Get-BluGenieRegistry

SYNOPSIS

Searches the registry for a specified text pattern.

SYNTAX

Get-BluGenieRegistry [[-StartKey] <String>] [[-Pattern] <String>] [[-ExcludePattern] <String>] [-MatchKey] [-MatchValueName] [-MatchData] [-RootKeyOnly] [-NotMatch] [-ExactMatch] [-Remove] [-Walkthrough] 
[-ReturnObject] [-OutUnEscapedJSON] [-FormatView <String>] [<CommonParameters>]

DESCRIPTION

Searches the registry for a specified text pattern. Supports searching for any combination of key names, value names, and/or value data. The text pattern is a case-insensitive regular expression.

EXAMPLES

EXAMPLE 1

Command: Get-BluGenieRegistry -StartKey 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion' -MatchKey -RootKeyOnly

Description: Query Keys Only, Process the Root with No Sub Keys, Using the StartKey Param, Using the Short Hand Hive name
Notes:

EXAMPLE 2

Command: Get-BluGenieRegistry -StartKey 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion' -MatchKey -RootKeyOnly -Pattern 'run'

Description: Specify a specific pattern to search for, Query Keys Only, Process the Root with No Sub Keys
Notes:

EXAMPLE 3

Command: Get-BluGenieRegistry -StartKey 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion' -MatchKey -RootKeyOnly -Pattern 'run' -ExcludePattern 'once'

Description: Specify a specific pattern to search for while using an Exclude pattern, Query Keys Only, Process the Root with No Sub Keys
Notes:

EXAMPLE 4

Command: Get-BluGenieRegistry -StartKey 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion' -MatchKey -RootKeyOnly -Pattern 'run' -ExcludePattern 'once'  -ReturnObject

Description: Return Data as an Object
Notes:

EXAMPLE 5

Command: Get-BluGenieRegistry -StartKey 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion' -MatchKey -RootKeyOnly -Pattern 'run' -ExcludePattern 'once'  -ReturnObject -FormatView csv

Description: Return Data as an Object, Reformat the Object as CSV,JSON,CustomObject,UnEscapedJSON.
Notes:

EXAMPLE 6

Command: Get-BluGenieRegistry -Path 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion' -MatchKey -RootKeyOnly

Description: Query Keys Only, Process the Root with No Sub Keys, Using the Path Param, Using the Long Name Hive Name
Notes:

EXAMPLE 7

Command: Get-BluGenieRegistry -Path 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths'

Description: Query Value Names (Default), Process Sub Keys, Using the Long Name Hive Name
Notes:

EXAMPLE 8

Command: Get-BluGenieRegistry -Path 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths' -MatchKey -Pattern 'Write' -Remove

Description: Query Key Names, Process Sub Keys, Using the Long Name Hive Name, Remove Keys Found
Notes:

EXAMPLE 9

Command: Get-BluGenieRegistry -Path 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths' -MatchData -Pattern 'Word' -Remove

Description: Query Data Values, Process Sub Keys, Using the Long Name Hive Name, Remove ValueNames Found
Notes:

EXAMPLE 10

Command: Get-BluGenieRegistry -Path 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -MatchValueName -Pattern '(?=.*Auto)(?=.*Logon)' -ExcludePattern 'Sid|Count'

Description: RegEx Search Pattern and Exclude Pattern
Notes:

EXAMPLE 11

Command: Get-BluGenieRegistry -Path 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -OutUnEscapedJSON -MatchValueName -Pattern '(?=.*Auto)(?=.*Logon)' -ExcludePattern 'Sid|Count'

Description: RegEx Search Pattern and Exclude Pattern, Output UnEscaped JSON
Notes:

EXAMPLE 12

Command: Get-BluGenieRegistry -Help

Description: Call Help Information
Notes: If Help / WalkThrough is setup as a parameter, this script will be called to setup the Dynamic Help Menu if not the normal 
         Get-Help will be called with the -Full parameter

