hello,

WMI gives a solution to get "out" value. This is not very easy but it is possible.
Here is an example of code "full KiXtart" :
 Code:
break on

$=SetOption( "Explicit", "ON" )
$=SetOption( "NoVarsInStrings", "ON" )
$=SetOption( "NoMacrosInStrings", "ON" )

global $namespace, $objWMIService, $objRegistry, $wmiclass, $wmimethod
global $objInParams, $objOutParams

global $HKEY_CLASSES_ROOT, $HKEY_CURRENT_USER, $HKEY_LOCAL_MACHINE
global $HKEY_USERS, $HKEY_CURRENT_CONFIG
$HKEY_CLASSES_ROOT              = (CDBL(2147483647)+1)	; &80000000
$HKEY_CURRENT_USER              = (CDBL(2147483647)+2)	; &80000001
$HKEY_LOCAL_MACHINE             = (CDBL(2147483647)+3)	; &80000002
$HKEY_USERS                     = (CDBL(2147483647)+4)	; &80000003
$HKEY_CURRENT_CONFIG            = (CDBL(2147483647)+6)	; &80000005

global $strComputer, $strRegKey, $strRegValueName, $RegValue, $byte
$strComputer = "."
$strRegKey = "System\CurrentControlSet\Services\TCPIP\Performance"

;-- Connect to WMI --
$namespace = "root\default"
$objWMIService = GetObject('winmgmts:{impersonationLevel=impersonate,(debug,security)}!\\'+$strComputer+'\'+$namespace)

$wmiclass = "StdRegProv"

$objRegistry = $objWMIService.Get($wmiclass)

;-------------------------------------------------------------------------------
; example to read a value in the registry with WMI with GetStringValue method
;
; uint32 GetStringValue(
;   [in]  uint32 hDefKey = HKEY_LOCAL_MACHINE,
;   [in]  string sSubKeyName,
;   [in]  string sValueName,
;   [out] string sValue
; )
;-------------------------------------------------------------------------------
"First read (REG_SZ)" ?
$strRegValueName = "Open"
$wmimethod = "GetStringValue"

$objInParams = $objRegistry.Methods_($wmimethod).InParameters.SpawnInstance_
$objInParams.hDefKey = $HKEY_LOCAL_MACHINE
$objInParams.sSubKeyName = $strRegKey
$objInParams.sValueName = $strRegValueName

;-- Execute the GetStringValue method to read value in the registry --
$objOutParams = $objWMIService.ExecMethod( $wmiclass, $wmimethod, $objInParams )

;-- get the sValue parameter that is returned by GetStringValue method --
$RegValue = $objOutParams.sValue

". SubKeyName : " $objInParams.sSubKeyName ?
". ValueName  : " $objInParams.sValueName ?
". value      : " $RegValue ?
?


;-------------------------------------------------------------------------------
; example to read a value in the registry with WMI with GetDwordValue method
;
; uint32 GetDwordValue(
;   [in]  uint32 hDefKey = HKEY_LOCAL_MACHINE,
;   [in]  string sSubKeyName,
;   [in]  string sValueName,
;   [out] uint32 uValue
; )
;-------------------------------------------------------------------------------
"Second read (REG_DWORD)" ?
$strRegValueName = "WbemAdapStatus"
$wmimethod = "GetDwordValue"

$objInParams = $objRegistry.Methods_($wmimethod).InParameters.SpawnInstance_
$objInParams.hDefKey = $HKEY_LOCAL_MACHINE
$objInParams.sSubKeyName = $strRegKey
$objInParams.sValueName = $strRegValueName

;-- Execute the GetDwordValue method to read value in the registry --
$objOutParams = $objWMIService.ExecMethod( $wmiclass, $wmimethod, $objInParams )

;-- get the uValue parameter that is returned by GetDwordValue method --
$RegValue = $objOutParams.uValue

". SubKeyName : " $objInParams.sSubKeyName ?
". ValueName  : " $objInParams.sValueName ?
". value      : " $RegValue ?
?


;-------------------------------------------------------------------------------
; example to read a value in the registry with WMI with GetBinaryValue method
;
; uint32 GetBinaryValue(
;   [in]  uint32 hDefKey = HKEY_LOCAL_MACHINE,
;   [in]  string sSubKeyName,
;   [in]  string sValueName,
;   [out] uint8  uValue[]
; )
;-------------------------------------------------------------------------------
"Third read (REG_BINARY)" ?
$strRegValueName = "WbemAdapFileSignature"
$wmimethod = "GetBinaryValue"

$objInParams = $objRegistry.Methods_($wmimethod).InParameters.SpawnInstance_
$objInParams.hDefKey = $HKEY_LOCAL_MACHINE
$objInParams.sSubKeyName = $strRegKey
$objInParams.sValueName = $strRegValueName

;-- Execute the GetDwordValue method to read value in the registry --
$objOutParams = $objWMIService.ExecMethod( $wmiclass, $wmimethod, $objInParams )

;-- get the uValue parameter that is returned by GetDwordValue method --
$RegValue = $objOutParams.uValue

". SubKeyName : " $objInParams.sSubKeyName ?
". ValueName  : " $objInParams.sValueName ?
". value      : "
for each $byte in $regvalue
	DecToHex($byte) " "
next
?
In this code, i read locally because $strComputer = "."
To test remotely, just change the line $strComputer = "<remote computername>"

For more information, look at Microsoft MSDN Web Site (WMI StdRegProv)and see all methods GetXxxValue.
_________________________
Christophe