# Get-BluGenieRegistry ### Get-BluGenieRegistry ### SYNOPSIS Searches the registry for a specified text pattern. ### SYNTAX ``` Get-BluGenieRegistry [[-StartKey] ] [[-Pattern] ] [[-ExcludePattern] ] [-MatchKey] [-MatchValueName] [-MatchData] [-RootKeyOnly] [-NotMatch] [-ExactMatch] [-Remove] [-Walkthrough] [-ReturnObject] [-OutUnEscapedJSON] [-FormatView ] [] ``` ### DESCRIPTION Searches the registry for a specified text pattern. Supports searching for any combination of key names, value names, and/or value data. The text pattern is a case-insensitive regular expression. ### EXAMPLES #### EXAMPLE 1 ``` Command: Get-BluGenieRegistry -StartKey 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion' -MatchKey -RootKeyOnly ``` ``` Description: Query Keys Only, Process the Root with No Sub Keys, Using the StartKey Param, Using the Short Hand Hive name Notes: ``` #### EXAMPLE 2 ``` Command: Get-BluGenieRegistry -StartKey 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion' -MatchKey -RootKeyOnly -Pattern 'run' ``` ``` Description: Specify a specific pattern to search for, Query Keys Only, Process the Root with No Sub Keys Notes: ``` #### EXAMPLE 3 ``` Command: Get-BluGenieRegistry -StartKey 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion' -MatchKey -RootKeyOnly -Pattern 'run' -ExcludePattern 'once' ``` ``` Description: Specify a specific pattern to search for while using an Exclude pattern, Query Keys Only, Process the Root with No Sub Keys Notes: ``` #### EXAMPLE 4 ``` Command: Get-BluGenieRegistry -StartKey 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion' -MatchKey -RootKeyOnly -Pattern 'run' -ExcludePattern 'once' -ReturnObject ``` ``` Description: Return Data as an Object Notes: ``` #### EXAMPLE 5 ``` Command: Get-BluGenieRegistry -StartKey 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion' -MatchKey -RootKeyOnly -Pattern 'run' -ExcludePattern 'once' -ReturnObject -FormatView csv ``` ``` Description: Return Data as an Object, Reformat the Object as CSV,JSON,CustomObject,UnEscapedJSON. Notes: ``` #### EXAMPLE 6 ``` Command: Get-BluGenieRegistry -Path 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion' -MatchKey -RootKeyOnly ``` ``` Description: Query Keys Only, Process the Root with No Sub Keys, Using the Path Param, Using the Long Name Hive Name Notes: ``` #### EXAMPLE 7 ``` Command: Get-BluGenieRegistry -Path 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths' ``` ``` Description: Query Value Names (Default), Process Sub Keys, Using the Long Name Hive Name Notes: ``` #### EXAMPLE 8 ``` Command: Get-BluGenieRegistry -Path 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths' -MatchKey -Pattern 'Write' -Remove ``` ``` Description: Query Key Names, Process Sub Keys, Using the Long Name Hive Name, Remove Keys Found Notes: ``` #### EXAMPLE 9 ``` Command: Get-BluGenieRegistry -Path 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths' -MatchData -Pattern 'Word' -Remove ``` ``` Description: Query Data Values, Process Sub Keys, Using the Long Name Hive Name, Remove ValueNames Found Notes: ``` #### EXAMPLE 10 ``` Command: Get-BluGenieRegistry -Path 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -MatchValueName -Pattern '(?=.*Auto)(?=.*Logon)' -ExcludePattern 'Sid|Count' ``` ``` Description: RegEx Search Pattern and Exclude Pattern Notes: ``` #### EXAMPLE 11 ``` Command: Get-BluGenieRegistry -Path 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -OutUnEscapedJSON -MatchValueName -Pattern '(?=.*Auto)(?=.*Logon)' -ExcludePattern 'Sid|Count' ``` ``` Description: RegEx Search Pattern and Exclude Pattern, Output UnEscaped JSON Notes: ``` #### EXAMPLE 12 ``` Command: Get-BluGenieRegistry -Help ``` ``` Description: Call Help Information Notes: If Help / WalkThrough is setup as a parameter, this script will be called to setup the Dynamic Help Menu if not the normal Get-Help will be called with the -Full parameter ``` #### EXAMPLE 13 ``` Command: Get-BluGenieRegistry -WalkThrough ``` ``` Description: Call Help Information [2] Notes: If Help / WalkThrough is setup as a parameter, this script will be called to setup the Dynamic Help Menu if not the normal Get-Help will be called with the -Full parameter ``` #### EXAMPLE 14 ``` Command: Get-BluGenieRegistry -OutUnEscapedJSON ``` ``` Description: Get-BluGenieRegistry and Return Output as UnEscaped JSON format Notes: The OutUnEscapedJSON is used to beatify the JSON return and not Escape any Characters. Normal return data is a Hash Table. ``` #### EXAMPLE 15 ``` Command: Get-BluGenieRegistry -ReturnObject ``` ``` Description: Get-BluGenieRegistry and Return Output an Object Notes: The ReturnObject is used to return a PowerShell Object. Normal return data is a Hash Table. ``` #### EXAMPLE 16 ``` Command: Get-BluGenieRegistry -ReturnObject -FormatView JSON ``` ``` Description: