Search code examples
powershellregistrygpo

Cannot Get-ItemProperty in Group Policy registry

I need to locate a specific GPO to manually delete it from our machines, due to the pandemic they are at home and outside domain, so I thought about doing it remotely via PS with Intune.

I'm trying to create an script that looks for the DisplayName of the GPO and the deletes it, but it seems like the properties are protected or some other issue, because i cannot find any Property beyond the Group Policy registry.

If i try to do:

Get-ChildItem -Path 'Registry::HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy\History\'

I get something like:

Name Property

---- --------

{3537}

{42B5}

{4CFB}

It does not matter how deep I go beyond that point, it does not show me any Property. I just started with PS and I don't know if there's anything I'm doing wrong, with others registries i got no issue.

¿Any thoughts? :(

At the end I want to have something like:

$path = "Registry::HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy\History\"
$match = "GPO_1234"
Get-ChildItem -Path $path -recurse |
                 ForEach { Get-ItemProperty $_.PSPath } |
                 Where-Object { $_.DisplayName -match $match } | del

But if it cannot match with anything if the Properties cannot be iterated.

Thanks in advance

Solution

  • It's a bit hard without knowing what's in "Group Policy\History" exactly (I have a single DWORD there and that's it, no subkeys at all), but assuming "DisplayName" is the name of a property somewhere and "GPO_1234" is the value of that property, then something like this should work:

    $RegPath = "Registry::HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy\History\"
$Pattern = "GPO_1234"
Get-ChildItem -Recurse $RegPath |
    ForEach-Object { Get-ItemProperty $_.PsPath } |
        Where-Object {
            $_.psobject.Properties.Name -eq 'DisplayName' -and
            $_.psobject.Properties.Value -eq $Pattern
        }

    If you get the matches you want just throw a final | Remove-Item -Force at the end, and if you have any questions about what's going on just ask!

    As a sidenote, you should avoid using aliases like Foreach and del and instead use the real nammes (ie. Foreach-Object and Remove-Item). It will make your scripts easier to read and follow in the long run.

    Especially important with Foreach since it exists with that exact spelling but a completely different syntax as well (foreach ($Item in $Collection) {}).