Command To Find Out If a HKEY_USER Path Exists

Question

I need a command to check to see if a users HKEY_USERS registry key path exists or not. I have crafted some code for a static Registry path but I find it challenging to match a Registry path that differs on different machines.

For example, the PowerShell code below will say true or false if the path exists, I need something for the HKEY_USERS unique profile:

Test-Path "HKLM:\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinClientSec"

I would like to check if the

HKEY_USERS\S-1-5-21-2990211406-3548698811-2423315665-500

path exists and one of the challenges is that the value for the HKEY_USERS will change for different machines. I have crafted the following regex to match the unique value:

^S-1-5-21-[0-9]+-[0-9]+-[0-9]+-[0-9]{3,}

However, regex does not work with the Test-Path command on PowerShell. Does anyone know how I could craft a command to check if a users HKEY_USERS path exists using some sort of Windows command with regex?

Answer 1

Or you could just create a new PSDrive to the HKEY_USERS hive (only HKLM: and HKCU: exist by default)

New-PSDrive -PSProvider Registry -Name HKU -Root HKEY_USERS -ErrorAction SilentlyContinue

Test-Path -Path HKU:\S-1-5-21-2990211406-3548698811-2423315665-500

Answer 2

Obtain a reference to the hive root, then call GetSubKeyNames() to see if any subkeys match the pattern:

$BuiltinDomainAdministratorPattern = '^S-1-5-21-[\d\-]+-500$'

$HKU = Get-Item Registry::HKEY_USERS
if($HKU.GetSubKeyNames() -match $BuiltinDomainAdministratorPattern){
    # subkey exists
}