header
header Register : : Login header
header
divider
menuleft
menuright
submenu
left

We have a new sponsor!  Introducting Pragma Systems.  See the home page for details.
Unanswered Active Topics Forums Search Members
Forums > Using PowerShell > General PowerShell
how to read a registry subkey
Last Post 19 Mar 2010 10:16 PM by mirth. 5 Replies.
Printer Friendly
Sort:
PrevPrev NextNext
You are not authorized to post a reply.
Author Messages
mirthUser is Offline
New Member
New Member
Posts:3
Avatar

--
05 Mar 2010 10:25 PM  
I've been asked to write a program to remotely delete user profiles.
I've come across one problem.
In my function, I can enumerate out the sids from the profile list easily enough. But I have to open each of the subkeys to see if the user can be deleted or not.

#*=============================================
Function Profilelist {
$regKey=$regKey.OpenSubKey("SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList",$true)
$Profiles=$regKey.GetSubKeyNames()
foreach ($sid in $Profiles)
    {
if ($sid.length -gt 8 )
{
$regkey=$regkey.OpenSubkey("SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\$sid\CentralProfile",$True)
#$CentralProfiles=$regkey.get_ValueCount()
}
    }
                    }
#*=============================================
I'm not sure how or if the regkey can use that string I'm trying to concatenate.
All I am trying to do is read the CentralProfiles string value, and if is not user A B C or D then delete it
I've also tried this
$regkey=$regkey.OpenSubkey($sid,$True)
if ($regkey.GetValueNames() -eq "CentralProfile")
I get this error

You cannot call a method on a null-valued expression.
Does anyknow know how I can query the value of this registry into a string?
$centralprofilelist=("SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\"+$sid+"\CentralProfile")
Cruisader03User is Offline
Basic Member
Basic Member
Posts:243
Avatar

--
05 Mar 2010 10:46 PM  
Please post your entire script so we can see what happens before the function?
When at first you don't succeed Step-Into

http://theposherlife.blogspot.com
http://www.jandctravels.com
glnsizeUser is Offline
Basic Member
Basic Member
Posts:186

--
06 Mar 2010 02:20 AM  
First things first, are you familiar with delprof? I would not remove profiles with a script, unless that script automated delprof. I don't like reinventing the wheel.... Plenty of new problems to solve.

Having said that, you can accomplish what you're after like so; 

Get-ChildItem 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList'| 
    Where-object{$_.PSChildName.length -gt 8} | 
    Get-ItemProperty -Name CentralProfile


Hope that helps,
~Glenn
Cruisader03User is Offline
Basic Member
Basic Member
Posts:243
Avatar

--
06 Mar 2010 07:47 PM  
GCI only works with local registrys, not remote.

I totally agree with using existing apps (especially when they are free and supported) like delprof, the user hive profile cleanup service, and regunld for citrix.
When at first you don't succeed Step-Into

http://theposherlife.blogspot.com
http://www.jandctravels.com
mirthUser is Offline
New Member
New Member
Posts:3
Avatar

--
19 Mar 2010 05:46 PM  
Sorry it tool so long to reply. Delprofs doesn't quite do what we need it to do. there is a number of accounts that cannot be deleted or we're pooched. For example on our terminal servers, there are CTX accounts that cannot be deleted. So this code is to delete the profile list registries, then each associated folder.

For example, the profile list on a computer is located at this registry location...
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

there is a subkey associated off that of the users sid, which mades that registry key look like this
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-484763869-790525478-839522115-500

there is a key inside that registry entry called "CentralProfile"
It contains the path to the users profile. So if it starts with \\ then its a network profile can be deleted.
However I can't open that CentralProfile key. Its a reg_sz, so it should work!
What compounds this problem, is that this registry is on a remote computer.
So I got something like this to read the sid

$MachineName = 'vm002'
$MachineNamepath="\\"+$MachineName+"\c$\documents and settings"


#* SCRIPT BODY
    #open up the remote machines's registry
    $regKey = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey([Microsoft.Win32.RegistryHive]::LocalMachine, $MachineName)

This opens the remote registry. then in a function
This loads in the profile list registry keys$regKey=$regKey.OpenSubKey("SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList",$true)
$Profiles=$regKey.GetSubKeyNames()

I get all the sids this way

foreach ($sid in $Profiles)
    {
$regKey2=$regKey.OpenSubKey($sid)

#if the sid is longer than 8 characters then   
    if ($sid.length -gt 8 )
        {
#this is where i am stuck
I need to read the value

$CentralProfile=HKLM(of the remote machine from $regkey)\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-484763869-790525478-839522115-500\CentralProfile
}
I can do it with vbscript, but I just cant figure out how to do it with Powershell.
Any ideas?
mirthUser is Offline
New Member
New Member
Posts:3
Avatar

--
19 Mar 2010 10:16 PM  
got it

#*=============================================
Function Profilelist {
$regKey=$regKey.OpenSubKey("SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList",$true)
$Profiles=$regKey.GetSubKeyNames()
foreach ($sid in $Profiles)
    {
$regKey2=$regKey.OpenSubKey($sid)
   
    if ($sid.length -gt 8 )
        {
Foreach($val in $regKey2.GetValueNames())
            {
    if ( $val -eq "CentralProfile"){ Write-Host $regKey2.GetValue("$val") }
               }
        }
    }
                        }

#*=============================================
You are not authorized to post a reply.
Forums > Using PowerShell > General PowerShell
Active Forums 4.1
right
   
footer Sponsored by Quest Software • SAPIEN Technologies • Compellent • Microsoft Windows Server 2008 footer
footer