Impersonating a Different Logon
kdawg44 at gmail.com
Wed Apr 7 15:57:24 CEST 2010
On Tue, Apr 6, 2010 at 4:11 PM, Tim Golden <mail at timgolden.me.uk> wrote:
> On 06/04/2010 20:26, Kevin Holleran wrote:
>> I am sweeping some of our networks to find devices. When I find a
>> device I try to connect to the registry using _winreg and then query a
>> specific key that I am interested in. This works great for machines
>> that are on our domain, but there are left over machines that are
>> stand alone and the credentials fail. I understand you cannot pass in
>> credentials with _winreg but is there a way to simulate a logon of
>> another user (the machine's local admin) to query the registry?
> The simplest may well be to use WMI (example from here):
> <code - untested>
> import wmi
> reg = wmi.WMI (
> result, names = reg.EnumKey (
> for name in names:
> print name
> I can't try it out at the moment but in principle it should work.
Thanks, I was able to connect to the remote machine. However, how do
I query for a very specific key value? I have to scan hundreds of
machines and need want to reduce what I am querying. I would like to
be able to scan a very specific key and report on its value.
With _winreg I could just do:
keyPath = _winreg.ConnectRegistry(r"\\" + ip_a,_winreg.HKEY_LOCAL_MACHINE)
hKey = _winreg.OpenKey (keyPath,
value,type = _winreg.QueryValueEx(hKey,"Domain")
Also, is there a performance hit with WMI where perhaps I want to try
to connect with the inherited credentials using _winreg first and then
use the MWI if that fails?
Thanks for your help!
More information about the Python-list