Get-ChildItem through Invoke-WMIMethod or WMI in general

Question

Is there a way to run Get-ChildItem on a remote computer using Invoke-WMIMethod or something similar? My use case is that I need to find every SID that exists in the HKEY_USERS hive.

The HKEY_USERS hive contains a list of SIDS like so:

I want to be get a list of these through WMI on a remote computer, without knowing the SIDs ahead of time. Is this possible?

Answer 1

Use the StdRegProv registry provider WMI class:

$RemoteComputer = 'computer1.hostname.goes.here'
$RegProv = [wmiclass]"\\$RemoteComputer\ROOT\DEFAULT:StdRegProv"

# Magic number identifying the HKEY_USERS hive
$HKU = 2147483651

# Enumerate values under the root key, sNames property will hold key names
$Keys = $RegProv.EnumKey($HKU,'') |Select-Object -ExpandProperty sNames

And here, using the Invoke-WmiMethod cmdlet:

$RemoteComputer = 'computer1.hostname.goes.here'
$ClassPath = "\\$RemoteComputer\ROOT\DEFAULT:StdRegProv"
$HKU = 2147483651

$Keys = Invoke-WmiMethod -Path $ClassPath -Name EnumKey -ArgumentList 2147483651,'' |Select-Object -ExpandProperty sNames