{"id":385398,"date":"2024-11-21T10:07:22","date_gmt":"2024-11-21T10:07:22","guid":{"rendered":"https:\/\/www.ninjaone.com\/?post_type=script_hub&p=385398"},"modified":"2024-11-21T10:07:22","modified_gmt":"2024-11-21T10:07:22","slug":"nach-windows-registrierungsschluesseln-suchen","status":"publish","type":"script_hub","link":"https:\/\/www.ninjaone.com\/de\/script-hub\/nach-windows-registrierungsschluesseln-suchen\/","title":{"rendered":"Wie man nach Windows-Registrierungsschl\u00fcsseln, Eigenschaften und Werten mit PowerShell sucht"},"content":{"rendered":"

PowerShell-Skripterstellung ist eine essenzielle F\u00e4higkeit f\u00fcr IT-Experten und Managed Service Provider (MSPs)<\/a>, die ihre Abl\u00e4ufe rationalisieren und ihre Effizienz<\/a> steigern m\u00f6chten. Ein solches leistungsf\u00e4higes Skript dient dazu, die Windows-Registrierung<\/strong> nach bestimmten Schl\u00fcsselpfaden, Eigenschaften oder Werten zu durchsuchen<\/strong>. Diese F\u00e4higkeit kann bei der Fehlersuche, der \u00dcberpr\u00fcfung und der Verwaltung von Windows-Umgebungen erheblich helfen und ist daher ein unverzichtbares Tool f\u00fcr alle IT-Experten, die eine gro\u00dfe Anzahl von Systemen verwalten.<\/p>\n

Kontext<\/h2>\n

Die Windows-Registrierung ist eine hierarchische Datenbank, in der Low-Level-Einstellungen f\u00fcr das Betriebssystem und die installierten Anwendungen gespeichert werden. IT-Experten m\u00fcssen diese umfangreiche Datenbank h\u00e4ufig durchsuchen, um bestimmte Konfigurationen zu finden, Probleme zu beheben oder Einstellungen zu \u00fcberpr\u00fcfen. Die manuelle Suche kann m\u00fchsam und fehleranf\u00e4llig sein, vor allem wenn es um tief verschachtelte Schl\u00fcssel geht. Dieses Skript automatisiert die Suche nach Windows-Registrierungsschl\u00fcsseln und bietet einen zuverl\u00e4ssigen und effizienten Weg zum Auffinden von Registrierungsinformationen auf der Grundlage bestimmter Suchkriterien.<\/p>\n

Das Skript zur automatisierten Suche nach Windows-Registrierungsschl\u00fcsseln<\/h2>\n
#Requires -Version 5.1\r\n\r\n<#\r\n.SYNOPSIS\r\n    Find a registry key path, property or value that contains your given search text. Larger depth values may increase script runtime.\r\n.DESCRIPTION\r\n    Find a registry key path, property or value that contains your given search text. Larger depth values may increase script runtime.\r\n.EXAMPLE\r\n    -RootKey \"HKEY_USERS\" -SearchPath \"*\\Software\" -Search \"Microsoft\" -Path -Property -Value\r\n\r\n    WARNING: Matching registry path names found!\r\n    WARNING: Matching registry properties found!\r\n    WARNING: Matching registry key values found!\r\n\r\n\r\n    Path     : HKEY_USERS\\.DEFAULT\\Software\\AppDataLow\\Software\\Microsoft\r\n    Property : N\/A\r\n    Value    : N\/A\r\n\r\n    Path     : HKEY_USERS\\.DEFAULT\\Software\\Classes\\Local Settings\\MrtCache\\C:%5CProgram Files%5CWindowsApps%5CClipchamp.Clipchamp_2.9.1.0_neutral__yxz26nhyzhsrt%5Cresources.pri\\1da6c1775fdf538\\a37dfe62\r\n    Property : @{C:\\Program Files\\WindowsApps\\Clipchamp.Clipchamp_2.9.1.0_neutral__yxz26nhyzhsrt\\resources.pri? ms-resource:\/\/\/resources\/Clipchamp\/AppName}\r\n    Value    : Microsoft Clipchamp\r\n\r\n    Path     : HKEY_USERS\\.DEFAULT\\Software\\Classes\\Local Settings\\MrtCache\\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.BingNews_4.55.62231.0_x64__8wekyb3d8bbwe%5Cresources.pri\\1da6c1719ed8ee6\\a37dfe62\r\n    Property : @{C:\\Program Files\\WindowsApps\\Microsoft.BingNews_4.55.62231.0_x64__8wekyb3d8bbwe\\resources.pri? ms-resource:\/\/\/resources\/ApplicationTitleWithTagline}\r\n    Value    : News\r\n\r\n    Path     : HKEY_USERS\\.DEFAULT\\Software\\Classes\\Local Settings\\MrtCache\\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.BingWeather_1.0.6.0_x64__8wekyb3d8bbwe%5Cresources.pri\\1d861e9fdbc0f2\\a37dfe62\r\n    Property : @{C:\\Program Files\\WindowsApps\\Microsoft.BingWeather_1.0.6.0_x64__8wekyb3d8bbwe\\resources.pri? ms-resource:\/\/\/resources\/ApplicationTitleWithBranding}\r\n    Value    : MSN W...