我有以下代码 - 以管理员身份运行它应该可以访问所有HKEY_USERS加载的配置文件。但是,它没有通过以下内容查看:
您无法在空值表达式上调用方法。
尝试获取Run注册表路径中包含的值时失败:
$ runKeyNames = $ runKeySubKey.GetValueNames()
任何想法 - 请注意Run中有测试值!
$hkeyUsersHIVE = [Microsoft.Win32.RegistryHive]::Users
$hkeyUsers = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey($hkeyUsersHIVE, $env:COMPUTERNAME)
$hkeyUsersSubkeys = $hkeyUsers.GetSubKeyNames()
$hkeyUsersSubkeys | % {
"$_"
$runKey = "$_\software\Microsoft\Windows\CurrentVersion\Run"
$runKeySubKey = $hkeyUsers.OpenSubKey($runKey)
$runKeyNames = $runKeySubKey.GetValueNames()
if ($runKeyNames -match "phrase")
{
"$ENV:computername -- $("HKEY_USERS:\$_\SOFTWARE\Microsoft\Windows\CurrentVersion\Run") -- EXISTS-- Key Found: $($runKeyNames -match "phrase")"
}else{
"$ENV:computername -- $("HKEY_USERS:\$_\SOFTWARE\Microsoft\Windows\CurrentVersion\Run") -- DOESN'T EXIST"
}
}
答案 0 :(得分:1)
并非HKEY_USERS下的所有用户条目都有我所知道的“运行”键。试试这个:
$hkeyUsers = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('USERS', $env:COMPUTERNAME)
$hkeyUsersSubkeys = $hkeyUsers.GetSubKeyNames()
$hkeyUsersSubkeys | % {
"$_"
$runKey = "$_\software\Microsoft\Windows\CurrentVersion\Run"
$runKeySubKey = $hkeyUsers.OpenSubKey($runKey)
if ($runKeySubKey) {
$runKeyNames = $runKeySubKey.GetValueNames()
if ($runKeyNames -match "phrase") {
"$ENV:computername -- $("HKEY_USERS:\$_\SOFTWARE\Microsoft\Windows\CurrentVersion\Run") -- EXISTS-- Key Found: $($runKeyNames -match "phrase")"
}
else {
"$ENV:computername -- $("HKEY_USERS:\$_\SOFTWARE\Microsoft\Windows\CurrentVersion\Run") -- DOESN'T EXIST"
}
}
else {
Write-Warning "Skipping $runKey, does not have a Run key"
}
}