Get-Childitem not finding Registry entry

PowerShell Help
1

Trying to display a registry Key

Set-Location HKLM:

cd "\system\currentcontrolset\control\session manager"

PS HKLM:\system\currentcontrolset\control\session manager> get-childitem PendingFileRenameOperations
get-childitem : Cannot find path ‘HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session
manager\PendingFileRenameOperations’ because it does not exist.
At line:1 char:1

  • get-childitem PendingFileRenameOperations
  • CategoryInfo : ObjectNotFound: (HKEY_LOCAL_MACH…enameOperations:String) [Get-ChildItem], ItemNotFound
    Exception
  • FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.GetChildItemCommand

PS HKLM:\system\currentcontrolset\control\session manager>

When I open the registry I see the Key

2

I don’t have this key on my Windows 10 1903 system neither. But there is a key “FileRenameOperations”. Are you sure it’s not a mistake?

3

OLAF,

 

Yes it is the correct key.

Matter of fact I can not display any of the Keys under Session Manager

 

Childitem not working correctly am I missing a parameter?

get-childitem works fine on my file system just not in the registry.

 

Any ideas?

 

Thank you

 

Tom

 

PS how do I post images on this site? I took a screen shot of my registry but I can not paste it in this

 

Thanks again

4

Could you try this:

Get-ChildItem -Path 'Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager'

… just like it is, please.

5

It’s a property, not a key.

6

This works too
[pre]Get-ChildItem -Path ‘HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager’[/pre]

7

Oh … you’re right … stupid me … why I did not see it? thumbs up!!

8

Guys

 

