Accessing Remote x64 Registry From an x86/x32 Server

One of the biggest scripting headaches I've experienced over the last few years (mainly as x64 servers have become more prolific) has been working out which part of a remote registry or system I'm actually hitting when talking to it remotely.

By default, if your process is running as a 32 bit process you will end up accessing the 32 bit "reflection" of the remote system. Therefore, registry keys like HKLM\Software will actually be mapped to HKLM\Wow6432Node which gets very frustrating! You can access the 64 bit "reflection" via WMI, but personally I find that quite painful.

Fortunately, in .NET 4, the registry class had some extra features added to it which allowed for a new overload "RegistryView". Therefore, you can now specify exactly which "reflection" of the registry you want to access and manipulate! No more headaches!

Unfortunately, Powershell is .NET 2.0 native and you therefore can't access these classes, fortunately, you can force Powershell to run the .NET 4 libraries instead. Have a look at my previous post for details.

As a quick sample. In Powershell before .NET 4, the overloads for OpenRemoteBaseKey were just RegistryHive and String. So you would run something like this:

$Hive = "LocalMachine"
$ServerName = "MyServer"
[Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey([Microsoft.Win32.RegistryHive]$Hive,$ServerName)

Now in .NET 4, there is one more overload which is RegistryView, so you can do the following to specify a 64 bit registry:

$Hive = "LocalMachine"
$ServerName = "MyServer"
[Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey([Microsoft.Win32.RegistryHive]$Hive,$ServerName,[Microsoft.Win32.RegistryView]::Registry64)

And you're in! How great is that?!

For a full listing of the RemoteBaseKey options have a look here
For a full listing of the RegistyView options have a look here

Shay Levy MVP wrote a module over on MSDN called PSRemoteRegistry which is superb for accessing registry keys on remote machines (it does what it says on the tin!), although you do come across the same x64/x32 issues. I've spoken with Shay and he was happy for me to mention that you can quite easily edit the module to add a $Use64 switch into the functions and then put the relevant code in to tell it how to select the right "reflection" of the registry, although, remember, you need to make the change to force Powershell to use .NET4. Thanks very much Shay!