I need to delete a registry entry based on its value. For example, the key will reside in:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
The DisplayName key will contain StackOverFlow.
The names of these registry keys are GUID, therefore random, so I can't just search for them, the only way is the one above.
$path = 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
gci $path |? {$_.GetValue('DisplayName') -match 'StackOverflow'} | del
Related
I can get a key in the Uninstalls key of the registry, for a specific installed program, like this...
$displayName = 'Parallels Tools'
$key = 'Registry::HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall'
Get-ChildItem -Path:$key | Where-Object {$_.GetValue('DisplayName') -eq $displayName}
... and the result will be a table, with a Name column showing just the GUID key name and a Properties column showing all the properties in the key. However, if I try to get just the GUID I run into problems. The column headers suggest (Get-ChildItem -Path:$key | Where-Object {$_.GetValue('DisplayName') -eq $displayName}).Name should work, but that shows the entire path, as does (Get-ChildItem -Path:$key | Where-Object {$_.GetValue('DisplayName') -eq $displayName}).ToString(). Is there some secret sauce happening with the dump to console? I know I can get to the GUID in a number of ways, Split-Path, or a Regex if I want to verify that the key is a GUID vs just a name. But I am curious if there is a way to leverage the same approach that dumping the object to the console is using?
Taking a look at the default formatter for RegistryKey objects, the Name column in the default view is populated using the .PSChildName property, which is the "leaf" of the full provider path.
The "parent" portion of the provider path is stored in the .PSParentPath property.
If I understand well your question you can try :
Get-ChildItem -Path:$key | Select-Object Name | Split-Path -Leaf
I'm trying to change the location setting of a network to Private regardless of whether it's connected or not, but the Get/Set-NetConnectionProfile cmdlet doesn't work for this function unless you're currently connected to the network you're trying to change.
Currently I'm able to search and list the GUIDs and all subkeys of the existing networks with
Get-ChildItem -path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles' -Recurse |
Where-Object { $_.GetValueNames() -match 'ProfileName' }
but I'm not sure how to chain that into just returning the Key with the ProfileName subkey = "foo". I plan to save the path to a variable and then change the "Category" subkey to private. I'm just not sure how to bridge the two pieces and just get the key/path of the network profile I want.
Get-ChildItem 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles' |
Where-Object { $_.GetValue('ProfileName') -eq 'foo' }
$_.GetValue('ProfileName') looks for a value named ProfileName on each Microsoft.Win32.RegistryKey instance returned by the Get-ChildItem call and compares its data to string 'foo'; note that if a child key should happen not to have a ProfileName value, the .GetValue() call would quietly return nothing ($null).
As you later pointed out, piping to Set-ItemProperty allows modification of the values of the key returned; e.g.:
... | Set-ItemProperty -Name Category -Value 1
Similar posts such as this one or this one explain how to get a remote registry key, but it assumes that you already know the name of the value that you are interested in. If you run
Get-ItemProperty "HKLM:\Software\MySoftware"
It will return all properties and their corresponding values, but Get-ItemProperty doesn't work for remote machines. If you want to do the same for a remote registry key you can use the [Microsoft.Win32.RegistryKey] approach but that is only half the answer. As an example:
$Reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $myServer)
$RegKey= $Reg.OpenSubKey("SOFTWARE\\MySoftware")
$RegKey will become a System.MarshalByRefObject. This means that it is not the actual key but rather just opens up the ability to continue asking for more information from that key. Using the $RegKey.GetValue() requires you to know the value you want to fetch, but what if you want to fetch all values for the key but you don't know how many values there are, or their names? How would you go about doing this?
After you have opened the $RegKey you can use the following:
$RegKey.GetValueNames()
This will produce a list of all item properties and their values. You can then loop through that list with a foreach to retrieve the value for all of the item properties like:
foreach($ItemProperty in $RegKey.GetValueNames()){
$RegKey.GetValue($ItemProperty)
}
Bonus: If you want to export this to, say, a CSV file you can create a custom PS object and export this to a CSV file as follows:
foreach($ItemProperty in $RegKey.GetValueNames()){
$myObject = [PSCustomObject]#{
ItemProperty = $ItemProperty
Value = $RegKey.GetValue($ItemProperty)
} | Export-Csv "yourpath\yourfile.csv" -Append -Delimiter "|" -NoTypeInformation
}
I'm trying to get the Program IDs of DCOM applications but when returning the value of the property, it doesn't give the full contents.
$a = Get-ChildItem 'registry::HKEY_CLASSES_ROOT\WOW6432Node\CLSID\' -Recurse | Where-Object Name -match 'ProgID'
This returns all applications that contain a ProgID
Hive: HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{000C1090-0000-0000-C000-000000000046}
Name Property
---- --------
ProgId (default) : WindowsInstaller.Installer
When trying to get the property value in the example, "WindowsInstaller.Installer"
via $a.Property
returns
(default)
How do I return the full property contents?
What Get-ChildItem returns for registry locations are Microsoft.Win32.RegistryKey instances representing registry keys.
To get the data for the unnamed default value of each such key - which contains the ProgID of interest - you can use the .GetValue() method with the empty string ('').
Note that PowerShell represents the unnamed default value differently, as '(default)', as shown in your question.
Get-ChildItem registry::HKEY_CLASSES_ROOT\WOW6432Node\CLSID -Recurse |
Where-Object Name -match ProgID |
ForEach GetValue ''
As an aside: the Name property of registry [Microsoft.Win32.RegistryKey] instances contains the full key path, so a better way to limit matching to just a key's name is to use
Where-Object Name -match '\\ProgID$ in your case.
I'm a complete beginner to Powershell and scripting, and have been successfully been using Out-GridView to display some properties of the files I have in my directories using the following:
dir D:\Folder1\$type -Recurse | Select Fullname,Directory,LastWriteTime | out-gridview
where I specifiy the file extension with $type = "*.pdf" for instance.
I would also like to start comparing files using hashcodes so I have tried this command:
ls | Get-Filehash
However, I would like to have the hashcodes in the output window as a seperate column with out-gridview. Is this possible? I've tried
dir D:\Folder1\$type -Recurse | Select Fullname,Directory,LastWriteTime,Filehash | out-gridview
and
dir D:\Folder1\$type -Recurse | Select Fullname,Directory,LastWriteTime | Get-Filehash | out-gridview
Of course neither of these work.
Does anyone have a way of generating hashcodes for a specific file extension only?
Many thanks in advance!
You can do this by using a calculated property with Select-Object:
Get-ChildItem -Path 'D:\Folder1\$type'-Recurse |
Select-Object FullName,Directory,LastWriteTime, #{Label='FileHash'; Expression={(Get-Filehash -Path $_.FullName).Hash}} |
Out-GridView
You should see a new column in the grid view called 'Filehash' that contains the SHA256 hash of the file. You can chage the algorithm (to, say, MD5) using the -Algorithm parameter of Get-FileHash.
If you're wondering what this is doing, the important parts are:
#{...}
signifies a hashtable. e.g. a set of key-value pairs
label
is the key that defines what your property (column name) will be in the grid view
expression defines the code snippet ({...}) that calculates the value of this property
$_
signifies that we are working with the 'current' object (file in this case) passing along the pipeline