PS C:\util> Get-ChildItem -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager'
Hive: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
Name Property ---- -------- AppCompatCache AppCompatCache : {52, 0, 0, 0...} CacheMainSdb : {49, 48, 116, 115...} SdbTime : {78, 222, 246, 35...} Configuration Manager DOS Devices AUX : \DosDevices\COM1 CON : \Device\ConDrv\Console CONIN$ : \Device\ConDrv\CurrentIn CONOUT$ : \Device\ConDrv\CurrentOut MAILSLOT : \Device\MailSlot NUL : \Device\Null PIPE : \Device\NamedPipe PRN : \DosDevices\LPT1 Silos : \Silos UNC : \Device\Mup Environment ComSpec : C:\WINDOWS\system32\cmd.exe DriverData : C:\Windows\System32\Drivers\DriverData OS : Windows_NT Path : C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WIN DOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\; C:\WINDOWS\System32\OpenSSH\;C: \Program Files\Microsoft SQL Server\Client SDK\ODBC\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\ManagementStudio\;C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\120\DTS\Binn\;C:\Program Files\Microsoft SQL Server\120\DTS\Binn\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\Microsoft\Exchange Server\V15\bin PATHEXT : .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE : AMD64 TEMP : C:\WINDOWS\TEMP TMP : C:\WINDOWS\TEMP USERNAME : SYSTEM windir : C:\WINDOWS PSModulePath : C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\;C:\Program Files (x86)\Microsoft SQL Server\120\Tools\PowerShell\Modules\;C:\Program Files (x86)\VMware\Infrastructure\PowerCLI\Modules NUMBER_OF_PROCESSORS : 4 PROCESSOR_LEVEL : 6 PROCESSOR_IDENTIFIER : Intel64 Family 6 Model 158 Stepping 11, GenuineIntel PROCESSOR_REVISION : 9e0b ExchangeInstallPath : C:\Program Files\Microsoft\Exchange Server\V15\ Executive AdditionalCriticalWorkerThreads : 0 AdditionalDelayedWorkerThreads : 0 UuidSequenceNumber : 152931706 FileRenameOperations I/O System AllowRemoteDASD : 0 kernel DpcWatchdogProfileOffset : 10000 ObUnsecureGlobalNames : {netfxcustomperfcounters.1.0, SharedPerfIPCBlock, Cor_Private_IPCBlock, Cor_Public_IPCBlock_} SeTokenSingletonAttributesConfig : 3 obcaseinsensitive : 1 KnownDLLs _wowarmhw : wowarmhw.dll _xtajit : xtajit.dll advapi32 : advapi32.dll clbcatq : clbcatq.dll combase : combase.dll COMDLG32 : COMDLG32.dll coml2 : coml2.dll DifxApi : difxapi.dll gdi32 : gdi32.dll gdiplus : gdiplus.dll IMAGEHLP : IMAGEHLP.dll IMM32 : IMM32.dll kernel32 : kernel32.dll MSCTF : MSCTF.dll MSVCRT : MSVCRT.dll NORMALIZ : NORMALIZ.dll NSI : NSI.dll ole32 : ole32.dll OLEAUT32 : OLEAUT32.dll PSAPI : PSAPI.DLL rpcrt4 : rpcrt4.dll sechost : sechost.dll Setupapi : Setupapi.dll SHCORE : SHCORE.dll SHELL32 : SHELL32.dll SHLWAPI : SHLWAPI.dll user32 : user32.dll WLDAP32 : WLDAP32.dll wow64 : wow64.dll wow64win : wow64win.dll WS2_32 : WS2_32.dll _Wow64 : Wow64.dll _Wow64cpu : Wow64cpu.dll _Wow64win : Wow64win.dll LPK : LPK.dll Memory Management ClearPageFileAtShutdown : 0 LargeSystemCache : 0 NonPagedPoolQuota : 0 NonPagedPoolSize : 0 PagedPoolQuota : 0 PagedPoolSize : 0 PagingFiles : {?:\pagefile.sys} SecondLevelDataCache : 0 SessionPoolSize : 4 SessionViewSize : 48 SystemPages : 0 PhysicalAddressExtension : 1 FeatureSettings : 0 DisablePagingExecutive : 1 PagefileUsage : {79, 0, 0, 0...} ExistingPageFiles : {\??\C:\pagefile.sys} NamespaceSeparation AppcontainerUserSeparation : 0 InteractiveUserSeparation : 0 Power AcPolicy : {1, 0, 0, 0...} AcProcessorPolicy : {1, 0, 0, 0...} DcPolicy : {1, 0, 0, 0...} DcProcessorPolicy : {1, 0, 0, 0...} HBFlagsSwitch : 1 HiberbootEnabled : 1 PowerSettingProfile : 0 SleepStudyDeviceAccountingLevel : 4 WatchdogResumeTimeout : 120 WatchdogSleepTimeout : 300 POSTTime : 0 BootmgrUserInputTime : 0 FwPOSTTime : 10862 SystemPowerPolicy : {1, 0, 0, 0...} TotalResumeTime : 18696999 ResumeBootMgrTime : 0 ResumeAppTime : 0 ResumeAppStartTimestamp : 0 ResumeLibraryInitTime : 0 ResumeInitTime : 0 ResumeHiberFileTime : 0 ResumeRestoreImageStartTimestamp : 0 ResumeIoTime : 0 ResumeDecompressTime : 0 ResumeMapTime : 0 ResumeUnmapTime : 0 ResumeUserInOutTime : 0 ResumeAllocateTime : 0 ResumeKernelSwitchTimestamp : 0 KernelReturnFromHandlerTimestamp : 18695977 SleeperThreadEndTimestamp : 18696056 TimeStampCounterAtSwitchTime : 0 KernelReturnSystemPowerState : 18696847 HiberHiberFileTime : 4980 HiberInitTime : 65 HiberSharedBufferTime : 3 TotalHibernateTime : 10550 KernelResumeHiberFileTime : 0 KernelResumeInitTime : 0 KernelResumeSharedBufferTime : 0 DeviceResumeTime : 682 KernelAnimationTime : 0 KernelPagesProcessed : 903406 KernelPagesWritten : 225735 BootPagesProcessed : 118182 BootPagesWritten : 22697 HiberWriteRate : 198 HiberCompressRate : 56 ResumeReadRate : 0 ResumeDecompressRate : 0 FileRuns : 2 NoMultiStageResumeReason : 0 MaxHuffRatio : 1 SecurePagesProcessed : 0 HiberChecksumTime : 60 HiberChecksumIoTime : 18 ResumeChecksumTime : 0 ResumeChecksumIoTime : 0 KernelChecksumTime : 0 KernelChecksumIoTime : 0 KernelResumeIoCpuTime : 0 HiberIoCpuTime : 408 ResumeCompleteTimestamp : 20712125 Quota System SubSystems (default) : mnmsrvc Debug : Kmode : \SystemRoot\System32\win32k.sys Optional : {} Required : {Debug, Windows} Windows : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 WPA
