You can use the C:\windows\system32\reg.exe query parameter.
The parameters of the reg.exe are as follows:
C:\windows\system32> reg.exe/?
REG operation [Parameter List]
Operation [QUERY | ADD | DELETE | COPY | SAVE | LOAD | UNLOAD | RESTORE | COMPARE | EXPORT | IMPORT | FLAGS]
Return code: (except REG COMPARE)
0-Success
1-Failure
To get help on an action, type:
REG operation/?
For example:
REG QUERY/?
REG ADD/?
REG DELETE/?
REG COPY/?
REG SAVE/?
REG RESTORE/?
REG LOAD/?
REG UNLOAD/?
REG COMPARE/?
REG EXPORT/?
REG IMPORT/?
REG FLAGS/?
c:\windows\system32> reg query/?
REG QUERY KeyName [/V [ValueName] |/ve] [/s] [/F Data [/k] [/d] [/C] [/E]] [/t Type] [/z] [/se Separator]
KeyName [\\machine\]fullkey
Machine-the name of the remote computer, omitting the default value of the current machine. On the remote machine
Only HKLM and HKU are available.
FullKey-in ROOTKEY\SubKey name form
Rootkey-[HKLM | HKCU | HKCR | HKU | HKCC]
subkey-The full name of the registry key under the selected ROOTKEY
/v the query for the specific registry key value.
If omitted, all values of the item are queried.
The parameters of this switch are optional only if specified with the/F switch. It specifies
Search only in the value name.
/ve query default or null value name (default).
/s loops over all subkeys and values (such as dir/s).
/SE Specifies a delimiter (only 1 characters in length) for REG_MULTI_SZ in the data string.
The default delimiter is "\".
/f Specifies the data or pattern to search.
If the string contains spaces, use double quotation marks. The default is "*".
/k Specifies that only the item name is searched.
/d specifies that only the data is searched.
/c Specifies case sensitivity when searching.
The default search is case insensitive.
/e Specifies that only exact matches are returned.
The default is to return all matches.
/t Specifies the registry value data type.
The valid values are:
REG_SZ, REG_MULTI_SZ, REG_EXPAND_SZ,
REG_DWORD, Reg_qword, REG_BINARY, Reg_none
The default is all types.
/z Verbose: Displays the numeric equivalent of the value name type.
Example:
REG QUERY hklm\software\microsoft\reskit/v Version
Displays the value of the registry value version
REG QUERY \\abc\hklm\software\microsoft\reskit\nt\setup/s
Displays all subkeys and values on the remote machine ABC, under registry key settings
REG QUERY Hklm\software\microsoft\reskit\nt\setup/se #
Use "#" as the delimiter to display all the value names of all values of type REG_MULTI_SZ.
The subkey and the value.
REG QUERY hklm/f system/t reg_sz/c/E
Displays items, values, and data and data types in case-sensitive form REG_SZ
, in the HKLM directory, the exact number of "SYSTEM" occurrences
REG QUERY hkcu/f 0f/d/t REG_BINARY
Items, values, and data that are displayed in the HKCU root directory, with data type REG_BINARY
The number of "0F" occurrences of the data.
REG QUERY hklm\software/ve
Items, values, and data displayed under HKLM\Software (default)
==================================
See a Powershell App example:
< query current IE version > IE.PS1:
$version = C:\windows\system32\reg.exe Query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer"/V version | Select-string "Version" | Select-string "9.0"
if ($version)
{
info ("IE 9 is already installed, skipping ...");
Return
}
How to query the registry values and Powershell apps