getting the values of specific string values in registry keys with powershell - powershell

Using the following powershell script:
Get-ChildItem hkcu:\Test\Universe\Datawink\Switch1\Devices | ForEach-Object {Get-ItemProperty $_.pspath}
I am able to get the following output:
PSPath : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\Test\Universe\Datawink\Switch1\Devices\Entry1
PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\Test\Universe\Datawink\Switch1\Devices
PSChildName : Entry1
PSProvider : Microsoft.PowerShell.Core\Registry
Device : 2882881001
Recordable : Yes
Active : Yes
PSPath : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\Test\Universe\Datawink\Switch1\Devices\Entry2
PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\Test\Universe\Datawink\Switch1\Devices
PSChildName : Entry2
PSProvider : Microsoft.PowerShell.Core\Registry
Device : 2882881002
PSPath : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\Test\Universe\Datawink\Switch1\Devices\Entry3
PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\Test\Universe\Datawink\Switch1\Devices
PSChildName : Entry3
PSProvider : Microsoft.PowerShell.Core\Registry
Device : 2882881003
Which is great, it's showing me the infomation I want, but all I really need is the values of the string entry called 'Device' so all I actually want is the output of the script to look like this:
Device : 2882881001
Device : 2882881002
Device : 2882881003
or ideally, this:
2882881001
2882881002
2882881003
What's the simplest way to achieve this?

This should work as well:
$path = 'hkcu:\Test\Universe\Datawink\Switch1\Devices'
Get-ChildItem $path | Get-ItemProperty | Select-Object -ExpandProperty Device

Get-ChildItem hkcu:\Test\Universe\Datawink\Switch1\Devices | ForEach-Object {Get-ItemProperty $_.pspath} | where-object {$_.Device} | Foreach-Object {$_.Device}
will give you the requested output.
(In your example the Where-Object is not really required)

Related

How to refresh the registry in powershell after creating a new dword with new-itemproperty?

I've just created a new DWORD to be able to install the RSAT Tools without the Add-WindowsCapability failed. Error code = 0x800f0954 :
> New-ItemProperty -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Servicing -Name RepairContentServerSource -Type dword -Value 2
RepairContentServerSource : 2
PSPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Servicing
PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies
PSChildName : Servicing
PSDrive : HKLM
PSProvider : Microsoft.PowerShell.Core\Registry
The ls HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Servicing command shows nothing :
> ls HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Servicing
>
but gp HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Servicing shows both the CountryCode and my newly created itemproperty RepairContentServerSource :
> gp HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Servicing
CountryCode : FR
RepairContentServerSource : 2
PSPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Servicing
PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies
PSChildName : Servicing
PSDrive : HKLM
PSProvider : Microsoft.PowerShell.Core\Registry
>
However ls HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies shows everything including RepairContentServerSource :
> (ls HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies | Out-String -Stream | sls RepairContentServerSource).ToString()
RepairContentServerSource : 2
>
Is this normal ?
Yes. Because ls is an alias for Get-ChildItem which, with registry paths, returns the subkeys of the key specified by the -path parameter, but not the values in that key.
From: Working with Registry Keys
Because registry keys are items on PowerShell drives, working with them is very similar to working with files and folders. One critical difference is that every item on a registry-based PowerShell drive is a container, just like a folder on a file system drive. However, registry entries and their associated values are properties of the items, not distinct items.
To view/display your new item property, use Get-Item(gi) instead of Get-ChildItem (gci):
PS > gi HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Servicing
Hive: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies
Name Property
---- --------
Servicing CountryCode : US
Bear in mind that even though gci and gi both display name/value pairs under Property, the actual Property property is a string array containing only the value names:
PS > gi HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Servicing| select Property
Property
--------
{CountryCode}
and you have to use Get-ItemProperty or Get-ItemPropertyValue to retrieve the values.

