Searching the Registry

Welcome Forums General PowerShell Q&A Searching the Registry

This topic contains 3 replies, has 3 voices, and was last updated by

js
 
Participant
6 days, 19 hours ago.

  • Author
    Posts
  • #170440

    Participant
    Topics: 6
    Replies: 13
    Points: 14
    Rank: Member

    I have been searching the internet most of the morning for this and I find multiple hits, with very similar code, though they miss the mark for me.

    I have been tasked to find specific values (specifically an email address) and do a find and replace.

    the basics.  Yes I have used get-childitem to riffle through the keys, then for each hive key (foreach)  I use get-itemproperty based on $_.PsPath and match a specific string (the email address).

    This finds the keys that have a subkey with this value, but it returns them all, not just the one subkey.  I ma having issues singling out the subkey with the value.  Because of this, I am being very cautious.  I would like to output the path (got that $_.name), but I cannot get it to single out the subkey with the search value.  $_.Property lists all the subkeys.  As a last test I would like to output the value of that subkey (as a double check before I implement this sucker)

    Thanks.

  • #170449

    Participant
    Topics: 1
    Replies: 1475
    Points: 2,338
    Helping Hand
    Rank: Community Hero

    Please show your code. We are much faster when we can tweak existing code. 😉

  • #170452

    Participant
    Topics: 6
    Replies: 13
    Points: 14
    Rank: Member

    ok, this is kind of where I am at.  I was using a known value and subkey (HKCU:\Console – FaceName : __DefaultTTFont__) to do my search (that way it was found quick and I could test the subkey and values against something known)

    $searchString = "__DefaultTTFont__"

    cd HKCU:
    Get-ChildItem . -rec -ea SilentlyContinue | foreach {
    if ((Get-ItemProperty -path $_.PsPath) -match $searchString)
    {
    write-host "——————————–" -ForegroundColor Yellow
    $subList = Get-ItemProperty -Path $_.PsPath
    # Write-Host $_.name -NoNewline
    # Write-Host "\" -NoNewline
    # Write-Host $_.Property -ForegroundColor Cyan -NoNewline
    # Write-Host " : " -NoNewline
    # Get-ItemProperty -Path $_.PSPath -Name "Default"
    # Write-Host -ForegroundColor Green
    # write-host "——————————–" -ForegroundColor Yellow

    }
    }

  • #170455
    js

    Participant
    Topics: 23
    Replies: 665
    Points: 1,529
    Helping Hand
    Rank: Community Hero

    Does this help?

    # get-itemproperty2.ps1
    
    # get-childitem skips top level key properties, use get-item for that
    
    # example pipe to set-itemproperty:
    # ls -r hkcu:\key1 | get-itemproperty2 | where value -match value | 
    #   set-itemproperty -value myvalue -whatif
     
    param([parameter(ValueFromPipeline)]$key)
    
    process { 
      $valuenames = $key.getvaluenames() 
    
      if ($valuenames) { 
        $valuenames | foreach {
          $value = $_
          [pscustomobject] @{
            Path = $key -replace 'HKEY_CURRENT_USER',
        	  'HKCU:' -replace 'HKEY_LOCAL_MACHINE','HKLM:'
            Name = $Value
            Value = $Key.GetValue($Value)
            Type = $Key.GetValueKind($Value)
          }
        }
      } else {
        [pscustomobject] @{
          Path = $key -replace 'HKEY_CURRENT_USER',
            'HKCU:' -replace 'HKEY_LOCAL_MACHINE','HKLM:'
            Name = ''
            Value = ''
            Type = ''
        }
      }
    }
    
    get-childitem -recurse hkcu: | .\get-itemproperty2 | select -first 5
    
    Path                      Name                     Value Type
    ----                      ----                     ----- ----
    HKCU:\AppEvents
    HKCU:\ApplicationDefaults
    HKCU:\Console             CtrlKeyShortcutsDisabled 0     DWord
    HKCU:\Console             CursorSize               25    DWord
    HKCU:\Console             EnableColorSelection     0     DWord
    

You must be logged in to reply to this topic.