Get-BluGenieRegistry and Return Object formatted in a JSON view Notes: The ReturnObject is used to return a PowerShell Object. Normal return data is a Hash Table. ``` #### EXAMPLE 17 ``` Command: Get-BluGenieRegistry -ReturnObject -FormatView Custom ``` ``` Description: Get-BluGenieRegistry and Return Object formatted in a PSCustom view Notes: Format-Custom is designed to display views that are not just tables or just lists. You can use the views defined in the *format.PS1XML files in the PowerShell directory, or you can create your own views in new PS1XML files and use the Update-FormatData cmdlet to add them to PowerShell. ``` ### PARAMETERS #### StartKey ``` -StartKey Description: Starts searching at the specified key. Notes: The key name uses the following format: HKEY_LOCAL_MACHINE\ HKEY_CURRENT_USER\ HKEY_USERS\ HKEY_CLASSES_ROOT\ Alias: Path ValidateSet: Required? false Position? 1 Default value HKEY_LOCAL_MACHINE\SOFTWARE Accept pipeline input? false Accept wildcard characters? false ``` #### Pattern ``` -Pattern Description: Searches for the specified regular expression pattern. The pattern is not case-sensitive. Notes: Alias: ValidateSet: Required? false Position? 2 Default value ^(?s:.)* Accept pipeline input? false Accept wildcard characters? false ``` #### ExcludePattern ``` -ExcludePattern Description: Used in conjuction with -Pattern. Reparse found items from pattern with an Exclude pattern Notes: This cannot be used on it's own and cannot be used with -NotMatch. Alias: ValidateSet: Required? false Position? 3 Default value Accept pipeline input? false Accept wildcard characters? false ``` #### MatchKey ``` -MatchKey [] Description: Matches registry key names. Notes: Default option is MatchData Alias: ValidateSet: Required? false Position? named Default value False Accept pipeline input? false Accept wildcard characters? false ``` #### MatchValueName ``` -MatchValueName [] Description: Matches registry value names. Notes: Default option is MatchData Alias: MatchValue ValidateSet: Required? false Position? named Default value False Accept pipeline input? false Accept wildcard characters? false ``` #### MatchData ``` -MatchData [] Description: Matches registry value data. Notes: This option is default Alias: ValidateSet: Required? false Position? named Default value False Accept pipeline input? false Accept wildcard characters? false ``` #### RootKeyOnly ``` -RootKeyOnly [] Description: If Selected the Query will only parse the root of the Search Key given. No sub keys will be queried. Notes: Alias: ValidateSet: Required? false Position? named Default value False Accept pipeline input? false Accept wildcard characters? false ``` #### NotMatch ``` -NotMatch [] Description: Not Matching or Exclude pattern queries Notes: Alias: ValidateSet: Required? false Position? named Default value False Accept pipeline input? false Accept wildcard characters? false ``` #### ExactMatch ``` -ExactMatch [] Description: The Match type is equal or exact to the Pattern string Notes: Alias: ValidateSet: Required? false Position? named Default value False Accept pipeline input? false Accept wildcard characters? false ``` #### Remove ``` -Remove [] Description: Removes any matching patterns found in the registry. Notes: Alias: ValidateSet: Required? false Position? named Default value False Accept pipeline input? false Accept wildcard characters? false ``` #### Walkthrough ``` -Walkthrough [] Description: Start the dynamic help menu system to help walk through the current command and all of the parameters Notes: Alias: Help ValidateSet: Required? false Position? named Default value False Accept pipeline input? false Accept wildcard characters? false ``` #### ReturnObject ``` -ReturnObject [] Description: Return information as an Object Notes: By default the data is returned as a Hash Table Alias: ValidateSet: Required? false Position? named Default value False Accept pipeline input? false Accept wildcard characters? false ``` #### OutUnEscapedJSON ``` -OutUnEscapedJSON [] Description: Remove UnEsacped Char from the JSON information. Notes: This will beautify json and clean up the formatting. Alias: ValidateSet: Required? false Position? named Default value False Accept pipeline input? false Accept wildcard characters? false ``` #### FormatView ``` -FormatView Description: Select which format to return the object data in. Notes: Default value is set to (None). This value is only valid when using the -ReturnObject parameter Alias: ValidateSet: 'Table','Custom','CustomModified','None','JSON','OutUnEscapedJSON','CSV' Required? false Position? named Default value None Accept pipeline input? false Accept wildcard characters? false ``` #### CommonParameters This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about\_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).