Remote Registry

From Now Micro
Jump to: navigation, search

The Remote Registry service is used by many of the Right Click Tools to pull information about a particular device. This service is not enabled by default, but can be easily enabled with Group Policy. When configuring your clients to work with the Recast Enterprise Tools, Remote WMI should also be enabled, and ICMP Echo can be enabled to speed up actions for computers that are offline.

Enabling the Remote Registry Service

  1. Open the Group Policy Management Console and create a new Group Policy Object.
  2. Edit the new Group Policy Object and go to Computer Configuration - Preferences - Control Panel Settings - Services and create a new Service.
  3. Change the Startup type to Automatic. In the Service Name field, browse for the RemoteRegistry service.

    SelectServiceRemoteRegistry.png

  4. Change the Service Action to Start Service. The service configuration should look similar to this:

    RemoteRegistryProperties.png

  5. Click OK to save the service. Close the Group Policy Management Editor window.

    GroupPolicyManagementEditorRemoteRegistry.png

Firewall Rules for Remote Registry

TCP445 is the only port required for Remote Registry. This can be enabled in Group Policy with the following steps.

  1. Start by creating or editing an existing Group Policy Object. Browse to Computer Configuration - Policies - Security Settings - Windows Firewall with Advanced Security - Windows Firewall with Advanced Security.
  2. Right click on Inbound Rules and choose New Rule. In the New Inbound Rule Wizard, choose Port and click Next.

    NewInboundRuleWizardPort.png

  3. On the Protocols and Ports page, choose TCP, and select Specific Local Ports. Enter 445 in the local ports text box. Click Next.

    NewInboundRuleWizardProtoclsAndPorts445.png

  4. On the Action page, choose Allow the connection and click Next.

    NewInboundRuleWizardActionAllowTheConnection.png

  5. On the Profile page, choose which firewall profiles you would like the rule to apply to. In general, you should at least select the Domain level. Click Next.

    NewInboundRuleWizardProfileDomain.png

  6. Finally, give the new firewall rule a descriptive name. Click Finish.

    NewInboundRuleWizardNameTCP445In.png

Tools that use Remote Registry

Right Click Tools Device / Collection Actions
Client Actions
Application Deployment Evaluation Cycle False
Discovery Data Collection Cycle False
File Collection Cycle False
Hardware Inventory Cycle False
Machine Policy Retrieval and Evaluation Cycle False
Send Unsent State Messages False
Software Inventory Cycle False
Software Metering Usage Report Cycle False
Software Updates Deployment Evaluation Cycle True
Software Updates Scan Cycle True
State Message Cache Cleanup False
Windows Installer Source List Update Cycle False
Client Tools
Add Computers to Collection False
Change Cache Size False
Clear Cache False
Client Information True
Open Client Installation Log Folder True
Open Client Log Folder True
Rerun Advertisement False
Restart SMS Agent Host Service False
Run Client Check False
Show Collections - Advanced False
Repair Client False
Uninstall Client False
Console Tools
AD Security Groups False
AD Bitlocker Recovery Keys False
Connect to C$ False
Group Policy Update False
Interactive PowerShell Prompt False
Manage Computer False
Open Regedit True
Ping System False
Run PowerShell Script False
Running Processes False
System Information Device Tool Only
Wake On LAN False
Cancel Pending Restart or Shutdown False
Schedule Restart or Shutdown False
Restart System False
Shutdown System False
Personal tools
Namespaces

Variants
Actions
Navigation
Tools