Use PowerShell to search for string in registry keys and values
I\'d like to use PowerShell to find all registry keys and values within a particular hive that contain a string foo, possibly embedded within a longer string. F
-
This is a replacement for get-itemproperty that dumps out the registry in a simple manner. It's easy to use with where-object. You can also pipe it to set-itemproperty.
function get-itemproperty2 { # get-childitem skips top level key, use get-item for that # set-alias gp2 get-itemproperty2 param([parameter(ValueFromPipeline)]$key) process { $key.getvaluenames() | foreach-object { $value = $_ [pscustomobject] @{ Path = $Key -replace 'HKEY_CURRENT_USER', 'HKCU:' -replace 'HKEY_LOCAL_MACHINE','HKLM:' Name = $Value Value = $Key.GetValue($Value) Type = $Key.GetValueKind($Value) } } } } ls -r hkcu:\key1 | get-itemproperty2 | where name -eq name Path Name Value Type ---- ---- ----- ---- HKCU:\key1\key2 name 1 DWord ls -r hkcu:\key1 | get-itemproperty2 | where name -eq name | set-itemproperty -value 0 ls -r hkcu:\key1 | get-itemproperty2 | where name -eq name Path Name Value Type ---- ---- ----- ---- HKCU:\key1\key2 name 0 DWord # pipe 2 commands to one $(get-item hkcu:\key1; ls -r hkcu:\key1 ) | get-itemproperty2 Path Name Value Type ---- ---- ----- ---- HKCU:\key1 multi {hi, there} MultiString HKCU:\key1\key2 name 0 DWord HKCU:\key1\key2 name2 0 String HKCU:\key1\key2\key3 name3 {18, 52, 80} BinaryEDIT:
This where construction isn't bad for searching both property names and values (and the key name is a value). (Watch out for Netbeans. It creates an invalid registry dword key that causes an exception in get-itemproperty.)
get-childitem -recurse HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | get-itemproperty | where { $_ -match 'Office16.PROPLUS' }
加载中...
- 热议问题