[Samba] Remote Windows registry read access from Linux?

Peter Valdemar Mørch swp5jhu02 at sneakemail.com
Wed Feb 25 15:51:03 GMT 2004 

Hi,

In order to do some inventory and network management of our Windows 
machines, we'd really like to be able to extract some bookkeeping info 
from them - mostly from the registry. Anybody know how this is possible 
from Linux?

(Most of) the information we seek is present in the registry of the 
remote windows machine, e.g. installed programs/hotfixes. But the Event 
Log, Info about running services, users, shares etc. is also on our 
wishlist.

I tried upgrading my samba to 3.0.2a, and editreg(1) says "...currently 
  only  NT4...", and editreg was also not created during my build. 
Regardless, from reading editreg(1) it doesn't seem that it would do 
what I need anyway, such as accessing a remote registry. rpcclient also 
seems very handy - just not quite the tool for my exact job.

I have no need to modify the registry, only extract keys from it.

I suspect that the binary version of the registry on XP is in:
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT
And then there is a part for each user. Is that correct? I was thinking 
that maybe I could use smbclient to retrieve the actual remote binary 
version of the registry and then use some application to decode/dump 
that binary file. Has anybody succeeded in that approach? With what 
dumper? I seem to have no similar global file on my W2K installation... 
- what would that be on W2K? ??On W3K??

I've tried looking at the PDUs that regedit/LANGuard for windows send 
with a sniffer, but there are 994/11009 of them in my traces, and making 
sense of the decodes seems a daunting task. SMB, CIFS and MS/DCE RPC 
keeps re-appearing in those traces, so I thought I'd ask here.

As you can well imagine, I would really hate to have to have a separate 
Windows machine in the loop running some Visual Basic / TCP daemon 
nastiness just to do this...

Very likely, my ignorance stems from not having any fundamental 
knowledge of how Windows remote management works. What is possible and 
what are the protocols (RPC?/DCOM?/What else?) . googling reveals lots 
of Windows Howto pages, but GUI guides (run regedit.exe, click 
here&there) are of very little use here. Can the Windows RPC be used to 
run a visual basic script (uploaded with smbclient) on the remote side 
to do this? E.g.

Any links to *any* useful Linux information?

Peter
-- 
Peter Valdemar Mørch
http://www.morch.com

More information about the samba mailing list