EXAMPLE 13

Command: Get-BluGenieRegistry -WalkThrough

Description: Call Help Information [2]
Notes: If Help / WalkThrough is setup as a parameter, this script will be called to setup the Dynamic Help Menu if not the normal 
         Get-Help will be called with the -Full parameter

EXAMPLE 14

Command: Get-BluGenieRegistry -OutUnEscapedJSON

Description: Get-BluGenieRegistry and Return Output as UnEscaped JSON format
Notes:  The OutUnEscapedJSON is used to beatify the JSON return and not Escape any Characters.  Normal return data is a Hash Table.

EXAMPLE 15

Command: Get-BluGenieRegistry -ReturnObject

Description: Get-BluGenieRegistry and Return Output an Object
Notes:  The ReturnObject is used to return a PowerShell Object.  Normal return data is a Hash Table.

EXAMPLE 16

Command: Get-BluGenieRegistry -ReturnObject -FormatView JSON

Description: Get-BluGenieRegistry and Return Object formatted in a JSON view
Notes:  The ReturnObject is used to return a PowerShell Object.  Normal return data is a Hash Table.

EXAMPLE 17

Command: Get-BluGenieRegistry -ReturnObject -FormatView Custom

Description: Get-BluGenieRegistry and Return Object formatted in a PSCustom view
Notes:  Format-Custom is designed to display views that are not just tables or just lists. You can use the views defined in the 
          *format.PS1XML files in the PowerShell directory, or you can create your own views in new PS1XML files and use the 
          Update-FormatData cmdlet to add them to PowerShell.

PARAMETERS

StartKey

-StartKey <String>
   Description: Starts searching at the specified key. 
   Notes: The key name uses the following format:
   
           HKEY_LOCAL_MACHINE\
           HKEY_CURRENT_USER\
           HKEY_USERS\
           HKEY_CLASSES_ROOT\
   Alias: Path
   ValidateSet:
   
   Required?                    false
   Position?                    1
   Default value                HKEY_LOCAL_MACHINE\SOFTWARE
   Accept pipeline input?       false
   Accept wildcard characters?  false

Pattern

-Pattern <String>
   Description: Searches for the specified regular expression pattern. The pattern is not case-sensitive.
   Notes:  
   Alias:
   ValidateSet:
   
   Required?                    false
   Position?                    2
   Default value                ^(?s:.)*
   Accept pipeline input?       false
   Accept wildcard characters?  false

ExcludePattern

-ExcludePattern <String>
   Description: Used in conjuction with -Pattern.  Reparse found items from pattern with an Exclude pattern
   Notes:  This cannot be used on it's own and cannot be used with -NotMatch.
   Alias:
   ValidateSet:
   
   Required?                    false
   Position?                    3
   Default value                
   Accept pipeline input?       false
   Accept wildcard characters?  false

MatchKey

-MatchKey [<SwitchParameter>]
   Description: Matches registry key names.
   Notes: Default option is MatchData
   Alias:
   ValidateSet:
   
   Required?                    false
   Position?                    named
   Default value                False
   Accept pipeline input?       false
   Accept wildcard characters?  false

MatchValueName

-MatchValueName [<SwitchParameter>]
   Description: Matches registry value names.
   Notes: Default option is MatchData
   Alias: MatchValue
   ValidateSet:
   
   Required?                    false
   Position?                    named
   Default value                False
   Accept pipeline input?       false
   Accept wildcard characters?  false

MatchData

-MatchData [<SwitchParameter>]
   Description: Matches registry value data.
   Notes: This option is default
   Alias:
   ValidateSet:
   
   Required?                    false
   Position?                    named
   Default value                False
   Accept pipeline input?       false
   Accept wildcard characters?  false

RootKeyOnly

-RootKeyOnly [<SwitchParameter>]
   Description: If Selected the Query will only parse the root of the Search Key given.  No sub keys will be queried.
   Notes: 
   Alias:
   ValidateSet:
   