\r\n\r\nPARAMETER: -RootKey \"HKEY_LOCAL_MACHINE\"\r\n    Enter the root registry key where your search will begin.\r\n\r\nPARAMETER: -SearchPath \"SOFTWARE\\ReplaceMe\"\r\n    Specify the subpath within the selected root key where the registry search should start. Exclude the root key from this path.\r\n\r\nPARAMETER: -Search \"ReplaceMe\"\r\n    Enter the text that must be present in the registry path, property, or value for it to be considered a match in the search results.\r\n\r\nPARAMETER: -Depth \"3\"\r\n    Set the maximum number of levels deep to search within the registry from the specified path. Increasing this value can significantly impact script performance due to deeper searches.\r\n\r\nPARAMETER: -CustomField \"ReplaceMeWithAnyMultilineCustomField\"\r\n    Specifies the name of an optional multiline custom field where results can be sent. Leave blank if not applicable.\r\n\r\nPARAMETER: -Path\r\n    If selected, the search will include registry key paths that contain the specified 'Search For' text as part of the search results.\r\n\r\nPARAMETER: -Property\r\n    If selected, the search will include registry key properties (names) that contain the specified 'Search For' text as part of the search results.\r\n\r\nPARAMETER: -Value\r\n    If selected, the search will include registry key values that contain the specified 'Search For' text as part of the search results.\r\n\r\n.NOTES\r\n    Minimum OS Architecture Supported: Windows 10, Windows Server 2016\r\n    Release Notes: Initial Release\r\nBy using this script, you indicate your acceptance of the following legal terms as well as our Terms of Use at https:\/\/www.ninjaone.com\/terms-of-use.\r\n    Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms. \r\n    Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party. \r\n    Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library or website belonging to or under the control of any other software provider. \r\n    Warranty Disclaimer: The script is provided \u201cas is\u201d and \u201cas available\u201d, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations. \r\n    Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks. \r\n    Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script. \r\n    EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).\r\n#>\r\n\r\n[CmdletBinding()]\r\nparam (\r\n    [Parameter()]\r\n    [String]$RootKey = \"HKEY_LOCAL_MACHINE\",\r\n    [Parameter()]\r\n    [String]$SearchPath,\r\n    [Parameter()]\r\n    [String]$Search,\r\n    [Parameter()]\r\n    [int]$Depth = 4,\r\n    [Parameter()]\r\n    [String]$CustomField,\r\n    [Parameter()]\r\n    [Switch]$Path = [System.Convert]::ToBoolean($env:searchForMatchingKeyPaths),\r\n    [Parameter()]\r\n    [Switch]$Property = [System.Convert]::ToBoolean($env:searchForMatchingKeyProperties),\r\n    [Parameter()]\r\n    [Switch]$Value = [System.Convert]::ToBoolean($env:searchForMatchingKeyValues)\r\n)\r\n\r\nbegin {\r\n    if ($env:rootKeyToSearch -and $env:rootKeyToSearch -notlike \"null\") { $RootKey = $env:rootKeyToSearch }\r\n    if ($env:searchPath -and $env:searchPath -notlike \"null\") { $SearchPath = $env:searchPath }\r\n    if ($env:searchFor -and $env:searchFor -notlike \"null\") { $Search = $env:searchFor }\r\n    if ($env:searchDepth -and $env:searchDepth -notlike \"null\") { $Depth = $env:searchDepth }\r\n    if ($env:customFieldName -and $env:customFieldName -notlike \"null\") { $CustomField = $env:customFieldName }\r\n\r\n    # Error out if we're not told to match the search string with anything.