Registry Return Key Values

by darksim905 at 2013-04-04 13:28:48

Hey all!

I’m new to this forum, figured I’d post after I couldn’t figure something out myself, I’m not quite sure why something so basic isn’t working, but it may also be due to not understanding some basics about what I"m trying to do.

I’m looking to return a registry key value, specifically:

HKLM\Software\Wow6432Node\Malwarebytes’ Anti-malware

They key I’m trying to get is called “dbdate”. The value changes over time, because it’s date of malwarebyte’s definition file.

I’m in that current directory and I can perform a Get-ItemProperty, which returns all the keys and their values under “Malwarebytes’ Anti-Malware”. However, Get-ItemProperty . | dbdate, and Get-ItemProperty . | Select-String dbdate just gives me all of the values as one big blob.

What am I doing wrong? I’d like to get this as clean as possible because I’d like for this to be part of a larger script (e.g., to pull these values from several machines).

I’d love pointers in the right direction and or a description of why things are they way they are. For example, I think it’s silly you can’t do a dir and have it list the contents, but I imagine that’s because of how Powershell treats items as objects and such. I tried searching previous posts as well but came up somewhat dry.
by Nobody at 2013-04-04 15:37:50
Here are a couple options for you

$a = get-itemproperty -path “HKLM:\Software\Wow6432Node\Malwarebytes’ Anti-Malware”


$a = get-itemproperty -path “HKLM:\Software\Wow6432Node\Malwarebytes’ Anti-Malware”|Foreach-Object {$_.dbdate}

If you pipe to Get-Member, you will see that “dbdate” is a Noteproperty of the Object returned by get-itemproperty. I’m not very good at working with objects yet, but hopefully this points you in the right direction.

get-itemproperty -path “HKLM:\Software\Wow6432Node\Malwarebytes’ Anti-Malware”|Get-Member
by darksim905 at 2013-04-10 13:36:27

I actually figured out what I wanted to do and how to do it, I just need to clean it up. I have this so far:

Invoke-Command -ComputerName (Get-ADComputer -filter * -searchBase “ou=Computers,dc=reddit,dc=local” | Select-Object -ExpandProperty Name) -ScriptBlock {Get-ItemProperty -Path “HKLM:\SOFTWARE\Wow6432Node\Malwarebytes’ Anti-Malware” -Name dbdate | select dbdate} | Out-Gridview

Invoke-Command -ComputerName (Get-ADComputer -filter * -searchBase “ou=Computers,dc=reddit,dc=local” | Select-Object -ExpandProperty Name) -ScriptBlock {Get-ItemProperty -Path “HKLM:\SOFTWARE\Malwarebytes’ Anti-Malware” -Name dbdate | select dbdate} | Out-Gridview

Obviously it would be sweet to pipe/go through my computers and filter them via WMI, but my understanding is you can’t really do that; once you filter via WMI, it doesn’t get treated as objects/an array anymore. I may be wrong.

Thank you for your help!