   Required?                    false
   Position?                    named
   Default value                False
   Accept pipeline input?       false
   Accept wildcard characters?  false

NotMatch

-NotMatch [<SwitchParameter>]
   Description: Not Matching or Exclude pattern queries
   Notes: 
   Alias:
   ValidateSet:
   
   Required?                    false
   Position?                    named
   Default value                False
   Accept pipeline input?       false
   Accept wildcard characters?  false

ExactMatch

-ExactMatch [<SwitchParameter>]
   Description: The Match type is equal or exact to the Pattern string
   Notes: 
   Alias:
   ValidateSet:
   
   Required?                    false
   Position?                    named
   Default value                False
   Accept pipeline input?       false
   Accept wildcard characters?  false

Remove

-Remove [<SwitchParameter>]
   Description: Removes any matching patterns found in the registry.
   Notes: 
   Alias:
   ValidateSet:
   
   Required?                    false
   Position?                    named
   Default value                False
   Accept pipeline input?       false
   Accept wildcard characters?  false

Walkthrough

-Walkthrough [<SwitchParameter>]
   Description:  Start the dynamic help menu system to help walk through the current command and all of the parameters
   Notes:  
   Alias: Help
   ValidateSet:
   
   Required?                    false
   Position?                    named
   Default value                False
   Accept pipeline input?       false
   Accept wildcard characters?  false

ReturnObject

-ReturnObject [<SwitchParameter>]
   Description: Return information as an Object
   Notes: By default the data is returned as a Hash Table
   Alias: 
   ValidateSet:
   
   Required?                    false
   Position?                    named
   Default value                False
   Accept pipeline input?       false
   Accept wildcard characters?  false

OutUnEscapedJSON

-OutUnEscapedJSON [<SwitchParameter>]
   Description: Remove UnEsacped Char from the JSON information.
   Notes: This will beautify json and clean up the formatting.
   Alias: 
   ValidateSet:
   
   Required?                    false
   Position?                    named
   Default value                False
   Accept pipeline input?       false
   Accept wildcard characters?  false

FormatView

-FormatView <String>
   Description: Select which format to return the object data in.
   Notes: Default value is set to (None).  This value is only valid when using the -ReturnObject parameter
   Alias:
   ValidateSet: 'Table','Custom','CustomModified','None','JSON','OutUnEscapedJSON','CSV'
   
   Required?                    false
   Position?                    named
   Default value                None
   Accept pipeline input?       false
   Accept wildcard characters?  false

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

PreviousGet-BluGenieProcessList NextGet-BluGenieRegistryProcessTracking

Last updated 3 years ago

hashtagGet-BluGenieRegistry

hashtagSYNOPSIS

hashtagSYNTAX

hashtagDESCRIPTION

hashtagEXAMPLES

hashtagEXAMPLE 1

hashtagEXAMPLE 2

hashtagEXAMPLE 3

hashtagEXAMPLE 4

hashtagEXAMPLE 5

hashtagEXAMPLE 6

hashtagEXAMPLE 7

hashtagEXAMPLE 8

hashtagEXAMPLE 9

hashtagEXAMPLE 10

hashtagEXAMPLE 11

hashtagEXAMPLE 12

hashtagEXAMPLE 13

hashtagEXAMPLE 14

hashtagEXAMPLE 15

hashtagEXAMPLE 16

hashtagEXAMPLE 17

hashtagPARAMETERS

hashtagStartKey

hashtagPattern

hashtagExcludePattern

hashtagMatchKey

hashtagMatchValueName

hashtagMatchData

hashtagRootKeyOnly

hashtagNotMatch

hashtagExactMatch

hashtagRemove

hashtagWalkthrough

hashtagReturnObject

hashtagOutUnEscapedJSON

hashtagFormatView

hashtagCommonParameters