EnumValues

Enumerates the named values of a key.

Registry subkeys group entries with related information, and it is often useful to display that related information. Unfortunately, this is not necessarily a straightforward procedure; after all, you cannot read a registry value unless you use the appropriate method. But how can you call the appropriate method if you do not know the data type of the value being read?

Fortunately, you can accomplish this task by using the Registry Provider EnumValues method to retrieve an array containing the entry names and an array containing the data type of each entry. After you know the entry name and its data type, you can select the appropriate method to retrieve and display the value of each entry.

This method returns a null value for the array when the default value is the only one present. When writing scripts, be sure to check for the null value (using IsNull); this is a good practice before accessing any VBScript variant.

The List All Installed Software VBScript sample returns a list of all software installed on a computer, whether or not by Windows Installer, by reading installed applications from the registry.

The Gather Remote Firewall Status And Rules With Powershell sample gathers the firewall status and rules from multiple systems

The following VBScript code example shows how to enumerate the values under:

HKEY_LOCAL_MACHINE\SYSTEM\Current Control Set\Control\Lsa

You can save the script as a file with a .vbs extension and send the output to a file by executing the command line in the folder that contains the script:

cscript Filename.vbs > output.txt

Example

Do not run below example code just to see what happens next. Many methods seriously affect your system. Always make sure you actually understand what the method and the code do.

param
(
  [Parameter(Mandatory)]
  [UInt32]
  $hDefKey,

  [Parameter(Mandatory)]
  [String]
  $sSubKeyName
)


Invoke-CimMethod -ClassName StdRegProv -MethodName EnumValues -Arguments $PSBoundParameters

To run this method on one or more remote systems, use New-CimSession:

param
(
  [Parameter(Mandatory)]
  [UInt32]
  $hDefKey,

  [Parameter(Mandatory)]
  [String]
  $sSubKeyName,

  [String[]]
  $ComputerName,

  [PSCredential]
  $Credential
)


$session = New-CimSession -ComputerName $ComputerName -Credential $Credential

Invoke-CimMethod -ClassName StdRegProv -MethodName EnumValues -Arguments $PSBoundParameters -CimSession $session

Remove-CimSession -CimSession $session

Learn more about Invoke-CimMethod and invoking WMI methods.

Syntax

uint32 EnumValues(
  [in]  uint32 hDefKey = HKEY_LOCAL_MACHINE,
  [in]  string sSubKeyName,
  [out] string sNames[],
  [out] sint32 Types[]
);

Parameters

Name Type Description
hDefKey UInt32 Optional parameter that specifies the tree that contains the sSubKeyName path. The default value is HKEY_LOCAL_MACHINE (0x80000002). The following trees are defined in Winreg.h:
HKEY_CLASSES_ROOT (0x80000000)
HKEY_CURRENT_USER (0x80000001)
HKEY_LOCAL_MACHINE (0x80000002)
HKEY_USERS (0x80000003)
HKEY_CURRENT_CONFIG (0x80000005)
HKEY_DYN_DATA (0x80000006)
Note that HKEY_DYN_DATA is a valid tree for Windows 95 and Windows 98 computers only.
sSubKeyName String Specifies the path that contains the named values to be enumerated.

hDefKey

[Flags()]Enum StdRegProvhDefKey
{
  HKEY_CLASSES_ROOT     = 2147483648 # 
  HKEY_CURRENT_USER     = 2147483649 # 
  HKEY_LOCAL_MACHINE    = 2147483650 # 
  HKEY_USERS            = 2147483651 # 
  HKEY_CURRENT_CONFIG   = 2147483653 # 
}

Return Value

Returns a value of type UInt32. Typically, a value of 0 indicates success.

See Also

Additional methods implemented by StdRegProv:

CheckAccess()

CheckAccess() verifies that the user has the specified access permissions.

CreateKey()

CreateKey() creates a subkey.

DeleteKey()

DeleteKey() deletes a subkey.

DeleteValue()

DeleteValue() deletes a named value.

EnumKey()

EnumKey() enumerates subkeys.

GetBinaryValue()

GetBinaryValue() gets the binary data value of a named value.

GetDWORDValue()

GetDWORDValue() gets the DWORD data value of a named value.

GetExpandedStringValue()

GetExpandedStringValue() gets the expanded string data value of a named value.

GetMultiStringValue()

GetMultiStringValue() gets the multiple string data values of a named value.

GetQWORDValue()

GetQWORDValue() gets the QWORD data values of a named value.

GetSecurityDescriptor()

GetSecurityDescriptor() gets the security descriptor for a key.

GetStringValue()

GetStringValue() gets the string data value of a named value.

SetBinaryValue()

SetBinaryValue() sets the binary data value of a named value.

SetDWORDValue()

SetDWORDValue() sets the DWORD data value of a named value.

SetExpandedStringValue()

SetExpandedStringValue() sets the expanded string data value of a named value.

SetMultiStringValue()

SetMultiStringValue() sets the multiple string values of a named value.

SetQWORDValue()

SetQWORDValue() sets the QWORD data values of a named value.

SetSecurityDescriptor()

SetSecurityDescriptor() sets the security descriptor for a key.

SetStringValue()

SetStringValue() sets the string value of a named value.

Requirements

To use StdRegProv, the following requirements apply:

PowerShell

Get-CimInstance was introduced with PowerShell Version 3.0, which in turn was introduced on clients with Windows 8 and on servers with Windows Server 2012.

If necessary, update Windows PowerShell to Windows PowerShell 5.1, or install PowerShell 7 side-by-side.

Operating System

StdRegProv was introduced on clients with Windows Vista and on servers with Windows Server 2008.

Namespace

StdRegProv lives in the Namespace Root/CIMv2. This is the default namespace. There is no need to use the -Namespace parameter in Get-CimInstance.

Implementation

StdRegProv is implemented in Stdprov.dll and defined in RegEvent.mof. Both files are located in the folder C:\Windows\system32\wbem:

explorer $env:windir\system32\wbem
notepad $env:windir\system32\wbem\RegEvent.mof