Return the LastWriteTime of a specified registry key on a remote machine

Question

Using Powershell, how can I enumerate the LastWriteTime of a specified registry key on a remote machine?

The remote machine does not have Powershell installed so Powershell remoting is out. .NET and WMI are available. I have successfully used the RegEnumKeyEx function in the Advapi32.dll to get the lpftLastWriteTime on a local machine.

Answer 1

How about using LogParser, available from Microsoft?

And here's a code example employing the COM object:

$query = @"

    SELECT 
        Path, 
        KeyName, 
        ValueName, 
        Value, 
        LastWriteTime 
    INTO $outfile 
    FROM \\remotecomputername\HKLM\etc\etc
    WHERE LastWriteTime BETWEEN 
        TIMESTAMP('2011/08/01 00:00:00', 'yyyy/MM/dd hh:mm:ss') AND 
        TIMESTAMP('2011/09/06 00:00:00', 'yyyy/MM/dd hh:mm:ss') 
    ORDER BY LastWriteTime DESC

"@

$inputtype = New-Object -comObject MSUtil.LogQuery.RegistryInputFormat
$outputtype = New-Object -comObject MSUtil.LogQuery.CSVOutputFormat
$outfile = 'c:\temp\outfile.csv'
$logObject = new-object -com MSUtil.LogQuery
$result = $logObject.ExecuteBatch($query, $inputtype, $outputtype) | Out-Null

You could provide multiple comma-separated values in the FROM clause to query more than one computer if required. Further reading here.