Get-GPRegistryValue

fred-fernandes · March 13, 2015, 1:55am

Hello,

I’m using Powershell v4 to search our GPOs for specific settings and normally this works well but for some reason when i am looking to see if a proxy PAC file policy is applied it cannot find it. I have verified that the setting in one test GPO is there but no luck.

the snippet i’m using to do this is here:

Get-GPRegistryValue -Name $gpo -Key “HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings” -ValueName “AutoConfigURL” -Domain $domain

I put this in a Try Catch to get a better error message and this is what I got:

PSMessageDetails :
Exception : System.ArgumentException: The following key is not valid for a Group Policy registry setting:
“Software\Microsoft\Windows\CurrentVersion\Internet Settings”. The key must be in one of the following registry hives:
HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER. Make sure that the Key parameter contains a valid key. Then, run the command again.
Parameter name: key
at Microsoft.GroupPolicy.Commands.InputValidator.GetHive(String& key, Boolean isPolicy)
at Microsoft.GroupPolicy.Commands.GetGPRegistryValueCommand.ProcessRecord()
at System.Management.Automation.CommandProcessor.ProcessRecord()
TargetObject :
CategoryInfo : NotSpecified: ( [Get-GPRegistryValue], ArgumentException
FullyQualifiedErrorId : System.ArgumentException,Microsoft.GroupPolicy.Commands.GetGPRegistryValueCommand
ErrorDetails :
InvocationInfo : System.Management.Automation.InvocationInfo
ScriptStackTrace : at , E:\Files\Scripts\Get-GPRegistryValueTest.ps1: line 3
at , : line 1
PipelineIterationInfo : {}

If i replace the key and valuename with other things i’ve searched for, it finds it with no problem. I’ve also tried using Get-GPPrefRegistryValue with the same result.

Can someone shed some light on why this is happening?

Thank you

donj · March 13, 2015, 1:58am

The error looks like it’s coming from an input variation routine that’s coded into the command. It’s not even checking the file; it just doesn’t like that registry path. I’m not sure why it doesn’t like that one - it could even be a design flaw in the command - but it doesn’t.

system · March 13, 2015, 2:00am

When you use the command and it works, what are some examples of the values you passed to -Key? The error message would seem to indicate that it wants to see HKEY_CURRENT_USER instead of the abbreviation “HKCU”, but I suspect that’s just a misleading error message.

At a guess, it may want to see a value under Software\Policies or Software\Microsoft\Windows\CurrentVersion\Policies . That’s where most Administrative templates place their values in the registry, and that convention may be hard-coded into the GroupPolicy module in PowerShell.

When you look at this particular setting in the Group Policy Management console, what is it called? You can take that information and trace it back to the proper registry path by looking at the .ADML and .ADMX files in your $env:systemRoot\PolicyDefinitions folder.

fred-fernandes · March 13, 2015, 2:04am

Thank you guys for the quick reply

Going through the other successful keys i’ve used, they are all coming off of Policies

as an example:

“HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop” -ValueName “ScreenSaveTimeOut”

I will check out the ADML and ADMX and let you know.

Thanks!

donj · March 13, 2015, 2:05am

It definitely supports the HKLM and HKCU abbreviations; the command’s own help examples use those. I was wondering if the Policies piece was a problem, too. I’m trying to do a peek at the command and see what it’s validation logic looks like, but I’m not getting anywhere.

Have you had success with values outside the Policies key?

donj · March 13, 2015, 2:07am

That might be it, then. Traditionally, GP was only supposed to deal with “Policies,” since that key gets wiped out with each login, so un-applying a GP setting makes the setting go away, as opposed to being permanently tattooed. As a result, the command’s validation logic might just arbitrarily barf if you try to modify any other hunk of the registry - even though GP can technically tattoo the registry outside of the Policies key, the command might not want to be a part of it.

system · March 13, 2015, 2:19am

I’ve just looked through the code in ILSpy, and I’m not seeing anything that looks like it should care whether or not the path starts with Policies.

Just for giggles, try retyping that key path instead of copying / pasting. It’s possible that you’ve got some unprintable character in the "HKCU" bit which is screwing things up. I’ve seen that happen sometimes in other areas of PowerShell scripts.

fred-fernandes · March 13, 2015, 3:47am

Well, as it turns out, the Internet Explorer settings dont reside in a .POL file but in an XML. I guess the cmdlet doesnt take that into account?

I’m going to recode to look for the settings in that file, i guess.

Thank you guys for your input.

Fred

tuxle · December 28, 2016, 2:25pm

I know this post is older - but I run into the same issue with get-GPRegistryValue and keys/values for startup scripts under:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup

Isn’t this part of GPOs accessible by the PS cmdlets?

Hartmut

Topic		Replies	Views
GPO Admin Template Policy Registry Value PowerShell Help	2	163	September 1, 2016
Reading Registry keys and values PowerShell Help	5	1062	July 3, 2019
Get registry object values PowerShell Help	3	163	December 19, 2017
Filtering Registry Key, value Pairs PowerShell Help	3	174	April 6, 2017
Get-ChildItem returns a value I'm not interested in PowerShell Help	2	148	January 27, 2015

Get-GPRegistryValue

Related Topics