The majority of registry values that hold useful information for a system administrator are made up of either alphanumeric characters (REG_SZ) or numbers (REG_DWORD). String values in the registry are often clearly interpretable words, such as the name of a component manufacturer. Registry values of other types, like binary values, cannot be interpreted quite so readily.
You can read REG_SZ and REG_DWORD values by using the GetStringValue and the GetDWORDValue methods, respectively.
The List Installed Applications on 32- or 64-Bit Computers VBScript code sample queries the registry for installed applications on either 32-bit or 64-bit systems.
The following VBScript sample returns a list of startup scripts displayed on a per-Group Policy Object (GPO) basis.
Example
Do not run below example code just to see what happens next. Many methods seriously affect your system. Always make sure you actually understand what the method and the code do.
param
(
[Parameter(Mandatory)]
[UInt32]
$hDefKey,
[Parameter(Mandatory)]
[String]
$sSubKeyName,
[Parameter(Mandatory)]
[String]
$sValueName
)
Invoke-CimMethod -ClassName StdRegProv -MethodName GetStringValue -Arguments $PSBoundParameters
To run this method on one or more remote systems, use New-CimSession:
param
(
[Parameter(Mandatory)]
[UInt32]
$hDefKey,
[Parameter(Mandatory)]
[String]
$sSubKeyName,
[Parameter(Mandatory)]
[String]
$sValueName,
[String[]]
$ComputerName,
[PSCredential]
$Credential
)
$session = New-CimSession -ComputerName $ComputerName -Credential $Credential
Invoke-CimMethod -ClassName StdRegProv -MethodName GetStringValue -Arguments $PSBoundParameters -CimSession $session
Remove-CimSession -CimSession $session
Learn more about
Invoke-CimMethodand invoking WMI methods.
Syntax
uint32 GetStringValue(
[in] uint32 hDefKey = HKEY_LOCAL_MACHINE,
[in] string sSubKeyName,
[in] string sValueName,
[out] string sValue
);
Parameters
| Name | Type | Description |
|---|---|---|
| hDefKey | UInt32 | Optional parameter that specifies the tree that contains the sSubKeyName path. The default value is HKEY_LOCAL_MACHINE (0x80000002). The following trees are defined in Winreg.h: HKEY_CLASSES_ROOT (0x80000000) HKEY_CURRENT_USER (0x80000001) HKEY_LOCAL_MACHINE (0x80000002) HKEY_USERS (0x80000003) HKEY_CURRENT_CONFIG (0x80000005) HKEY_DYN_DATA (0x80000006) Note that HKEY_DYN_DATA is a valid tree for Windows 95 and Windows 98 computers only. |
| sSubKeyName | String | Specifies the path that contains the named values. |
| sValueName | String | Specifies the named value whose data value you are retrieving. Specify an empty string to get the default named value. |
hDefKey
[Flags()]Enum StdRegProvhDefKey
{
HKEY_CLASSES_ROOT = 2147483648 #
HKEY_CURRENT_USER = 2147483649 #
HKEY_LOCAL_MACHINE = 2147483650 #
HKEY_USERS = 2147483651 #
HKEY_CURRENT_CONFIG = 2147483653 #
}
Return Value
Returns a value of type UInt32. Typically, a value of 0 indicates success.
See Also
Additional methods implemented by StdRegProv:
CheckAccess()
CheckAccess() verifies that the user has the specified access permissions.
CreateKey()
CreateKey() creates a subkey.
DeleteKey()
DeleteKey() deletes a subkey.
DeleteValue()
DeleteValue() deletes a named value.
EnumKey()
EnumKey() enumerates subkeys.
EnumValues()
EnumValues() enumerates the named values of a key.
GetBinaryValue()
GetBinaryValue() gets the binary data value of a named value.
GetDWORDValue()
GetDWORDValue() gets the DWORD data value of a named value.
GetExpandedStringValue()
GetExpandedStringValue() gets the expanded string data value of a named value.
GetMultiStringValue()
GetMultiStringValue() gets the multiple string data values of a named value.
GetQWORDValue()
GetQWORDValue() gets the QWORD data values of a named value.
GetSecurityDescriptor()
GetSecurityDescriptor() gets the security descriptor for a key.
SetBinaryValue()
SetBinaryValue() sets the binary data value of a named value.
SetDWORDValue()
SetDWORDValue() sets the DWORD data value of a named value.
SetExpandedStringValue()
SetExpandedStringValue() sets the expanded string data value of a named value.
SetMultiStringValue()
SetMultiStringValue() sets the multiple string values of a named value.
SetQWORDValue()
SetQWORDValue() sets the QWORD data values of a named value.
SetSecurityDescriptor()
SetSecurityDescriptor() sets the security descriptor for a key.
SetStringValue()
SetStringValue() sets the string value of a named value.
Requirements
To use StdRegProv, the following requirements apply:
PowerShell
Get-CimInstance was introduced with PowerShell Version 3.0, which in turn was introduced on clients with Windows 8 and on servers with Windows Server 2012.
If necessary, update Windows PowerShell to Windows PowerShell 5.1, or install PowerShell 7 side-by-side.
Operating System
StdRegProv was introduced on clients with Windows Vista and on servers with Windows Server 2008.
Namespace
StdRegProv lives in the Namespace Root/CIMv2. This is the default namespace. There is no need to use the -Namespace parameter in Get-CimInstance.
Implementation
StdRegProv is implemented in Stdprov.dll and defined in RegEvent.mof. Both files are located in the folder C:\Windows\system32\wbem:
explorer $env:windir\system32\wbem
notepad $env:windir\system32\wbem\RegEvent.mof