Accessing a value in another computer's registry

Hey padmaja,

I don't think your example fully covers it, as you do not indicate anywhere what computer to connect to.

Regardless, I've played around with RegistryConnect, but it's not working 100%, as it still appears to be grabbing the value from the local computer registry.

Here's the example code:

procedure TForm1.Button1Click(Sender: TObject);
var
  Registry_Remote : TRegistry;
begin
  Registry_Remote := TRegistry.Create;
    with Registry_Remote do
      begin
      RootKey := HKEY_LOCAL_MACHINE;
      RegistryConnect('\\SUPPORT2');
      OpenKeyReadOnly('Software\Borland\Delphi\7.0');
      end;
    ShowMessage('App = ' + Registry_Remote.ReadString('App'));
    Registry_Remote.Free;
end;


Likewise, what do I need to do to check if a key exists or not.  In the above example, the key "Software\Borland\Delphi\7.0\App" does not exist.

Should also probably put an "objReg.CloseKey" in there after reading the value :-)

Hello Sir,

  You could check the following site for RegOpenKeyEx function to check if the key exists or not.

http://www.efg2.com/Lab/Library/Delphi/DatesAndTimes/index.html#FileDateToDateTime

with regards,
padmaja.

Hello Sir,

   You could even use the following code to check

 {False because we do not want to create it if it doesn’t exist}
    RegIniFile.OpenKey('Software\Microsoft\Windows NT\CurrentVersion\Winlogon',False);
    RegKey :=RegIniFile.ReadString('AutoAdminLogon');
which is already mentioned in the sample I paste before.

with regards,
padmaja.

Hey guys,

After using BedouinDN's example, I see where the problem lies.  Even though the key might exist on the remote computer, the program fails to connect.  I assume this has something ot do with permissions (The account used to execute the program is an administrator)?  Or perhaps it might have something to do with different operating systems (using a WinXP machine to execute the program to view the registry on a Win98 machine)?

I do not have a Win98 machine to test that, however are you able to connect to the remote machines registry using Regedit and view the value you are attempting to retrieve?

Also, you will more then likely only be able to view details of the HKEY_LOCAL_MACHINE and HKEY_USERS registry hives so if the value you are looking for is in the HKEY_CURRENT_USER hive, you will need to rethink the way you are collecting this information.

Nope, I cannot connect to their computers through regedit.  I can, however, access their computer through the shared drives (for the record).

You may need to look at the rights assignments on the registry for the machines you wish to connect to, the shared folders are shared such that you are permissioned to open them from across the network, however it appears that the registry is not.

Unfortunately it has been a very long time since I have played with Win98 machines and so cannot really tell you how this would be done.

I've  been searching around abit now to see how to access remote registry on Win98 machines.

It appears for Windows 9X clients, you will need to install the Remote Registry service to be able to access the registry from across the network.

Details for Win9X Registry (including remote registry) can be found here:
http://www.microsoft.com/technet/archive/win98/reskit/part6/wrkc31.mspx?mfr=true

Yea, I followed some instructions found at http://www.windowsitlibrary.com/Content/368/11/1.html and installed remote registry.  It seems to be working now, which leaves only one problem left.  It doesn't seem to be able to locate the key on another WinXP machine.  If I use regedit (orregedt32) to access that machines registry, I get the error "Cannot Open HKEY_LOCAL_MACHINE: Error while opening key".

Where/What do I need to do to verify that the Remote Registy server is started on a WinXP machine?

I followed the steps found at https://www.experts-exchange.com/questions/21236479/connect-network-registry-problem-to-Windows-XP-computers-in-our-Domain.html with no luck.  I'm just wondering if it has something to do with the WinXP machine being on a VPN at the moment with another network.  I'm going to wait until that work is done before I do any futher tests.

Oh, and for the record I found out how to verify that the remote registry service is enabled.  It's through Control Panel --> Administrative Tools --> Remote Registry.

For the record, I just checked and it's not the VPN (we disconnected from it, and tried to do a remote registry, but it still failed out and we got the same error listed above if we tried to access it manually through regedit or regedt32).

Sounds like you may have a rights issue.

I am able to use the posted code to collect information from my WinXP fleet without any problems.

There isn't a firewall in between you and the machine you are testing on is there?? (Maybe blocking RPC?)

One of the computers does indeed use Windows Firewall, though RPC is listed under the exceptions.