\r\n    if (-not $Path -and -not $Property -and -not $Value) {\r\n        Write-Host \"[Error] You must select the option to either match based on the key path, the property name, or the value.\"\r\n        exit 1\r\n    }\r\n\r\n    # If no search string is given error out.\r\n    if ( -not $Search) {\r\n        Write-Host \"[Error] You must specify something to search for.\"\r\n        exit 1\r\n    }\r\n\r\n    # If we're not given a search path error out.\r\n    if ( -not $SearchPath) {\r\n        Write-Host \"[Error] You must specify a path to search, e.g., 'SOFTWARE\\Microsoft'.\"\r\n        exit 1\r\n    }\r\n\r\n    # If no root key is given error out.\r\n    if ( -not $RootKey) {\r\n        Write-Host \"[Error] You must specify a root key to search in.\"\r\n        exit 1\r\n    }\r\n\r\n    # Valid root keys for the search.\r\n    $ValidRootKeys = \"HKEY_LOCAL_MACHINE\", \"HKEY_CLASSES_ROOT\", \"HKEY_USERS\", \"HKEY_CURRENT_CONFIG\", \"HKEY_CURRENT_USER\"\r\n    if ($ValidRootKeys -notcontains $RootKey) {\r\n        Write-Host \"[Error] You must specify a valid root key! Valid root keys are 'HKEY_LOCAL_MACHINE', 'HKEY_CLASSES_ROOT', 'HKEY_USERS', 'HKEY_CURRENT_CONFIG', and 'HKEY_CURRENT_USER'.\"\r\n        exit 1\r\n    }\r\n\r\n    # Remove accidental backslashes.\r\n    if ($SearchPath -match \"^\\\\\") {\r\n        $SearchPath = $SearchPath -replace \"^\\\\\"\r\n        Write-Warning \"An extra backslash was detected; changing the search path to $SearchPath.\"\r\n    }\r\n\r\n    # If the search path is not valid error out.\r\n    if (-not (Test-Path \"Registry::$RootKey\\$SearchPath\")) {\r\n        Write-Host \"[Error] Search path $RootKey\\$SearchPath does not exist! Please specify an existing registry path to start the search from!\"\r\n        exit 1\r\n    }\r\n\r\n    # Depth must be greater than 0.\r\n    if ( -not $Depth -or $Depth -lt 1) {\r\n        Write-Host \"[Error] Depth must be greater than 0.\"\r\n        exit 1\r\n    }\r\n\r\n    # If depth is 5 or higher, output a warning.\r\n    if ($Depth -ge 5) {\r\n        Write-Warning \"Executing deep registry searches may significantly extend script runtime.\"\r\n    }\r\n\r\n    # If HKEY_USERS is used we'll need a list of User Profiles and where to mount the corresponding registry hives.\r\n    function Get-UserHives {\r\n        param (\r\n            [Parameter()]\r\n            [ValidateSet('AzureAD', 'DomainAndLocal', 'All')]\r\n            [String]$Type = \"All\",\r\n            [Parameter()]\r\n            [String[]]$ExcludedUsers,\r\n            [Parameter()]\r\n            [switch]$IncludeDefault\r\n        )\r\n    \r\n        # User account SID's follow a particular pattern depending on if they're Azure AD, a Domain account, or a local \"workgroup\" account.