-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Detect-RegistryValue.ps1
37 lines (35 loc) · 1.22 KB
/
Detect-RegistryValue.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
<#
.NOTES
===========================================================================
Created on: 2024/02/29
Created by: James Kasparek
Filename: Detect-RegistryValue.ps1
URL: https://github.com/nekkron/PowerShell/
===========================================================================
.DESCRIPTION
Searches if a specified registry Name and Value exists within a specified Path
#>
# Change these variables to meet your detection requirements
$Path = "HKLM:\SYSTEM\CurrentControlSet\Control"
$Name = "DriverVersion"
$Value = "1.2.3"
# Waving the magic wand
$foundMatch = $false
Get-ChildItem -Path $Path -Recurse | ForEach-Object {
$key = $_
$valueNames = $key.GetValueNames()
foreach ($valueName in $valueNames) {
$valueData = $key.GetValue($valueName)
if ($valueName -eq $Name -and $valueData -eq $Value) {
Write-Output "Found a match! '$key' / '$valueName' / '$Value'"
$foundMatch = $true
}
}
}
if ($foundMatch) {
Write-Output "'$Name' with a value of '$Value' was found within: $Path"
exit 0
} else {
Write-Output "'$Name / $Value' was not found anywhere inside '$Path'"
exit 1
}