Other things that I have tried:

- Making sure the Administrators, Local Services and even the user of the other computer has full permission for the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\SecurePipeServers\winreg key.
- Adding in the key that I wish to share into the above mentioned key\AllowedPaths, then in the Machine String.  I also created a new string called Users and added the key into there too (or am I supposed to add the user?)*

*Note that I've also restarted the machine, incase the system needed to update itself.

What do you mean about rights issue, btw?  Both computers log into the same domain, and both users have Administrators access (though ideally the second user shouldn't, but in this test case they both have anyway).

Local Administrator access to the machines does not always mean that the user has the priveledges to access resources remotely across the network. There are a number of group policies that can lock down what any user/Group can do to a machine across the network.

If you are concerned that the firewall is blocking, are you able to enable logging for the firewall (or better still turn it off). This will at least let you know if you are looking in the right direction.

Well, does Windows Firewall allow logging?  I checked it's options for it an under the advanced tab theres an option for security logging.  I've ticked everything, but although the log is created, running Network Registry doesn't appear to create an entry.

Out of interest sake, does your Windows XP machines have SP2 installed?

Yes they do, however we disable the firewall and use a 3rd party desktop firewall instead.

Are there any hardware firewalls between you and the test machine that may be blocking the RPC call?

Nope, no other firewalls between these two machines.

What do I need to do to verify the group policies?

You can always try running gpresult from the command line (GPResult >> C:\Temp\GPResult.txt), or you could also speak to whoever administers the group policy for your workstations. (By default i do not think that there is anything in group policy that will deny this access, so if it is GPO that is causing this then it must have been set).

Some antivirus products may also block this behaviour (McAfee Enterprise for example allows different rules to be set for running scripts and executables)

I ran GPResult on one machine, and tried to run it on the other, but I get an error about a dll file missing (conviently).  I'm going to quickly sort that out and I'll post the results here.

Well, I fixed the dll error, and comparing both computers GPResults only end up showing that they are the same, with the exception of the computer names.

This is starting to get -really- annoying.  I'm going to play around with it abit more today.

Just to let you guys know that I haven't abandoned this question.  I've just had a few things come up that need to be sorted out first, and I intend to get back to this problem as soon as possible.  I've also increased the points by 100.

Sorry for the long update, I only just go back from a flight up the coast.

I've done abit more research, and some people say to run gpedit.msc and check out the settings there.  There's a setting under "Computer Configuration" --> "Windows Settings" --> "Security Settings" --> "Local Policies" --> "Security Options" called "Network Access: Remotely accessible registry paths".

I've included the desired paths, but with no luck.  Is there any other settings in there that you can think of?

Because you can access the machines shares across the network, unfortunately I do not have any idea where else to look, something in Windows policy or local access must obviously be blocking access though as you are unable to open the registry area in regedit across the network.

Good Luck.
:-)

Well, I can drill HKEY_USERS once, though I cannot go any further.  I cannot drill HKEY_LOCAL_MACHINE at all, either way.  This happens when I connect to an XP machine.

I can, however, remote registry connect to the server here (Windows 2000) using one of the WinXP machines (sometime later, I'll be able to test out the second, though it's currently in use).  I cannot, however, access this WinXP machine's registry through the Win2000 server (same problem as above).

So you're probably right, it'ss something with the policy on this computer, but I just don't know where to check everything.

Hmm, according to the group policies (gpedit.msc), the "Network Access: Remotely accessible registry paths" has values in it, but according to the Resultant Set of Policies (rsop.msc) the "Network Access: Remotely accessible registy paths" are "not defined".

Sorry for the long update guys.  It was the end of financial year, and things have been pretty hectic around here, but they've now calmed down enough for me to resume working on this problem.

I did manage to perform a test on my home computers, with the same problem resulting.  At home though, I only have 2 WinXP machines seperated by a switch, which is linked to a router.

I'm going to play around here abit more, but I'd appreciate some comments or suggestions, specifically about the rsop.msc I mentioned above (wtih the remotely accessible registry paths being not defined).

When I jump on the Win2000 server to check the group policies (which I assume would be where the Resultant Set of Policies application that is run on the local computers is pulling the information from) I get the error:

Failed to open the Group Policy Object.  You may not have appropriate rights.

Details:
The network path was not found.

I think that both saravananvg and myself gave a working answer to this question. The issue that the asker came across is an issue where he is locked down by some security setting/policy and cannot access the registry remotely even when using regedit.

The answer that has been given does indeed work flawlessly if the appropriate security rights are available.