I'm currently writing a script that will scan a list of servers and check a certain REG_SZ registry value. My code works perfectly until I need to read from a (Default) value.
Examples
$regValue = (Get-RegString -Hive LocalMachine -Key "SOFTWARE\Microsoft\Windows NT\CurrentVersion\InifileMapping\control.ini" -Value Current).data
This returns good data.
$regValue = (Get-RegString -Hive LocalMachine -Key "SOFTWARE\Microsoft\Windows NT\CurrentVersion\InifileMapping\RegEdt32.ini" -Value Default).data
This returns "Cannot find value [Default] because it does not exist.
$regValue = (Get-RegString -Hive LocalMachine -Key "SOFTWARE\Microsoft\Windows NT\CurrentVersion\InifileMapping\RegEdt32.ini" -Value "(Default)").data
This returns "Cannot find value [(Default)] because it does not exist.
I'm open to using other methods to get the values.
The PSRemoteRegistry module actually includes a command specifically for retrieving registry key default values: Get-RegDefault
Using your example, the command and resulting output:
PS C:\WINDOWS\system32> (Get-RegDefault -Hive LocalMachine -Key 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\InifileMapping\RegEdt32.ini').DataUSR:Software\Microsoft\RegEdt32
There is a potential problem with using Get-RegDefault, which is the error it throws when there is no data set at all for the "(Default)" key value:
PS C:\WINDOWS\system32> (Get-RegDefault -Hive LocalMachine -Key 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\InifileMapping').DataGet-RegDefault : Exception calling "GetValueKind" with "1" argument(s): "The specified registry key does not exist."
At line:1 char:2
+ (Get-RegDefault -Hive LocalMachine -Key 'SOFTWARE\Microsoft\Windows N ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Get-RegDefault
A fairly straightforward workaround would be to simply use -ErrorAction SilentlyContinue to suppress the error, as it is non-terminating, however, that is not recommended practice.
The name of the "(Default)" registry key value is actually empty. The reason your original commands returned an error about the value not existing, is because there truly is no key value with the name of "(Default)" unless you maybe created one.
So the most simple and clean way to check for a key's default value is to use the Get-RegValue command and pass an empty string as the value name.
This example shows the result when a legitimate "(Default)" value with data has been found:
PS C:\WINDOWS\system32> (Get-RegValue -Hive LocalMachine -Key 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\InifileMapping\RegEdt32.ini' -Value '').DataUSR:Software\Microsoft\RegEdt32
Here is an example using the key that produced an error previously:
PS C:\WINDOWS\system32> (Get-RegValue -Hive LocalMachine -Key "SOFTWARE\Microsoft\Windows NT\CurrentVersion\InifileMapping" -Value '').Data
As you can see nothing is returned at all because the "Default" value of that key has no data. As a bonus, if the key itself truly did not exist, then you would still be able to detect that by not suppressing errors.