PowerShell version 2 is required.

 

Description

This is a set of scripts that get the last write time and class name of a registry key. Each of the scripts sets up a different way to get the information.
The zip file above contains four scripts:

Usage

Using the scripts, there are three ways to get the information.

Method 1: Use Add-RegKeyMember function

 

PowerShell
Edit|Remove
# Using Get-Item: 
PSGet-Item HKLM:\SOFTWARE | Add-RegKeyMember | select Name, LastWriteTime, ClassName 
 
# Using Get-ChildItem: 
PSGet-ChildItem HKLM:\SOFTWARE | Add-RegKeyMember | select Name, LastWriteTime, ClassName 
 
# Passing a path: 
PS> Add-RegKeyMember HKLM:\SOFTWARE | select Name, LastWriteTime, ClassName  

Add-RegKeyMember adds the properties to a Microsoft.Win32.RegistryKey object. To use it, dot source one of the AddRegKeyMember ps1 scripts above (or copy the function definition into another script).

Method 2: Use Get-ChildItem proxy function

 

PowerShell
Edit|Remove
PSdir HKLM:\SOFTWARE | select Name, LastWriteTime, ClassName
The 'GetChildItemProxyFunction.ps1' script defines a proxy function for the built-in Get-ChildItem cmdlet. It should behave exactly the same way as the native cmdlet, except that it will automatically add the LastWriteTime and ClassName parameters whenever a registry path is passed to it. It should work for PowerShell version 2 or higher. In order to use it, you need to make sure that Add-RegKeyMember has already been defined. You can dot source it, or copy the function definition into another script (you can also combine both definitions in one script).

Method 3: Update the Microsoft.Win32.RegistryKey type data to automatically add the information

 

PowerShell
Edit|Remove
PSGet-Item HKLM:\SOFTWARE | select Name, LastWriteTime, ClassName 
 
PSGet-ChildItem HKLM:\SOFTWARE | select Name, LastWriteTime, ClassName
 Using this method looks like the proxy function method, but there is no proxy function. PowerShell will automatically add the two properties to any registry key object.

 

To use it, simply dot source the 'UpdateTypeData_PSv3_and_higher.ps1' script. It should be used by itself without using any of the other methods.

Examples

The following examples will work if you've dot sourced the Add-RegKeyMember and Get-ChildItem combo or the Update-TypeData script. If you're just using Add-RegKeyMember, you'll need to modify the following commands slightly.

 

PowerShell
Edit|Remove
# Get registry keys that have been modified in the last week: 
PSdir HKLM:\SOFTWARE | where { $_.LastWriteTime -gt (Get-Date).AddDays(-7) } 
 
# Get registry keys that have a class name: 
PSdir HKLM:\SYSTEM\CurrentControlSet\Control\Lsa | where { $_.ClassName }