Skip to main content

1E 8.1 (on-premises)

NativeServices.RegistryEnumerateKeys

Method

RegistryEnumerateKeys

Module

NativeServices

Library

Core

Action

Enumerate the subkeys under a registry hive & key.

Parameters

Hive (string): The registry hive which has to match one of the following long or short names, ignoring case:

Long Name

Short Name

HKEY_CLASSES_ROOT

HKCR

HKEY_CURRENT_CONFIG

HKCC

HKEY_CURRENT_USER

HKCU

HKEY_LOCAL_MACHINE

HKLM

HKEY_USERS

HKU

Subkey (string): The registry key to look for.

Recursive (boolean; optional, default false): Whether to descend recursively or not.

Return values

If Hive does not exist then the result is InvalidParameter and this string:

  • Invalid registry hive name: <Hive>

If Subkey has invalid structure then the result is ExecutionError and this string:

  • Invalid syntax

If SubKey exists but cannot be opened by the agent (for any reason) then it is treated as though it does not exist.

IfSubkeydoes not exist then the result isSuccessNoContent.

Otherwise the results issued will have these columns for each subkey found:

  • Name (string): The full path of the a (sub)key found below the Subkey parameter supplied

  • DefaultValue (string): The string value assigned to the (sub)key if set (the value named "(Default)" in RegEdit), or "(value not set)" if not (like RegEdit).

Example

NativeServices.RegistryEnumerateKeys(Hive:"HKLM", Subkey:"software\\vendor", Recursive:true);

Platforms

  • Windows

Notes

The supplied key will appear in the results if it exists, regardless of whether or not it has child keys.

REG_MULTI_SZ values are displayed with a '|' between each string.

There is a limit of 8192 subkeys being returned (plus the key itself, if it exists). This is currently not changeable.

In this section: