hive = 'LocalMachine'

# you can specify as many keys as you want as long as they are all in the same hive
$Key = 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall', 'SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall'

# you can specify as many value names as you want
$Value = 'DisplayName', 'DisplayVersion', 'UninstallString'

# you can specify a remote computer name as long as the RemoteRegistry service runs on the target machine,
# you have admin permissions on the target, and the firewall does not block you. Default is the local machine:
$ComputerName = $env:COMPUTERNAME

# add the value "RegPath" which will contain the actual Registry path the value came from (since you can specify more than one key)
$Value = @($Value) + 'RegPath'
# now for each regkey you specified...
$Key | ForEach-Object {
  # the hive on the appropriate machine
  $RegHive = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey($Hive, $ComputerName)
  # the key in that hive...
  $RegKey = $RegHive.OpenSubKey($_)
  # ...find names of all subkeys...
  $RegKey.GetSubKeyNames() | ForEach-Object {
    # subkeys...
    $SubKey = $RegKey.OpenSubKey($_)
    # ...and read all the requested values from each subkey
    # store them, use Select-Object to create a simple new object
    $returnValue = 1 | Select-Object -Property $Value
    $Value | ForEach-Object {
      $returnValue.$_ = $subkey.GetValue($_)

    # ...add the current regkey path name
    $returnValue.RegPath = $SubKey.Name

    # return the values:

    # close the subkey
  # close the regkey
  # close the hive

} | Out-GridView
作者: terse    时间: 2014-7-5 17:08

欢迎吴 荣任PS版主 建议代码用下 code标签 这样看起来不显得凌乱
作者: CrLf    时间: 2014-7-5 17:19

欢迎 波入驻,使用 code 标签的方式是:
  1. 选中代码后,单击回复框的 <> 按钮

作者: 523066680    时间: 2014-7-5 17:31

本帖最后由 523066680 于 2014-7-5 17:42 编辑

  1. [syntax lang="powershell"] [/syntax]

# NOTE: RemoteRegistry Service needs to run on a target system!
$Hive = 'LocalMachine'

# you can specify as many keys as you want as long as they are all in the same hive
$Key = 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall', 'SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall'

# you can specify as many value names as you want
$Value = 'DisplayName', 'DisplayVersion', 'UninstallString'

# you can specify a remote computer name as long as the RemoteRegistry service runs on the target machine,
# you have admin permissions on the target, and the firewall does not block you. Default is the local machine:
$ComputerName = $env:COMPUTERNAME

# add the value "RegPath" which will contain the actual Registry path the value came from (since you can specify more than one key)
$Value = @($Value) + 'RegPath'
# now for each regkey you specified...
$Key | ForEach-Object {
  # the hive on the appropriate machine
  $RegHive = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey($Hive, $ComputerName)
  # the key in that hive...
  $RegKey = $RegHive.OpenSubKey($_)
  # ...find names of all subkeys...
  $RegKey.GetSubKeyNames() | ForEach-Object {
    # subkeys...
    $SubKey = $RegKey.OpenSubKey($_)
    # ...and read all the requested values from each subkey
    # store them, use Select-Object to create a simple new object
    $returnValue = 1 | Select-Object -Property $Value
    $Value | ForEach-Object {
      $returnValue.$_ = $subkey.GetValue($_)

    # ...add the current regkey path name
    $returnValue.RegPath = $SubKey.Name

    # return the values:

    # close the subkey
  # close the regkey
  # close the hive

} | Out-GridView
作者: sysy0018    时间: 2014-7-6 06:45


欢迎光临 批处理之家 ( Powered by Discuz! 7.2