\r\n        $Patterns = switch ($Type) {\r\n            \"AzureAD\" { \"S-1-12-1-(\\d+-?){4}$\" }\r\n            \"DomainAndLocal\" { \"S-1-5-21-(\\d+-?){4}$\" }\r\n            \"All\" { \"S-1-12-1-(\\d+-?){4}$\" ; \"S-1-5-21-(\\d+-?){4}$\" } \r\n        }\r\n    \r\n        # We'll need the NTUSER.DAT file to load each user's registry hive. So we grab it if their account SID matches the above pattern. \r\n        $UserProfiles = Foreach ($Pattern in $Patterns) { \r\n            Get-ItemProperty \"HKLM:\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\*\" |\r\n                Where-Object { $_.PSChildName -match $Pattern } | \r\n                Select-Object @{Name = \"SID\"; Expression = { $_.PSChildName } },\r\n                @{Name = \"UserName\"; Expression = { \"$($_.ProfileImagePath | Split-Path -Leaf)\" } }, \r\n                @{Name = \"UserHive\"; Expression = { \"$($_.ProfileImagePath)\\NTuser.dat\" } }, \r\n                @{Name = \"Path\"; Expression = { $_.ProfileImagePath } }\r\n        }\r\n    \r\n        # There are some situations where grabbing the .Default user's info is needed.\r\n        switch ($IncludeDefault) {\r\n            $True {\r\n                $DefaultProfile = \"\" | Select-Object UserName, SID, UserHive, Path\r\n                $DefaultProfile.UserName = \"Default\"\r\n                $DefaultProfile.SID = \"DefaultProfile\"\r\n                $DefaultProfile.Userhive = \"$env:SystemDrive\\Users\\Default\\NTUSER.DAT\"\r\n                $DefaultProfile.Path = \"C:\\Users\\Default\"\r\n    \r\n                $DefaultProfile | Where-Object { $ExcludedUsers -notcontains $_.UserName }\r\n            }\r\n        }\r\n    \r\n        $UserProfiles | Where-Object { $ExcludedUsers -notcontains $_.UserName }\r\n    }\r\n\r\n    function Test-IsElevated {\r\n        $id = [System.Security.Principal.WindowsIdentity]::GetCurrent()\r\n        $p = New-Object System.Security.Principal.WindowsPrincipal($id)\r\n        $p.IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator)\r\n    }\r\n\r\n    # This function makes it easier to set Custom Fields.\r\n    function Set-NinjaProperty {\r\n        [CmdletBinding()]\r\n        Param(\r\n            [Parameter(Mandatory = $True)]\r\n            [String]$Name,\r\n            [Parameter()]\r\n            [String]$Type,\r\n            [Parameter(Mandatory = $True, ValueFromPipeline = $True)]\r\n            $Value,\r\n            [Parameter()]\r\n            [String]$DocumentName\r\n        )\r\n    \r\n        $Characters = $Value | Measure-Object -Character | Select-Object -ExpandProperty Characters\r\n        if ($Characters -ge 10000) {\r\n            throw [System.ArgumentOutOfRangeException]::New(\"Character limit exceeded, value is greater than 10,000 characters.\")\r\n        }\r\n        \r\n        # If we're requested to set the field value for a Ninja document we'll specify it here.\r\n        $DocumentationParams = @{}\r\n        if ($DocumentName) { $DocumentationParams[\"DocumentName\"] = $DocumentName }\r\n        \r\n        # This is a list of valid fields that can be set. If no type is given, it will be assumed that the input doesn't need to be changed.\r\n        $ValidFields = \"Attachment\", \"Checkbox\", \"Date\", \"Date or Date Time\", \"Decimal\", \"Dropdown\", \"Email\", \"Integer\", \"IP Address\", \"MultiLine\", \"MultiSelect\", \"Phone\", \"Secure\", \"Text\", \"Time\", \"URL\", \"WYSIWYG\"\r\n        if ($Type -and $ValidFields -notcontains $Type) { Write-Warning \"$Type is an invalid type! Please check here for valid types. https:\/\/ninjarmm.zendesk.com\/hc\/en-us\/articles\/16973443979789-Command-Line-Interface-CLI-Supported-Fields-and-Functionality\" }\r\n        \r\n        # The field below requires additional information to be set\r\n        $NeedsOptions = \"Dropdown\"\r\n        if ($DocumentName) {\r\n            if ($NeedsOptions -contains $Type) {\r\n                # We'll redirect the error output to the success stream to make it easier to error out if nothing was found or something else went wrong.