Performing A Remote Registry Query To Display Installed Windows Updates

I received my first exposure to WMI(Windows Management Instrumentation) and accessing the Registry using C# when I worked on a personal project I came up with. I wanted to display the installed Windows Updates of Servers within a small network I created using VMware that consisted of a Domain Controller, a couple of additional Windows Servers, and a Windows XP Pro machine along with some additional information about the servers. I will show some sample code that demonstrates how to query a Remote Registry and retrieve a list of the installed updates in a Windows Application. NOTE: Your user account will need to be a member of the Domain Admins Group.

The first thing I did was to drop a ListView Control on an empty Windows form. I then configured a few properties such as setting the Form's size to a width of 450 and the ListView Control's Dock property to Fill. I added a few column headers to the ListView Control's Columns collection such as (Type, Description, Installed Date, and Installed By). Finally I set the ListView Control's View property to Details.

To query the registry remotely you will need to include a reference to the System.Management namespace and setup a couple of attributes to deal with Access Permissions to the registry as well as the Initial Hive location.

using System.Security.Permissions;

using System.Management;

using Microsoft.Win32;



[assembly: RegistryPermissionAttribute(SecurityAction.RequestMinimum, Read = @"HKEY_LocalMachine\SOFTWARE")]

[assembly: SecurityPermissionAttribute(SecurityAction.RequestMinimum, UnmanagedCode = true)]

The SecurityAction.RequestMinimum requests a minimum group of permissions that is needed for the code to execute. Also the UnmanagedCode Parameter is set to true, because when working with the Registry you are dealing with Unmanaged code.

The ConnectionsOptions object contains the information needed to authenticate the user. Next a collection of WMI objects is returned after querying Win32_OperatingSystem from the Management classes.

string serverName = "192.168.239.128";



ConnectionOptions co = new ConnectionOptions();

co.Username = "username";

co.Password = "password";



ManagementScope ms = new ManagementScope("\\\\" + serverName + "\\root\\cimv2", co);

ObjectQuery objQuery = new ObjectQuery("SELECT * FROM Win32_OperatingSystem");

ManagementObjectSearcher objSearcher = new ManagementObjectSearcher(ms, objQuery);

ManagementObjectCollection queryCollection = objSearcher.Get();

I perform a comparison on the OS Version number to display the proper registry information for a particular Windows OS. In this case it is for Windows 2000 and Windows 2003 Servers.

foreach (ManagementObject mo in queryCollection)

{

    int ver = String.Compare(mo["Version"].ToString(), "5.2.3790");

    if (ver == 0)

    {

        updateListView.Items.Clear();

        RegistryKey win2003Key;

        win2003Key = RegistryKey.OpenRemoteBaseKey(RegistryHive.LocalMachine, serverName).OpenSubKey("SOFTWARE").OpenSubKey("Microsoft").OpenSubKey("Updates").OpenSubKey("Windows Server 2003").OpenSubKey("SP2");

        foreach (string subKeyName in win2003Key.GetSubKeyNames())

        {

            using (RegistryKey tempKey = win2003Key.OpenSubKey(subKeyName))

            {

                foreach (string valueName in tempKey.GetValueNames())

                {

                    if (String.Equals(valueName, "Description"))

                    {

                        ListViewItem value = new ListViewItem(tempKey.GetValue("Type").ToString());

                        value.SubItems.Add(tempKey.GetValue(valueName).ToString());

                        value.SubItems.Add(tempKey.GetValue("InstalledDate").ToString());

                        value.SubItems.Add(tempKey.GetValue("InstalledBy").ToString());

                        updateListView.Items.AddRange(new ListViewItem[] { value });

                    }

                }

            }

        }

    }

    else if (ver < 0)

    {

        updateListView.Items.Clear();

        RegistryKey win2000Key;

        win2000Key = RegistryKey.OpenRemoteBaseKey(RegistryHive.LocalMachine, serverName).OpenSubKey("SOFTWARE").OpenSubKey("Microsoft").OpenSubKey("Updates").OpenSubKey("Windows 2000").OpenSubKey("SP5");

        foreach (string subKeyName in win2000Key.GetSubKeyNames())

        {

            using (RegistryKey tempKey = win2000Key.OpenSubKey(subKeyName))

            {

                foreach (string valueName in tempKey.GetValueNames())

                {

                    if (String.Equals(valueName, "Description"))

                    {

                        ListViewItem value = new ListViewItem(tempKey.GetValue("Type").ToString());

                        value.SubItems.Add(tempKey.GetValue(valueName).ToString());

                        value.SubItems.Add(tempKey.GetValue("InstalledDate").ToString());

                        value.SubItems.Add(tempKey.GetValue("InstalledBy").ToString());

                        updateListView.Items.AddRange(new ListViewItem[] { value });

                    }

                }

            }

        }

    }

}

I drill down through the registry and retrieve the values for the updates populating the ListView Control with the name of the update, when it was installed, and who installed it.

This example has been based on a simple virtual network configured with Active Directory. In an actual network environment a few changes would have to be made depending upon the level of security imposed as well as any group policies in place and possibly other factors.