PowerShell: Search all property values

How can I search all the properties of a single object for a given string?
Say I have the following command output:
get-aduser jtest -properties *
DistinguishedName : CN=jtest,CN=Users,DC=confederationc,DC=on,DC=ca
Enabled : True
GivenName : Justus
Name : jtest
ObjectClass : user
ObjectGUID : f4d31d45-0505-433e-9442-152419e75d26
SamAccountName : jtest
SID : S-1-5-21-2138664166-620177494-281947949-184391
Surname : Test
UserPrincipalName : jtest#confederationcollege.ca
...output truncated
How can I search for any property that contains the string "jtest"?
I feel like I must be missing something obvious.
There's always findstr (case insensitive), but the result is only text. This is a common question.
get-aduser jtest | findstr /i jtest
Name : jtest
SamAccountName : jtest
UserPrincipalName : jtest#confederationcollege.ca
This doesn't work in all cases, but it does for registry entries. This can match against most property names or values. It depends on what "$_" converts to as a string. Generic pscustomobjects work. It won't work for the get-aduser example (the object converts to a distinguishedname string).
get-itemproperty hkcu:\key1 | ? { $_ -match 'foo' } # or 'emspace'
value1 : 17
emspace : foo bar
refcount : {255, 255}
PSPath : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\key1
PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER
PSChildName : key1
PSDrive : HKCU
PSProvider : Microsoft.PowerShell.Core\Registry
get-itemproperty hkcu:\key1 | % { "$_" } # showing string conversion
#{value1=17; emspace=foo bar; refcount=System.Byte[]; PSPath=Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\key1; PSParentPath=Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER; PSChildName=key1; PSDrive=HKCU; PSProvider=Microsoft.PowerShell.Core\Registry}
You can use the hidden psobject memberset on any object in PowerShell to access its underlying properties programmatically:
foreach($user in Get-ADUser jtest){
foreach($property in $user.psobject.Properties){
if($_.Value -like '*jtest*'){
"Property '$($_.Name)' has value '$($_.Value)'"
}
}
}

How to find the title for a PDF from the metadata?

How can I get the title for a PDF file after having renamed the file itself?
PSPath : Microsoft.PowerShell.Core\FileSystem::/home/nicholas/to/99.pdf
PSParentPath : Microsoft.PowerShell.Core\FileSystem::/home/nicholas/to
PSChildName : 99.pdf
PSDrive : /
PSProvider : Microsoft.PowerShell.Core\FileSystem
PSIsContainer : False
Mode : -----
ModeWithoutHardLink : -----
VersionInfo : File: /home/nicholas/to/99.pdf
InternalName:
OriginalFilename:
FileVersion:
FileDescription:
Product:
ProductVersion:
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language:
BaseName : 99
Target :
LinkType :
Length : 592483
DirectoryName : /home/nicholas/to
Directory : /home/nicholas/to
IsReadOnly : False
FullName : /home/nicholas/to/99.pdf
Extension : .pdf
Name : 99.pdf
Exists : True
CreationTime : 2/19/2021 11:45:18 PM
CreationTimeUtc : 2/20/2021 7:45:18 AM
LastAccessTime : 2/20/2021 2:02:36 AM
LastAccessTimeUtc : 2/20/2021 10:02:36 AM
LastWriteTime : 2/19/2021 11:45:18 PM
LastWriteTimeUtc : 2/20/2021 7:45:18 AM
Attributes : Normal
PS /home/nicholas/to>
PS /home/nicholas/to> Get-ChildItem -Path ./ –File | Select-Object -Property *
This is to bulk import PDF files into calibre, which, notably, seems to recognize duplicates and even displays some titles. Is it parsing the PDF file itself, or gleaning this from meta-data?
For this, you can use pdfinfo.exe which you can find as part of the free Xpdf command line tools.
After you have downloaded and extracted the zip file, copy pdfinfo.exe to some directory and make sure you unblock it, either by right-click or by using PowerShell
Unblock-File -Path 'Where\Ever\You\Have\Copied\It\To\pdfinfo.exe'
Using that, to get the original title as stored in the pdf, you do
$title = ((& 'D:\Test\pdfinfo.exe' 'D:\Test\test.pdf' |
Where-Object { $_ -match '^Title:' }) -split ':', 2)[-1].Trim()

Get Product Codes of C++ 2008 Installed from registry using Powershell

I am trying to get the product codes of all the Visual C++ 2008 Installed on my device and wrote the below code but I am stuck. Code Executes but no action takes place. Please Assist.
$log = "C:\VC2008.log"
$regkey = (Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName)
$RegKey.PSObject.Properties | ForEach-Object {
If($_.Name -like '*DisplayName*')
{
If ($_.value -like 'Microsoft Visual C++ 2008')
{
"$date [INFO]`t $regkey.PSChildname found in Registry !!! " | Out-File $log -append
}
}
}
So you're retrieving your values incorrectly and over-complicating things.
Working solution:
$Log = 'C:\VC2008.log'
$RegKey = Get-ItemProperty -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* |
Where-Object { $_.DisplayName -like '*Microsoft Visual C++ 2008*' }
If ($RegKey)
{
"$(Get-Date) [INFO]`t $($RegKey.PSChildName) found in registry!" |
Out-File -FilePath $Log -Append
}
Output:
12/20/2017 11:12:51 AM [INFO] {8220EEFE-38CD-377E-8595-13398D740ACE} found in registry!
Test key:
AuthorizedCDFPrefix :
Comments :
Contact :
DisplayVersion : 9.0.30729
HelpLink :
HelpTelephone :
InstallDate : 20170901
InstallLocation :
InstallSource : c:\14a5eb4f904aafee464a2e0ecc\
ModifyPath : MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
NoModify : 1
NoRepair : 1
Publisher : Microsoft Corporation
Readme :
Size :
EstimatedSize : 1136
UninstallString : MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
URLInfoAbout :
URLUpdateInfo :
VersionMajor : 9
VersionMinor : 0
WindowsInstaller : 1
Version : 151025673
Language : 1033
DisplayName : Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
sEstimatedSize2 : 13596
PSPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8220EEFE-38CD-377E-8595-13398D740ACE}
PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
PSChildName : {8220EEFE-38CD-377E-8595-13398D740ACE}
PSProvider : Microsoft.PowerShell.Core\Registry
This should get you the Value you want:
(Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* ).displayname | Where-object{$_ -like 'Microsoft visual c++ 2008*'}