\r\n                $NinjaPropertyOptions = Ninja-Property-Docs-Options -AttributeName $Name @DocumentationParams 2>&1\r\n            }\r\n        }\r\n        else {\r\n            if ($NeedsOptions -contains $Type) {\r\n                $NinjaPropertyOptions = Ninja-Property-Options -Name $Name 2>&1\r\n            }\r\n        }\r\n        \r\n        # If an error is received it will have an exception property, the function will exit with that error information.\r\n        if ($NinjaPropertyOptions.Exception) { throw $NinjaPropertyOptions }\r\n        \r\n        # The below type's require values not typically given in order to be set. The below code will convert whatever we're given into a format ninjarmm-cli supports.\r\n        switch ($Type) {\r\n            \"Checkbox\" {\r\n                # While it's highly likely we were given a value like \"True\" or a boolean datatype it's better to be safe than sorry.\r\n                $NinjaValue = [System.Convert]::ToBoolean($Value)\r\n            }\r\n            \"Date or Date Time\" {\r\n                # Ninjarmm-cli expects the  Date-Time to be in Unix Epoch time so we'll convert it here.\r\n                $Date = (Get-Date $Value).ToUniversalTime()\r\n                $TimeSpan = New-TimeSpan (Get-Date \"1970-01-01 00:00:00\") $Date\r\n                $NinjaValue = $TimeSpan.TotalSeconds\r\n            }\r\n            \"Dropdown\" {\r\n                # Ninjarmm-cli is expecting the guid of the option we're trying to select. So we'll match up the value we were given with a guid.\r\n                $Options = $NinjaPropertyOptions -replace '=', ',' | ConvertFrom-Csv -Header \"GUID\", \"Name\"\r\n                $Selection = $Options | Where-Object { $_.Name -eq $Value } | Select-Object -ExpandProperty GUID\r\n        \r\n                if (-not $Selection) {\r\n                    throw [System.ArgumentOutOfRangeException]::New(\"Value is not present in dropdown\")\r\n                }\r\n        \r\n                $NinjaValue = $Selection\r\n            }\r\n            default {\r\n                # All the other types shouldn't require additional work on the input.\r\n                $NinjaValue = $Value\r\n            }\r\n        }\r\n        \r\n        # We'll need to set the field differently depending on if its a field in a Ninja Document or not.\r\n        if ($DocumentName) {\r\n            $CustomField = Ninja-Property-Docs-Set -AttributeName $Name -AttributeValue $NinjaValue @DocumentationParams 2>&1\r\n        }\r\n        else {\r\n            $CustomField = Ninja-Property-Set -Name $Name -Value $NinjaValue 2>&1\r\n        }\r\n        \r\n        if ($CustomField.Exception) {\r\n            throw $CustomField\r\n        }\r\n    }\r\n\r\n    $ExitCode = 0\r\n}\r\nprocess {\r\n    # Test for local administrator rights.\r\n    if (-not (Test-IsElevated)) {\r\n        Write-Host -Object \"[Error] Access Denied. Please run with Administrator privileges.\"\r\n        exit 1\r\n    }\r\n\r\n    # Load unloaded profiles if asked to search in HKEY_USERS.\r\n    if ($RootKey -eq \"HKEY_USERS\") {\r\n        $UserProfiles = Get-UserHives -Type \"All\"\r\n        $ProfileWasLoaded = New-Object System.Collections.Generic.List[string]\r\n\r\n        # Loop through each profile on the machine.