Impersonating a Different Logon

[Kevin Holleran]

On Tue, Apr 6, 2010 at 4:11 PM, Tim Golden <mail at timgolden.me.uk> wrote:
> On 06/04/2010 20:26, Kevin Holleran wrote:
>>
>> Hello,
>>
>> I am sweeping some of our networks to find devices.  When I find a
>> device I try to connect to the registry using _winreg and then query a
>> specific key that I am interested in.  This works great for machines
>> that are on our domain, but there are left over machines that are
>> stand alone and the credentials fail.  I understand you cannot pass in
>> credentials with _winreg but is there a way to simulate a logon of
>> another user (the machine's local admin) to query the registry?
>
> The simplest may well be to use WMI (example from here):
>
> http://timgolden.me.uk/python/wmi/cookbook.html#list-registry-keys
>
> <code - untested>
> import wmi
>
> reg = wmi.WMI (
>  "machine",
>  user="machine\admin",
>  password="Secret",
>  namespace="DEFAULT"
> ).StdRegProv
>
> result, names = reg.EnumKey (
>  hDefKey=_winreg.HKEY_LOCAL_MACHINE,
>  sSubKeyName="Software"
> )
> for name in names:
>  print name
>
> </code>
>
> I can't try it out at the moment but in principle it should work.
>
> TJG
> --
> http://mail.python.org/mailman/listinfo/python-list
>


Thanks, I was able to connect to the remote machine.  However, how do
I query for a very specific key value?  I have to scan hundreds of
machines and need want to reduce what I am querying.  I would like to
be able to scan a very specific key and report on its value.

With _winreg I could just do:
keyPath = _winreg.ConnectRegistry(r"\\" + ip_a,_winreg.HKEY_LOCAL_MACHINE)
try:
      hKey = _winreg.OpenKey (keyPath,
r"SYSTEM\CurrentControlSet\services\Tcpip\Parameters", 0,
_winreg.KEY_READ)
      value,type = _winreg.QueryValueEx(hKey,"Domain")

Also, is there a performance hit with WMI where perhaps I want to try
to connect with the inherited credentials using _winreg first and then
use the MWI if that fails?

Thanks for your help!
Kevin