I also tried LS
PS C:\util> ls -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager'
Hive: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
Name Property ---- -------- AppCompatCache AppCompatCache : {52, 0, 0, 0...} CacheMainSdb : {49, 48, 116, 115...} SdbTime : {78, 222, 246, 35...} Configuration Manager DOS Devices AUX : \DosDevices\COM1 CON : \Device\ConDrv\Console CONIN$ : \Device\ConDrv\CurrentIn CONOUT$ : \Device\ConDrv\CurrentOut MAILSLOT : \Device\MailSlot NUL : \Device\Null PIPE : \Device\NamedPipe PRN : \DosDevices\LPT1 Silos : \Silos UNC : \Device\Mup Environment ComSpec : C:\WINDOWS\system32\cmd.exe DriverData : C:\Windows\System32\Drivers\DriverData OS : Windows_NT Path : C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\ManagementStudio\;C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\120\DTS\Binn\;C:\Program Files\Microsoft SQL Server\120\DTS\Binn\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\Microsoft\Exchange Server\V15\bin PATHEXT : .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE : AMD64 TEMP : C:\WINDOWS\TEMP TMP : C:\WINDOWS\TEMP USERNAME : SYSTEM windir : C:\WINDOWS PSModulePath : C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\;C:\Program Files (x86)\Microsoft SQL Server\120\Tools\PowerShell\Modules\;C:\Program Files (x86)\VMware\Infrastructure\PowerCLI\Modules NUMBER_OF_PROCESSORS : 4 PROCESSOR_LEVEL : 6 PROCESSOR_IDENTIFIER : Intel64 Family 6 Model 158 Stepping 11, GenuineIntel PROCESSOR_REVISION : 9e0b ExchangeInstallPath : C:\Program Files\Microsoft\Exchange Server\V15\ Executive AdditionalCriticalWorkerThreads : 0 AdditionalDelayedWorkerThreads : 0 UuidSequenceNumber : 152931706 FileRenameOperations I/O System AllowRemoteDASD : 0 kernel DpcWatchdogProfileOffset : 10000 ObUnsecureGlobalNames : {netfxcustomperfcounters.1.0, SharedPerfIPCBlock, Cor_Private_IPCBlock, Cor_Public_IPCBlock_} SeTokenSingletonAttributesConfig : 3 obcaseinsensitive : 1 KnownDLLs _wowarmhw : wowarmhw.dll _xtajit : xtajit.dll advapi32 : advapi32.dll clbcatq : clbcatq.dll combase : combase.dll COMDLG32 : COMDLG32.dll coml2 : coml2.dll DifxApi : difxapi.dll gdi32 : gdi32.dll gdiplus : gdiplus.dll IMAGEHLP : IMAGEHLP.dll IMM32 : IMM32.dll kernel32 : kernel32.dll MSCTF : MSCTF.dll MSVCRT : MSVCRT.dll NORMALIZ : NORMALIZ.dll NSI : NSI.dll ole32 : ole32.dll OLEAUT32 : OLEAUT32.dll PSAPI : PSAPI.DLL rpcrt4 : rpcrt4.dll sechost : sechost.dll Setupapi : Setupapi.dll SHCORE : SHCORE.dll SHELL32 : SHELL32.dll SHLWAPI : SHLWAPI.dll user32 : user32.dll WLDAP32 : WLDAP32.dll wow64 : wow64.dll wow64win : wow64win.dll WS2_32 : WS2_32.dll _Wow64 : Wow64.dll _Wow64cpu : Wow64cpu.dll _Wow64win : Wow64win.dll LPK : LPK.dll Memory Management ClearPageFileAtShutdown : 0 LargeSystemCache : 0 NonPagedPoolQuota : 0 NonPagedPoolSize : 0 PagedPoolQuota : 0 PagedPoolSize : 0 PagingFiles : {?:\pagefile.sys} SecondLevelDataCache : 0 SessionPoolSize : 4 SessionViewSize : 48 SystemPages : 0 PhysicalAddressExtension : 1 FeatureSettings : 0 DisablePagingExecutive : 1 PagefileUsage : {79, 0, 0, 0...} ExistingPageFiles : {\??\C:\pagefile.sys} NamespaceSeparation AppcontainerUserSeparation : 0 InteractiveUserSeparation : 0 Power AcPolicy : {1, 0, 0, 0...} AcProcessorPolicy : {1, 0, 0, 0...} DcPolicy : {1, 0, 0, 0...} DcProcessorPolicy : {1, 0, 0, 0...} HBFlagsSwitch : 1 HiberbootEnabled : 1 PowerSettingProfile : 0 SleepStudyDeviceAccountingLevel : 4 WatchdogResumeTimeout : 120 WatchdogSleepTimeout : 300 POSTTime : 0 BootmgrUserInputTime : 0 FwPOSTTime : 10862 SystemPowerPolicy : {1, 0, 0, 0...} TotalResumeTime : 18696999 ResumeBootMgrTime : 0 ResumeAppTime : 0 ResumeAppStartTimestamp : 0 ResumeLibraryInitTime : 0 ResumeInitTime : 0 ResumeHiberFileTime : 0 ResumeRestoreImageStartTimestamp : 0 ResumeIoTime : 0 ResumeDecompressTime : 0 ResumeMapTime : 0 ResumeUnmapTime : 0 ResumeUserInOutTime : 0 ResumeAllocateTime : 0 ResumeKernelSwitchTimestamp : 0 KernelReturnFromHandlerTimestamp : 18695977 SleeperThreadEndTimestamp : 18696056 TimeStampCounterAtSwitchTime : 0 KernelReturnSystemPowerState : 18696847 HiberHiberFileTime : 4980 HiberInitTime : 65 HiberSharedBufferTime : 3 TotalHibernateTime : 10550 KernelResumeHiberFileTime : 0 KernelResumeInitTime : 0 KernelResumeSharedBufferTime : 0 DeviceResumeTime : 682 KernelAnimationTime : 0 KernelPagesProcessed : 903406 KernelPagesWritten : 225735 BootPagesProcessed : 118182 BootPagesWritten : 22697 HiberWriteRate : 198 HiberCompressRate : 56 ResumeReadRate : 0 ResumeDecompressRate : 0 FileRuns : 2 NoMultiStageResumeReason : 0 MaxHuffRatio : 1 SecurePagesProcessed : 0 HiberChecksumTime : 60 HiberChecksumIoTime : 18 ResumeChecksumTime : 0 ResumeChecksumIoTime : 0 KernelChecksumTime : 0 KernelChecksumIoTime : 0 KernelResumeIoCpuTime : 0 HiberIoCpuTime : 408 ResumeCompleteTimestamp : 20712125 Quota System SubSystems (default) : mnmsrvc Debug : Kmode : \SystemRoot\System32\win32k.sys Optional : {} Required : {Debug, Windows} Windows : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 WPA
Both only show the sub folders under Session Manager.
If I could post a screen shot I would show you what I see
any other ideas?
Under Session Manager you will see many Keys
9