\r\n        Foreach ($UserProfile in $UserProfiles) {\r\n            # Load user's NTUSER.DAT if it's not already loaded.\r\n            If ((Test-Path Registry::HKEY_USERS\\$($UserProfile.SID)) -eq $false) {\r\n                Start-Process -FilePath \"cmd.exe\" -ArgumentList \"\/C reg.exe LOAD HKU\\$($UserProfile.SID) `\"$($UserProfile.UserHive)`\"\" -Wait -WindowStyle Hidden\r\n                $ProfileWasLoaded.Add(\"$($UserProfile.SID)\")\r\n            }\r\n        }\r\n    }\r\n\r\n    # Retrieve all the registry keys with the given parameters.\r\n    $RegistryKeys = Get-ChildItem -Path \"Registry::$RootKey\\$SearchPath\" -Depth $Depth -Recurse -ErrorAction SilentlyContinue -ErrorVariable RegistryErrors\r\n\r\n    if ($RootKey -eq \"HKEY_USERS\") {\r\n        # Unload all hives that were loaded for this script.\r\n        ForEach ($UserHive in $ProfileWasLoaded) {\r\n            If ($ProfileWasLoaded -eq $false) {\r\n                [gc]::Collect()\r\n                Start-Sleep 1\r\n                Start-Process -FilePath \"cmd.exe\" -ArgumentList \"\/C reg.exe UNLOAD HKU\\$($UserHive)\" -Wait -WindowStyle Hidden | Out-Null\r\n            }\r\n        }\r\n    }\r\n\r\n    # Initialize generic lists.\r\n    $AllKeys = New-Object System.Collections.Generic.List[object]\r\n    $MatchingKeys = New-Object System.Collections.Generic.List[object]\r\n    $CustomFieldValue = New-Object System.Collections.Generic.List[string]\r\n\r\n    # For each registry key, retrieve all properties and values if available.\r\n    $RegistryKeys | ForEach-Object {\r\n        $RegistryPath = $_.PSPATH -replace \"Microsoft.PowerShell.Core\\\\Registry::\"\r\n        try {\r\n            $ErrorActionPreference = \"Stop\"\r\n            $Properties = New-Object System.Collections.Generic.List[string]\r\n            $_.GetValueNames() | ForEach-Object { $Properties.Add($_) }\r\n            $Properties.Add(\"(default)\")\r\n        }\r\n        catch {\r\n            $Properties = $Null\r\n        }\r\n        $ErrorActionPreference = \"Continue\"\r\n\r\n        if (-not $Properties) {\r\n            $AllKeys.Add(\r\n                [PSCustomObject]@{\r\n                    Path     = $RegistryPath\r\n                    Property = \"N\/A\"\r\n                    Value    = \"N\/A\"\r\n                }\r\n            )\r\n            return\r\n        }\r\n\r\n        foreach ($PropertyName in $Properties) {\r\n            $ErrorActionPreference = \"SilentlyContinue\"\r\n            $RegValue = ($_ | Get-ItemProperty -ErrorVariable RegistryErrors).$PropertyName\r\n            $ErrorActionPreference = \"Continue\"\r\n            $AllKeys.Add(\r\n                [PSCustomObject]@{\r\n                    Path     = $RegistryPath\r\n                    Property = $PropertyName\r\n                    Value    = $RegValue\r\n                }\r\n            )\r\n        }\r\n    }\r\n\r\n    $MatchingValues = $False\r\n    $MatchingProperties = $False\r\n    $MatchingPaths = $False\r\n\r\n    # Match the registry keys based on the key path, property, or value. Add the results to the MatchingKeys generic list.