Query Registry

PowerShell Help
1

I’m working on a script that will query ‘HKLM:\software\Microsoft\windows\CurrentVersion\Run’, capture all Key Names/Data and report a True or False if any keys with empty data values are discovered.

The true/false evaluation is failing because of how the data is being captured. If any key is there with valid data then it reports True. Instead I need to evaluate each key and value within Run.

Any help or ideas is greatly appreciated!

$Keys = Get-Item 'HKLM:\software\Microsoft\windows\CurrentVersion\Run'

ForEach ($Key in $Keys)  
{
    $Property = @{Name = 'Property'; Expression = {$_}}
    $Value = @{Name = 'Value'; Expression = {$Keys.GetValue($_)}}
    $Key.Property | Select $Property, $Value

        $Values =  $Key.Property | Select $value
        
        if ($Values -eq $null) {
            return $false}
         
        else {
            return $true}
}
2

There’s a subtle bit about working with the registry, and some terminology you might not be aware of in PowerShell. If you know all this, I apologize - just trying to start at the beginning.

In the registry, an ITEM (e.g., Get-ChildItem) is a key. That’s what appears on the left-hand pane in Registry Editor.

What appears on the right-hand pane in the GUI are ITEM PROPERTIES - e.g., Get-ItemProperty.

To equate this to the file system, an ITEM is a file or folder; an ITEM PROPERTY is whether it’s Read-Only, when it was last accessed, etc.

KEYS in the registry contain multiple ITEM PROPERTIES, it’s those item properties that have the values you’re after. Right now, you’re kinda doing some odd perambulations to get at those; you might consider using Get-ItemProperty instead. For example, given an Item (Key), you could Get-ItemProperty, and then run that through Where-Object to only output those that have null or empty property values. You could then run the results to Measure-Object, and if the resulting Count is greater than zero, you output True.

3

Thanks Don,

No need to apologize, that makes sense and thank you for the explanation.

So are you thinking something that looks like this?

$ItemProperties = Get-ItemProperty 'HKLM:\software\Microsoft\windows\CurrentVersion\Run' | Where-Object {$ItemProperties.ToString() -eq $null}
4

Something like, although I’d need to test and see if $null was the correct comparison. But basically. You could then pipe that to Measure-Object to get a count of how many items matched the criteria, or just let it output them, which is what your code would do.

5

Thanks Don for your help!

Below is what I ended up with in case anyone is interested or looking for something similar. Little different than what was originally proposed but seems to be working just fine from my limited testing.

Scott

$keys = (Get-Item 'HKLM:\software\Microsoft\windows\CurrentVersion\Run').property

ForEach ($key in $keys) {

$return = ""
Write-Host $key

$regValue =  (Get-Item 'HKLM:\software\Microsoft\windows\CurrentVersion\Run').getvalue($key)

Write-Host $regValue

    if ($regValue -eq "") {
        $return = "Null Value Found"
        Write-Host $return }
     
     else {
     $return = "No Null Values"
     Write-Host $return }}
6

I found this to be a bit simpler especially if you’re sitting at the console and just looking to quickly get the information:

Get-ItemProperty hklm:\software\micosoft\windows\currentversion\run | Select-Object * -ExcludeProperty ps*
7

Thanks Peter!