循环通过HKEY_USERS

时间:2014-06-08 22:46:46

标签: powershell

我有以下代码 - 以管理员身份运行它应该可以访问所有HKEY_USERS加载的配置文件。但是,它没有通过以下内容查看:

您无法在空值表达式上调用方法。

尝试获取Run注册表路径中包含的值时失败:

$ runKeyNames = $ runKeySubKey.GetValueNames()

任何想法 - 请注意Run中有测试值!

$hkeyUsersHIVE = [Microsoft.Win32.RegistryHive]::Users

$hkeyUsers = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey($hkeyUsersHIVE, $env:COMPUTERNAME)
$hkeyUsersSubkeys = $hkeyUsers.GetSubKeyNames()


$hkeyUsersSubkeys | % {
    "$_"
    $runKey = "$_\software\Microsoft\Windows\CurrentVersion\Run"       
            $runKeySubKey = $hkeyUsers.OpenSubKey($runKey)
            $runKeyNames = $runKeySubKey.GetValueNames()     
                if ($runKeyNames -match "phrase") 
                {
                    "$ENV:computername -- $("HKEY_USERS:\$_\SOFTWARE\Microsoft\Windows\CurrentVersion\Run") -- EXISTS-- Key Found: $($runKeyNames -match "phrase")" 
                }else{       
                    "$ENV:computername -- $("HKEY_USERS:\$_\SOFTWARE\Microsoft\Windows\CurrentVersion\Run") -- DOESN'T EXIST"  
                }

    }

1 个答案:

答案 0 :(得分:1)

并非HKEY_USERS下的所有用户条目都有我所知道的“运行”键。试试这个:

$hkeyUsers = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('USERS', $env:COMPUTERNAME)
$hkeyUsersSubkeys = $hkeyUsers.GetSubKeyNames()

$hkeyUsersSubkeys | % {
    "$_"
    $runKey = "$_\software\Microsoft\Windows\CurrentVersion\Run"       
    $runKeySubKey = $hkeyUsers.OpenSubKey($runKey)
    if ($runKeySubKey) {
        $runKeyNames = $runKeySubKey.GetValueNames()     
        if ($runKeyNames -match "phrase") {
            "$ENV:computername -- $("HKEY_USERS:\$_\SOFTWARE\Microsoft\Windows\CurrentVersion\Run") -- EXISTS-- Key Found: $($runKeyNames -match "phrase")" 
        }
        else {       
            "$ENV:computername -- $("HKEY_USERS:\$_\SOFTWARE\Microsoft\Windows\CurrentVersion\Run") -- DOESN'T EXIST"  
        }
    }
    else {
        Write-Warning "Skipping $runKey, does not have a Run key"
    }
}