Because it’s a property and not a key as js correctly pointed out you will have to use Get-ItemProperty instead of Get-ChildItem … like this:

Get-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager'

If you want to get only the value you can access the property like this:

(Get-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager' -Name PendingFileRenameOperations ).PendingFileRenameOperations

Could you please format your code and example output as well as code next time?
Thanks.

10

OLAF

Thank you that worked

 

Yes I forgot about the pre /pre

 

 

11

OLAF,

Can I get the key

[pre]

PS C:\util> invoke-command -computer TGCS005-N2 -scriptblock {Get-ItemProperty -Path ‘Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations’} Cannot find path ‘HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations’
because it does not exist.

  • CategoryInfo : ObjectNotFound: (HKEY_LOCAL_MACH…enameOperations:String) [Get-ItemProperty], ItemNotFo
    undException
  • FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.GetItemPropertyCommand
  • PSComputerName : TGCS005-N2

[/pre]

PS C:\util> invoke-command -computer TGCS005-N2 -scriptblock {Get-ItemProperty -Path ‘Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager’}

GlobalFlag : 0
HeapDeCommitTotalFreeThreshold : 0
HeapSegmentCommit : 0
HeapDeCommitFreeBlockThreshold : 0
ResourceTimeoutCount : 648000
ObjectDirectories : {\Windows, \RPC Control}
ProtectionMode : 1
CriticalSectionTimeout : 2592000
ProcessorControl : 2
HeapSegmentReserve : 0
ExcludeFromKnownDlls : {}
BootExecute : {autocheck autochk /q /v *, sysprepDecrypter.exe }
BootShell : C:\Windows\system32\bootim.exe
NumberOfInitialSessions : 2
RunLevelExecute : {WinInit, ServiceControlManager}
AutoChkTimeout : 10
RunLevelValidate : {ServiceControlManager}
SETUPEXECUTE : {}
PendingFileRenameOperations : {??\C:\Windows\system32\spool\DRIVERS\x64\V4Connections\3B85FE2B-443B-41CE-AA1B-80EA5
1E0AB58\dc319786.BUD, , ??\C:\Windows\system32\spool\DRIVERS\x64\V4Connections\3B85FE
2B-443B-41CE-AA1B-80EA51E0AB58\dc319786.BUD, …}
PSPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro
l\Session Manager
PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro
l
PSChildName : Session Manager
PSProvider : Microsoft.PowerShell.Core\Registry
PSComputerName : TGCS005-N2
RunspaceId : 3d9ee5e0-f0a7-42fe-93df-8c7f75933677

 

As you can see it does exist.

 

Any ideas

 

Tom

 

12

Look at my code! And then look at your code! And now compare! :wink: If you see any difference try it again. :wink:

13

OLAF

 

Yes I got that one working now also

 

Thank you

14

Mark this as solved.

 

wrote script to remove entries