Impersonating a Different Logon

Kevin Holleran kdawg44 at
Wed Apr 7 09:57:24 EDT 2010

On Tue, Apr 6, 2010 at 4:11 PM, Tim Golden <mail at> wrote:
> On 06/04/2010 20:26, Kevin Holleran wrote:
>> Hello,
>> I am sweeping some of our networks to find devices.  When I find a
>> device I try to connect to the registry using _winreg and then query a
>> specific key that I am interested in.  This works great for machines
>> that are on our domain, but there are left over machines that are
>> stand alone and the credentials fail.  I understand you cannot pass in
>> credentials with _winreg but is there a way to simulate a logon of
>> another user (the machine's local admin) to query the registry?
> The simplest may well be to use WMI (example from here):
> <code - untested>
> import wmi
> reg = wmi.WMI (
>  "machine",
>  user="machine\admin",
>  password="Secret",
>  namespace="DEFAULT"
> ).StdRegProv
> result, names = reg.EnumKey (
>  hDefKey=_winreg.HKEY_LOCAL_MACHINE,
>  sSubKeyName="Software"
> )
> for name in names:
>  print name
> </code>
> I can't try it out at the moment but in principle it should work.
> --

Thanks, I was able to connect to the remote machine.  However, how do
I query for a very specific key value?  I have to scan hundreds of
machines and need want to reduce what I am querying.  I would like to
be able to scan a very specific key and report on its value.

With _winreg I could just do:
keyPath = _winreg.ConnectRegistry(r"\\" + ip_a,_winreg.HKEY_LOCAL_MACHINE)
      hKey = _winreg.OpenKey (keyPath,
r"SYSTEM\CurrentControlSet\services\Tcpip\Parameters", 0,
      value,type = _winreg.QueryValueEx(hKey,"Domain")

Also, is there a performance hit with WMI where perhaps I want to try
to connect with the inherited credentials using _winreg first and then
use the MWI if that fails?

Thanks for your help!

More information about the Python-list mailing list