\r\n    if ($Value) {\r\n        $AllKeys | Where-Object { $_.Value -match [regex]::Escape($Search) } | ForEach-Object {\r\n            $MatchingValues = $True \r\n            $MatchingKeys.Add($_) \r\n        }\r\n    }\r\n\r\n    if ($Property) {\r\n        $AllKeys | Where-Object { $_.Property -match [regex]::Escape($Search) } | ForEach-Object {\r\n            $MatchingProperties = $True \r\n            $MatchingKeys.Add($_) \r\n        }\r\n    }\r\n\r\n    if ($Path) {\r\n        $AllKeys | Where-Object { $_.Path -match $([regex]::Escape($Search)) } | ForEach-Object {\r\n            $MatchingPaths = $True \r\n            $MatchingKeys.Add($_) \r\n        }\r\n    }\r\n\r\n    if (-not $MatchingPaths -and -not $MatchingProperties -and -not $MatchingValues) {\r\n        $CustomFieldValue.Add(\"No matching registry keys found!\")\r\n        Write-Host \"No matching registry keys found!\"\r\n    }\r\n\r\n    # If we have any matches, output to Write-Warning.\r\n    if ($MatchingPaths) {\r\n        Write-Warning -Message \"Matching registry path names found!\"\r\n        $CustomFieldValue.Add(\"WARNING: Matching registry path names found!\")\r\n    }\r\n\r\n    if ($MatchingProperties) {\r\n        Write-Warning -Message \"Matching registry properties found!\"\r\n        $CustomFieldValue.Add(\"WARNING: Matching registry properties found!\")\r\n    }\r\n\r\n    if ($MatchingValues) {\r\n        Write-Warning -Message \"Matching registry key values found!\"\r\n        $CustomFieldValue.Add(\"WARNING: Matching registry key values found!\")\r\n    }\r\n    \r\n    if ($MatchingKeys) {\r\n        $KeysToReport = $MatchingKeys | Format-List Path, Property, Value | Out-String\r\n        $CustomFieldValue.Add($KeysToReport)\r\n    }\r\n\r\n    # For each error, output them at the bottom. Most of these errors are not going to be relevant.\r\n    $RegistryErrors | ForEach-Object {\r\n        $CustomFieldValue.Add(\"[Error] $($_.TargetObject)\")\r\n        $CustomFieldValue.Add(\"[Error] $($_.Exception.Message)\")\r\n    }\r\n\r\n    # Save the output to a custom field if a field name is provided.\r\n    if ($CustomField) {\r\n        try {\r\n            Write-Host \"Attempting to set Custom Field '$CustomField'.\"\r\n            Set-NinjaProperty -Name $CustomField -Value (($CustomFieldValue | Out-String) -replace \"`n\")\r\n            Write-Host \"Successfully set Custom Field '$CustomField'!\"\r\n        }\r\n        catch {\r\n            if ($_.Exception.Message) {\r\n                Write-Host \"[Error] $($_.Exception.Message)\"\r\n            }\r\n        \r\n            if ($_.Message) {\r\n                Write-Host \"[Error] $($_.Message)\"\r\n            }\r\n            $ExitCode = 1\r\n        }\r\n    }\r\n\r\n    # Activity Log output\r\n    if($MatchingKeys){\r\n        $KeysToReport | Write-Host\r\n    }\r\n\r\n    $RegistryErrors | ForEach-Object {\r\n        Write-Host \"[Error] $($_.TargetObject)\"\r\n        Write-Host \"[Error] $($_.Exception.Message)\"\r\n    }\r\n\r\n    exit $ExitCode\r\n}\r\nend {\r\n    \r\n    \r\n    \r\n}<\/pre>\n
 <\/p>\n\n
Greifen Sie auf \u00fcber 300 Skripte im NinjaOne Dojo zu.<\/p>\n
Zugang erhalten<\/a><\/p>\n<\/div>\n
Detailansicht<\/h2>\n
Das Skript beginnt mit der Definition von Parametern, die es den Benutzer:innen erm\u00f6glichen, den Stammschl\u00fcssel, den Suchpfad, den Suchtext und die Suchtiefe anzugeben und zu bestimmen, ob Pfade, Eigenschaften oder Werte in die Suche einbezogen werden sollen. Es verarbeitet auch Umgebungsvariablen, die diese Parameter vordefinieren k\u00f6nnen, was seine Flexibilit\u00e4t erh\u00f6ht.<\/p>\n
Validierungen und Vorbereitungen<\/h2>\n
Bevor das Skript mit der Suche fortf\u00e4hrt, f\u00fchrt es mehrere Pr\u00fcfungen durch:<\/p>\n
    \n
  1. Stammschl\u00fcssel-Validierung<\/strong>: Stellt sicher, dass der angegebene Stammschl\u00fcssel g\u00fcltig ist.<\/li>\n
