I have been searching the internet most of the morning for this and I find multiple hits, with very similar code, though they miss the mark for me.
I have been tasked to find specific values (specifically an email address) and do a find and replace.
the basics. Yes I have used get-childitem to riffle through the keys, then for each hive key (foreach) I use get-itemproperty based on $_.PsPath and match a specific string (the email address).
This finds the keys that have a subkey with this value, but it returns them all, not just the one subkey. I ma having issues singling out the subkey with the value. Because of this, I am being very cautious. I would like to output the path (got that $.name), but I cannot get it to single out the subkey with the search value. $.Property lists all the subkeys. As a last test I would like to output the value of that subkey (as a double check before I implement this sucker)
ok, this is kind of where I am at. I was using a known value and subkey (HKCU:\Console - FaceName : DefaultTTFont) to do my search (that way it was found quick and I could test the subkey and values against something known)
sorry for the late reply. I found something that worked and the team threw me heavy into the project to get those pieces working. here is what I found to work:
####################################
# Collect the Registry data
####################################
Write-Host "**************************************************"-ForegroundColor Yellow
Write-Host "Scanning Registry for " -NoNewline
Write-host $jEmail -ForegroundColor Cyan
#grab the registry based on the Hive you need.
$keys =@(Get-Item HKU:\$RegSID\software -ErrorAction SilentlyContinue) + @(Get-ChildItem -Recurse HKU:\$RegSID\software -ErrorAction SilentlyContinue);
###################################
# Search (and replace)
###################################
$results = @()
foreach ($key in $keys){
foreach ($vname in $key.GetValueNames()){
$val = $key.GetValue($vname)
if ($val -like $jEmail){
$r = @{}
$r.Key = $key.ToString() -replace "HKEY_USERS", "HKU:"
$r.SubName = $vname.ToString()
$r.Val = $val.ToString()
$results += $r
}
}
}
This is a specific use of the search and find, but hopefully others who are looking for this can get what they need from it. Basically it was the “$keys =@(Get-Item HKU:$RegSID\software -ErrorAction SilentlyContinue) + @(Get-ChildItem -Recurse HKU:$RegSID\software -ErrorAction SilentlyContinue);” piece that I needed.