Registry values of the expanded string type are strings that include items that are evaluated only when the string value is actually used. For instance, a typical expanded string value is the one that holds the location of the TEMP directory:
%USERPROFILE%\Local Settings\Temp
The \Local Settings\Temp component of the string is treated literally, but the value of the %USERPROFILE% component can be determined only when it is actually accessed. This is because the value is dependent upon the user accessing the entry. If you look at the registry entry in Regedit.exe, you will see the value %USERPROFILE%\Local Settings\Temp. However, when you retrieve the value of the entry, the value will be something like this: C:\Documents and Settings\jsmith.REDMOND\Local Settings\Temp. In other words, the environment variable %USERPROFILE% is replaced with the folder (in this case, C:\Documents and Settings\jsmith.REDMOND) that contains the user profile.
The components of expanded string types that appear between percent symbols (%) correspond to environment variables and are dependent either on the aspects of the particular user or the current configuration of the computer.
You use the GetExpandedStringValue method to retrieve expanded string values. The method takes, as one of its parameters, a variable in which the retrieved value is stored. In the retrieved value, the components of the string that appear between percent symbols are automatically evaluated. This means your script will echo a value similar to “C:\Documents and Settings\jsmith.REDMOND\Local Settings\Temp” rather than a value like “%USERPROFILE%\Local Settings\Temp”.
The Add a Folder to Your Windows Path VBScript sample adds a new folder to your Windows path.
The Collect userprofile, recycle bin and selective folder size for remote servers PowerShell sample generates a report for all user profiles, user specified folders, and user recycle bin that are more than a specified size.
The following VBScript code example shows how to read the REG_EXPAND_SZ value that is located in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon. You can save the script as a file with a .vbs extension and send the output to a file by executing the command line in the folder that contains the script:
cscript Filename.vbs > output.txt
Example
Do not run below example code just to see what happens next. Many methods seriously affect your system. Always make sure you actually understand what the method and the code do.
param
(
[Parameter(Mandatory)]
[UInt32]
$hDefKey,
[Parameter(Mandatory)]
[String]
$sSubKeyName,
[Parameter(Mandatory)]
[String]
$sValueName
)
Invoke-CimMethod -ClassName StdRegProv -MethodName GetExpandedStringValue -Arguments $PSBoundParameters
To run this method on one or more remote systems, use New-CimSession
:
param
(
[Parameter(Mandatory)]
[UInt32]
$hDefKey,
[Parameter(Mandatory)]
[String]
$sSubKeyName,
[Parameter(Mandatory)]
[String]
$sValueName,
[String[]]
$ComputerName,
[PSCredential]
$Credential
)
$session = New-CimSession -ComputerName $ComputerName -Credential $Credential
Invoke-CimMethod -ClassName StdRegProv -MethodName GetExpandedStringValue -Arguments $PSBoundParameters -CimSession $session
Remove-CimSession -CimSession $session
Learn more about
Invoke-CimMethod
and invoking WMI methods.
Syntax
uint32 GetExpandedStringValue(
[in] uint32 hDefKey = HKEY_LOCAL_MACHINE,
[in] string sSubKeyName,
[in] string sValueName,
[out] string sValue
);
Parameters
Name | Type | Description |
---|---|---|
hDefKey | UInt32 | Optional parameter that specifies the tree that contains the sSubKeyName path. The default value is HKEY_LOCAL_MACHINE (0x80000002). The following trees are defined in Winreg.h: HKEY_CLASSES_ROOT (0x80000000) HKEY_CURRENT_USER (0x80000001) HKEY_LOCAL_MACHINE (0x80000002) HKEY_USERS (0x80000003) HKEY_CURRENT_CONFIG (0x80000005) HKEY_DYN_DATA (0x80000006) Note that HKEY_DYN_DATA is a valid tree for Windows 95 and Windows 98 computers only. |
sSubKeyName | String | Specifies the path that contains the named values. |
sValueName | String | Specifies the named value whose data value you are retrieving. Specify an empty string to get the default named value. |
hDefKey
[Flags()]Enum StdRegProvhDefKey
{
HKEY_CLASSES_ROOT = 2147483648 #
HKEY_CURRENT_USER = 2147483649 #
HKEY_LOCAL_MACHINE = 2147483650 #
HKEY_USERS = 2147483651 #
HKEY_CURRENT_CONFIG = 2147483653 #
}
Return Value
Returns a value of type UInt32. Typically, a value of 0 indicates success.
See Also
Additional methods implemented by StdRegProv:
CheckAccess()
CheckAccess() verifies that the user has the specified access permissions.
CreateKey()
CreateKey() creates a subkey.
DeleteKey()
DeleteKey() deletes a subkey.
DeleteValue()
DeleteValue() deletes a named value.
EnumKey()
EnumKey() enumerates subkeys.
EnumValues()
EnumValues() enumerates the named values of a key.
GetBinaryValue()
GetBinaryValue() gets the binary data value of a named value.
GetDWORDValue()
GetDWORDValue() gets the DWORD data value of a named value.
GetMultiStringValue()
GetMultiStringValue() gets the multiple string data values of a named value.
GetQWORDValue()
GetQWORDValue() gets the QWORD data values of a named value.
GetSecurityDescriptor()
GetSecurityDescriptor() gets the security descriptor for a key.
GetStringValue()
GetStringValue() gets the string data value of a named value.
SetBinaryValue()
SetBinaryValue() sets the binary data value of a named value.
SetDWORDValue()
SetDWORDValue() sets the DWORD data value of a named value.
SetExpandedStringValue()
SetExpandedStringValue() sets the expanded string data value of a named value.
SetMultiStringValue()
SetMultiStringValue() sets the multiple string values of a named value.
SetQWORDValue()
SetQWORDValue() sets the QWORD data values of a named value.
SetSecurityDescriptor()
SetSecurityDescriptor() sets the security descriptor for a key.
SetStringValue()
SetStringValue() sets the string value of a named value.
Requirements
To use StdRegProv, the following requirements apply:
PowerShell
Get-CimInstance
was introduced with PowerShell Version 3.0, which in turn was introduced on clients with Windows 8 and on servers with Windows Server 2012.
If necessary, update Windows PowerShell to Windows PowerShell 5.1, or install PowerShell 7 side-by-side.
Operating System
StdRegProv was introduced on clients with Windows Vista and on servers with Windows Server 2008.
Namespace
StdRegProv lives in the Namespace Root/CIMv2. This is the default namespace. There is no need to use the -Namespace parameter in Get-CimInstance
.
Implementation
StdRegProv is implemented in Stdprov.dll and defined in RegEvent.mof. Both files are located in the folder C:\Windows\system32\wbem
:
explorer $env:windir\system32\wbem
notepad $env:windir\system32\wbem\RegEvent.mof