  2. Pfadkorrektur<\/strong>: Entfernt alle zu Fehlern f\u00fchrenden umgedrehten Schr\u00e4gstriche aus dem Suchpfad.<\/li>\n
  3. Existenzpr\u00fcfung<\/strong>: \u00dcberpr\u00fcft, ob der angegebene Suchpfad innerhalb des Stammschl\u00fcssels vorhanden ist.<\/li>\n
  4. Tiefenpr\u00fcfung<\/strong>: Stellt sicher, dass der Tiefenwert gr\u00f6\u00dfer als Null ist.<\/li>\n<\/ol>\n
    Benutzer-Hive-Verwaltung<\/h2>\n
    Wenn die Suche den Stammschl\u00fcssel HKEY_USERS betrifft, l\u00e4dt das Skript dynamisch Hives der Benutzerregistrierung. Dies ist wichtig f\u00fcr die Suche nach benutzerspezifischen Einstellungen, die nicht standardm\u00e4\u00dfig geladen sind. Au\u00dferdem wird daf\u00fcr gesorgt, dass alle geladenen Hives nach der Suche entladen werden, um die Systemintegrit\u00e4t zu wahren.<\/p>\n
    Suche nach Windows-Registrierungsschl\u00fcsseln<\/h2>\n
    Die Kernfunktionalit\u00e4t besteht darin, den angegebenen Registrierungspfad rekursiv bis zur definierten Tiefe zu durchsuchen. Das Skript sammelt alle Registrierungsschl\u00fcssel und bewertet sie basierend auf den Suchkriterien (Pfad, Eigenschaft oder Wert). \u00dcbereinstimmende Schl\u00fcssel werden in einer Liste zusammengestellt und entsprechende Warnmeldungen ausgegeben.<\/p>\n
    Fehlerbehandlung und Berichterstattung<\/h2>\n
    W\u00e4hrend des gesamten Prozesses erfasst das Skript Fehler und protokolliert sie zur \u00dcberpr\u00fcfung. Dies ist besonders n\u00fctzlich, um Probleme, die w\u00e4hrend der Suche aufgetreten sind, zu identifizieren und zu l\u00f6sen. Die Ergebnisse, einschlie\u00dflich Fehlern und \u00dcbereinstimmungen, k\u00f6nnen auf Wunsch in ein benutzerdefiniertes Feld ausgegeben werden, was die Integration in Dokumentations- oder \u00dcberwachungstools erleichtert.<\/p>\n
    Beispiel f\u00fcr die Ausgabe<\/h2>\n
    Hier finden Sie ein Beispiel, wie das Skript Ergebnisse ausgeben k\u00f6nnte:<\/p>\n
    WARNUNG: \u00dcbereinstimmende Registrierungs-Pfadnamen gefunden!<\/p>\n
    WARNUNG: \u00dcbereinstimmende Registrierungseigenschaften gefunden!<\/p>\n
    WARNUNG: \u00dcbereinstimmende Registrierungsschl\u00fcssel-Werte gefunden!<\/p>\n
    Pfad: HKEY_USERS.DEFAULT\\Software\\AppDataLow\\Software\\Microsoft Property: N\/A Wert: N\/A<\/p>\n
    Pfad: HKEY_USERS.DEFAULT\\Software\\Classes\\Local Settings\\MrtCache… Property : @{…} Value: Microsoft Clipchamp<\/p>\n
    Potenzielle Anwendungsf\u00e4lle<\/h2>\n
    Stellen Sie sich einen IT-Experten vor, der \u00fcberpr\u00fcfen soll, ob alle Benutzer:innen in einem Unternehmen eine bestimmte Anwendungseinstellung richtig konfiguriert haben. Eine manuelle \u00dcberpr\u00fcfung der Registrierungseinstellungen aller Benutzer:innen w\u00e4re unpraktisch. Mit diesem Skript kann die Suche in allen Benutzerprofilen automatisiert werden, sodass Unstimmigkeiten schnell erkannt werden und die Einhaltung der Unternehmensrichtlinien gew\u00e4hrleistet ist.<\/p>\n
    \u00dcberpr\u00fcfung von Software-Installationen<\/h3>\n
    Ein anderes Szenario k\u00f6nnte die \u00dcberpr\u00fcfung von Softwareinstallationen auf mehreren Rechnern beinhalten. Das Skript kann nach Registrierungseintr\u00e4gen f\u00fcr eine bestimmte Software suchen und einen umfassenden Bericht dar\u00fcber erstellen, wo und wie die Software konfiguriert ist.<\/p>\n
    Vergleiche<\/h3>\n
    Im Vergleich zu manuellen Methoden oder der Verwendung einfacher Tools f\u00fcr die Suche nach Windows-Registrierungsschl\u00fcsseln bietet dieses Skript mehrere Vorteile:<\/p>\n