I’m using Powershell v4 to search our GPOs for specific settings and normally this works well but for some reason when i am looking to see if a proxy PAC file policy is applied it cannot find it. I have verified that the setting in one test GPO is there but no luck.
I put this in a Try Catch to get a better error message and this is what I got:
PSMessageDetails :
Exception : System.ArgumentException: The following key is not valid for a Group Policy registry setting:
“Software\Microsoft\Windows\CurrentVersion\Internet Settings”. The key must be in one of the following registry hives:
HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER. Make sure that the Key parameter contains a valid key. Then, run the command again.
Parameter name: key
at Microsoft.GroupPolicy.Commands.InputValidator.GetHive(String& key, Boolean isPolicy)
at Microsoft.GroupPolicy.Commands.GetGPRegistryValueCommand.ProcessRecord()
at System.Management.Automation.CommandProcessor.ProcessRecord()
TargetObject :
CategoryInfo : NotSpecified: ( [Get-GPRegistryValue], ArgumentException
FullyQualifiedErrorId : System.ArgumentException,Microsoft.GroupPolicy.Commands.GetGPRegistryValueCommand
ErrorDetails :
InvocationInfo : System.Management.Automation.InvocationInfo
ScriptStackTrace : at , E:\Files\Scripts\Get-GPRegistryValueTest.ps1: line 3
at , : line 1
PipelineIterationInfo : {}
If i replace the key and valuename with other things i’ve searched for, it finds it with no problem. I’ve also tried using Get-GPPrefRegistryValue with the same result.
Can someone shed some light on why this is happening?
The error looks like it’s coming from an input variation routine that’s coded into the command. It’s not even checking the file; it just doesn’t like that registry path. I’m not sure why it doesn’t like that one - it could even be a design flaw in the command - but it doesn’t.
When you use the command and it works, what are some examples of the values you passed to -Key? The error message would seem to indicate that it wants to see HKEY_CURRENT_USER instead of the abbreviation “HKCU”, but I suspect that’s just a misleading error message.
At a guess, it may want to see a value under Software\Policies or Software\Microsoft\Windows\CurrentVersion\Policies . That’s where most Administrative templates place their values in the registry, and that convention may be hard-coded into the GroupPolicy module in PowerShell.
When you look at this particular setting in the Group Policy Management console, what is it called? You can take that information and trace it back to the proper registry path by looking at the .ADML and .ADMX files in your $env:systemRoot\PolicyDefinitions folder.
It definitely supports the HKLM and HKCU abbreviations; the command’s own help examples use those. I was wondering if the Policies piece was a problem, too. I’m trying to do a peek at the command and see what it’s validation logic looks like, but I’m not getting anywhere.
Have you had success with values outside the Policies key?
That might be it, then. Traditionally, GP was only supposed to deal with “Policies,” since that key gets wiped out with each login, so un-applying a GP setting makes the setting go away, as opposed to being permanently tattooed. As a result, the command’s validation logic might just arbitrarily barf if you try to modify any other hunk of the registry - even though GP can technically tattoo the registry outside of the Policies key, the command might not want to be a part of it.
I’ve just looked through the code in ILSpy, and I’m not seeing anything that looks like it should care whether or not the path starts with Policies.
Just for giggles, try retyping that key path instead of copying / pasting. It’s possible that you’ve got some unprintable character in the "HKCU" bit which is screwing things up. I’ve seen that happen sometimes in other areas of PowerShell scripts.
I know this post is older - but I run into the same issue with get-GPRegistryValue and keys/values for startup scripts under:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup
Isn’t this part of GPOs accessible by the PS cmdlets?