Search code examples
powershellregistryadministration

PS Script for filtering registry installed programs

I'm an IT administrator in my company and im trying to find out if people installed things they shouldn't have...

To do that, im using PS to access the registry and output a list of values from the Uninstall key. however, i am only starting to use Powershell, and am very new to it.

Eventually i want this script to go over the entire Domain and look into the registry values and output a list of programs that are not supposed to be installed.

the script i've written so far: 

$path = "HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\"

Get-ChildItem -Path $path | Get-ItemProperty -Name DisplayName

and it's output:

DisplayName  : Intel(R) Chipset Device Software
PSPath       : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C965318A-AA36-4F94-9ED5-AE5391F452B2}
PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
PSChildName  : {C965318A-AA36-4F94-9ED5-AE5391F452B2}
PSProvider   : Microsoft.PowerShell.Core\Registry

DisplayName  : Intel(R) ME UninstallLegacy
PSPath       : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DF17C0DB-76D8-4A45-B26E-674F8455B803}
PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
PSChildName  : {DF17C0DB-76D8-4A45-B26E-674F8455B803}
PSProvider   : Microsoft.PowerShell.Core\Registry

DisplayName  : VMware Workstation
PSPath       : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F4C0A853-FA3B-4404-954B-799299EB5A98}
PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
PSChildName  : {F4C0A853-FA3B-4404-954B-799299EB5A98}
PSProvider   : Microsoft.PowerShell.Core\Registry

very basic i know, but it does output the list i want it to, but no matter how much i mess around with the filter or exclude cmdlets, i cant manage to make it leave out of the list registry keys that i know should be there.

now lets say i know and am fine with Intel chipset and Intel ME uninstall legacy, so i dont want them to show up on the list, but i'm not fine with VMware workstation, so i do want it to show up when i run the script, how do i do that?

Solution

  • Get a list of all display names (sorted for better manipulation in the next step):

    (Get-ChildItem -Path $path | Get-ItemProperty -Name DisplayName -ErrorAction SilentlyContinue).DisplayName | Sort

    Then, copy obtained list to $allowed here string in the following code snippet (however you can add or remove some items here):

    $allowed = @"
Intel(R) Chipset Device Software
Intel(R) ME UninstallLegacy
Intel® Trusted Connect Service Client
Microsoft Silverlight
NVIDIA 3D Vision Driver 376.53
NVIDIA Control Panel 376.53
NVIDIA Display Container
NVIDIA Display Container LS
NVIDIA Graphics Driver 376.53
NVIDIA HD Audio Driver 1.3.34.17
Windows App Certification Kit Native Components
"@ -split [System.Environment]::NewLine

$path = "HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\"

(Get-ChildItem -Path $path | 
    Get-ItemProperty -Name DisplayName -ErrorAction SilentlyContinue).DisplayName |
     Where-Object {$_ -notin $allowed} | Sort