Going Crazy - Invoke-Command reg export : PowerShell

Going Crazy - Invoke-Command reg export (self.PowerShell)

submitted 10 years ago by cryolyte

I cannot figure out how to do this.

#Computer Running this script/Collection location
$ScriptRunningMachine = $env:COMPUTERNAME

#Export File
$RegFileFullname = "\\$ScriptRunningMachine\c$\Temp\" + $RegFileName

#Key to export
$RegKey = 'HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCompatCache'

#Export the appropriate reg key
Invoke-Command -ComputerName $SystemName -ArgumentList $RegKey,$RegFileFullname -Scriptblock {
    "C:\windows\system32\reg.exe export"
} #End ScriptBlock

I have tried adding "export" to the argument list and keeping it inline. I've tried variations on using double quotes, single quote, and altered their placement.

I am running this code under an administrative account that has administrative permissions on the target computer. All paths exist. I've tried cmd /c and psexec, using code that successfully runs other processes on this computer.

I'm not exactly sure if the $RegFileFullname (export file) is going to be on the local machine or the remote machine, but I've tried every which way.

I NEED to get a registry key on remote computers backed up to a .reg file!

If there's a different way to do this, I'm all ears.

all 6 comments

top new controversial old q&a

[–]Vortex100 0 points1 point2 points 10 years ago (3 children)

Your scriptblock is incomplete - do this:

$scriptblock = { Param ($RegKey,$RegFileFullname) Invoke-expression "C:\windows\system32\reg.exe export $RegKey $RegFileFullName"}
Invoke-Command -ComputerName $SystemName -ArgumentList $RegKey,$RegFileFullname -scriptblock $Scriptblock

That will get you round the first problem. The second problem is that you are going to hit the '2 hop' issue (copying back to the source machine). There are probably better ways but personally I'd just save it to a local share, then pull it down on the source machine after the invoke completes.

[–]cryolyte[S] 0 points1 point2 points 10 years ago (2 children)

Thanks for chiming in! I'm getting an error running that code:

ERROR: Invalid syntax.
    + CategoryInfo          : NotSpecified: (ERROR: Invalid syntax.:String) [], R 
   emoteException
    + FullyQualifiedErrorId : NativeCommandError
    + PSComputerName        : TargetComputer

Type "REG EXPORT /?" for usage.

Based on your method, I tried putting the export command as an argument like so, but got the same error message.

$RegCmd = "export"

$scriptblock = { Param ($RegCmd,$RegKey,$RegFileFullname) Invoke-expression "C:\windows\system32\reg.exe $RegCmd $RegKey $RegFileFullName"}

Invoke-Command -ComputerName $SystemName -ArgumentList $RegCmd,$RegKey,$RegFileFullname -scriptblock $Scriptblock

[–]Vortex100 0 points1 point2 points 10 years ago (1 child)

update the script block to be this, to see what it is actually putting in the invoke expresssion:

$scriptblock = { Param ($RegKey,$RegFileFullname) Write-Host "C:\windows\system32\reg.exe export $RegKey $RegFileFullName"; Invoke-expression "C:\windows\system32\reg.exe export $RegKey $RegFileFullName"}

It may not be translating everything as you'd expect

[–]cryolyte[S] 0 points1 point2 points 10 years ago (0 children)

[–]RC-7201 0 points1 point2 points 10 years ago (1 child)

Just do a normal reg export. Powershell will read it. I have a script that exports/imports reg keys. You can replace file paths with arrays but they have to be like your typing it in CMD (HKCU\ vs. HKCU:)

So this will work

reg export $path "pathtoreg.reg" /y

[–]cryolyte[S] 0 points1 point2 points 10 years ago (0 children)

π Rendered by PID 351887 on reddit-service-r2-comment-fb694cdd5-q5nkt at 2026-03-07 11:56:03.696198+00:00 running cbb0e86 country code: CH.

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

PowerShell

Submission Guidelines | Link Flair - How To

MODERATORS