Powershell - How do I get expanded properties and normal in one round?

I've got a fileserver, where the files are saved in a crypted name. Now I'd like to do something like that:
Get-Item ABB667687BB581070240D48958F3BB0696921F09 | fl *
PSChildName : ABB667687BB581070240D48958F3BB0696921F09
PSIsContainer : False
VersionInfo : File: \\XYZ\ABB667687B581070240D48958F3BB0696921F09
InternalName: Setup.exe
OriginalFilename: Setup.exe
FileVersion: 5,2,0,2946
FileDescription: Evernote Installation Package
Product: Evernote®
ProductVersion: 5,2,0,2946
...continuing
BaseName : ABB667687BB581070240D48958F3BB0696921F09
Mode : -a---
Name : ABB667687BB581070240D48958F3BB0696921F09
Length : 83157856
...continuing
LastAccessTime : 05.03.2014 08:23:58
When I try with following
get-Item ABB667687BB581070240D48958F3BB0696921F09 | Select-Object -Expand VersionInfo | fl *
CompanyName : Evernote Corp., 305 Walnut Street, Redwood City, CA 94063
FileVersion : 5,2,0,2946
ProductVersion : 5,2,0,2946
ProductName : Evernote®
Now I would like to combine PSCHild, Product, Product Version, Fileversion, LastAccessTime. How can I do that?
Tried it with something like:
Get-Item ABB667687BB581070240D48958F3BB0696921F09 | ft -property #{n="Filename" ; e={$_.pschildname}}, #{n="Fileinformation";e={get-Item ABB667687BB581070240D48958F3BB0696921F09 | Select-Object -Expand VersionInfo | ft product}}
Firstly, You could absolutely use a solution similar to Kayasax's.
Personally, I find calculated properties very helpful. Other solutions such as Add-Member also work. This is a decent reference on the different options.
With that being said, here is a snippet of code covering a little of what you want (tweak as needed):
#Show Fullname, Name, and a few nested VersionInfo props for an object.
Get-Item 'C:\Program Files\Internet Explorer\iexplore.exe' |
Select-Object -Property FullName,
Name,
#{ label = "CompanyName"; expression = {$_.VersionInfo.CompanyName} },
#{ label = "FileVersion"; expression = {$_.VersionInfo.FileVersion} },
#{ label = "ProductVersion"; expression = {$_.VersionInfo.ProductVersion} },
#{ label = "ProductName"; expression = {$_.VersionInfo.ProductName} }
<# Output
FullName : C:\Program Files\Internet Explorer\iexplore.exe
Name : iexplore.exe
CompanyName : Microsoft Corporation
FileVersion : 11.00.9600.16384 (winblue_rtm.130821-1623)
ProductVersion : 11.00.9600.16384
ProductName : Internet Explorer
#>
Lastly, as a word of warning, you should rarely if ever use Format-Table (ft). This generates unusable text for your viewing only. You might see it in verbose output, but if you ever plan to use the data again, you should not be using Format-Table. Google around for many discussions on the topic : )
Cheers!
powershell allows to expand only one property at a time.
you cant do what you want in one "round".
What you can do is create a new psobject like that :
$file=ls c:\temp\putty.exe
$inf=$file |select -expand versioninfo
$myobj="dummy" | select child,product,version,write
$myobj.product=$inf.ProductName
$myobj.version=$inf.ProductVersion
$myobj.child=$file.PSChildName
$myobj.write=$file.LastWriteTime
You can use Tee-Object, along with calculated properties. Suppose you want to get those values from PowerShell.exe. Then, do it this way:
gi $PSHOME\powershell.exe |
tee -var pow |
select name,
#{n='Product';e={$pow.versioninfo.productname}},
#{n='Product Version';e={$pow.versioninfo.productversion}},
#{n='FileVersion';e={$pow.versioninfo.fileversion}},
lastaccesstime |
fl