Getting to the .default key in registry in powershell

Tagged: 

This topic contains 8 replies, has 5 voices, and was last updated by  memo admin 1 month, 3 weeks ago.

  • Author
    Posts
  • #37904

    Wei-Yen Tan
    Participant

    How would one get to the HKEY_Users key in the registry using powershell? I am seeing that it would have to be possible to look it up by the .net classes.

    One example I see is

    $Reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', 'computername')
    
    

    Would the key be users in this case?
    The key that I am looking for is

    HKEY_Users\.DEFAULT\Control Panel\International and the LocalName value.

    Many thanks,

    Wei-Yen

  • #37911

    Richard Diphoorn
    Participant

    Simple, try this:

    Set-Location -Path HCKU:
    

    EDIT: I was too quick with answering. Be aware that you need to script this. There's no native way (besides using .NET, as you already figured out), to access the .DEFAULT hive.

    Check this: https://www.sepago.com/blog/2007/11/19/why-is-almost-everybody-wrong-about-hkudefault
    And this: http://stackoverflow.com/questions/11013466/loading-ntuser-dat-with-powershell

  • #37914

    Curtis Smith
    Participant

    I've tried posting this a few times, but it has not shown up for some reason. Here it is again without the source reference which appears to be what it causing it to not display.

    Get-ItemProperty -Path "Registry::\HKEY_USERS\.DEFAULT\Control Panel\International"
    
  • #37915

    Richard Diphoorn
    Participant

    I take my words back. Curtis is the man! _0_

  • #37916

    Wei-Yen Tan
    Participant

    Thanks Richard.

  • #37917

    Richard Diphoorn
    Participant

    You could use Invoke-Command for that.

  • #37918

    Matt Bloomfield
    Participant

    You could create a PSDrive using the Registry provider:

    New-PSDrive HKU -Root HKEY_Users -PSProvider Registry
    Get-ChildItem HKU:\.default
    
  • #37919

    Wei-Yen Tan
    Participant

    Thanks guys, you have given a bit more perspective

  • #73780

    memo admin
    Participant

    from cmd console:
    powershell -command "& Get-ChildItem -Path Registry::HKU | where {$_.Name -match 'Classes'} | Select-Object -ExpandProperty PSChildName | Out-File .\default_HKU.txt"

    from PS console:
    Get-ChildItem -Path Registry::HKU | where {$_.Name -match 'Classes'} | Select-Object -ExpandProperty PSChildName | Out-File .\default_HKU.txt

You must be logged in to reply to this topic.