Here's a pretty cool script I created recently to get a registry value with PowerShell and to ensure multiple registry values are as expected. In this instance, I was setting up a System Center Configuration Manager compliance baseline to check to ensure a GPO was setting a screensaver correctly.

This script first finds the SIDs of all users that are currently logged onto the machine. Once it does that, it then get a registry key with PowerShell and gets a few registry values with PowerShell of what I would expect to see. If the script is able to match all the registry values, it returns $true. If it doesn't match all 3, it will return nothing.

## This is the common registry path across all values I'm checking
$RegistryPath = 'SoftwarePoliciesMicrosoftWindowsControl PanelDesktop'

## These are all the value names and values I expect to see. Add as many as you like here.
$RegistryValues = @{
    'ScreenSaveActive' = '1';
    'ScreenSaveTimeOut' = '900';
    'SCRNSAVE.EXE' = '\domain.localdfsadcscreensaver.scr';
}

## Create a drive for HKU if it's not already loaded since it's not loaded by default
if (!(Get-PSDrive HKU -ErrorAction SilentlyContinue)) {
    New-PSDrive -Name HKU -PSProvider Registry -Root Registry::HKEY_USERS | Out-Null
}

## Find the SIDs of all the logged on users (all loaded registry hives)
$logged_on_sids = gci HKU: | ? {$_.Name -match 'S-d-d+-(d+-){1,14}d+$' } | % { $_.Name.Replace('HKEY_USERS','') }

## Check to ensure each registry value has the correct values 
$logged_on_sids | foreach { 
    $sid = $_
    if (($RegistryValues.GetEnumerator() | where { ((Get-ItemProperty "HKU:$sid$RegistryPath" -Name $_.Key -ErrorAction SilentlyContinue).($_.Key) -eq $_.Value) }).Count -eq $RegistryValues.Count) {
        $true
    }
}

Join the Jar Tippers on Patreon

It takes a lot of time to write detailed blog posts like this one. In a single-income family, this blog is one way I depend on to keep the lights on. I'd be eternally grateful if you could become a Patreon patron today!

Become a Patron!