Manual
Search…
⌃K

Get-BluGenieRegSnapshot



Get-BluGenieRegSnapshot

SYNOPSIS

Get-BluGenieRegSnapshot takes a snapshot of the Registry

SYNTAX

Get-BluGenieRegSnapshot [[-Path] <String>] [[-Walkthrough]] [[-ReturnObject]] [[-LeaveFile]] [[-OutUnEscapedJSON]] [<CommonParameters>]

DESCRIPTION

Get-BluGenieRegSnapshot takes a snapshot of the Registry

EXAMPLES

EXAMPLE 1

Get-BluGenieRegSnapshot -Path 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa'
This will take a Registry Snapshot of the path 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa'
and return a Hash Table with all the information

EXAMPLE 2

Get-BluGenieRegSnapshot -Path 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa' -ReturnObject
This will take a Registry Snapshot of the path 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa'
and return just the Object content

EXAMPLE 3

Get-BluGenieRegSnapshot -Path 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa' -LeaveFile
This will take a Registry Snapshot of the path 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa'
The temp snapshot file will be removed from the users temp directory. The file is saved with a guid value

EXAMPLE 4

Get-BluGenieRegSnapshot -Path 'HKEY_CURRENT_USER\Software\7-Zip'
Any values that match HKEY_CURRENT_USER will be convert to HKU keys and all loaded registry hives will be enumerated and
parsed. A Registry Snapshot of the path will be taken for each loaded hive that has the key path.

EXAMPLE 5

Get-BluGenieRegSnapshot -Path 'HKEY_CURRENT_USER\Software\7-Zip' -OutUnEscapedJSON
Any values that match HKEY_CURRENT_USER will be convert to HKU keys and all loaded registry hives will be enumerated and
parsed. A Registry Snapshot of the path will be taken for each loaded hive that has the key path.
The return will be a beautified json format

PARAMETERS

Path

-Path <String>
The path to the parent registry key
<Type>String<Type>
Required? false
Position? 1
Default value
Accept pipeline input? false
Accept wildcard characters? false

Walkthrough

-Walkthrough [<SwitchParameter>]
An automated process to walk through the current function and all the parameters
<Type>SwitchParameter<Type>
Required? false
Position? 2
Default value False
Accept pipeline input? false
Accept wildcard characters? false

ReturnObject

-ReturnObject [<SwitchParameter>]
Return information as an Object.
By default the data is returned as a Hash Table
<Type>SwitchParameter<Type>
Required? false
Position? 3
Default value False
Accept pipeline input? false
Accept wildcard characters? false

LeaveFile

-LeaveFile [<SwitchParameter>]
Do not remove snapshot file.
By default the data is saved has a GUID in the users temp directory
<Type>SwitchParameter<Type>
Required? false
Position? 4
Default value False
Accept pipeline input? false
Accept wildcard characters? false

OutUnEscapedJSON

-OutUnEscapedJSON [<SwitchParameter>]
Removed UnEsacped Char from the JSON Return.
This will beautify json and clean up the formatting.
<Type>SwitchParameter<Type>
Required? false
Position? 5
Default value False
Accept pipeline input? false
Accept wildcard characters? false

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.