Getting Registry key value

Hello team,

I am trying to create an analysis that will et the value of the regkey described on the restart needed technote (http://www-01.ibm.com/support/docview.wss?uid=swg21506002). However, I am getting the following result below:

Q: if exist (value “PendingFileRenameOperations” of it) of key “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager” of native registry then (value “PendingFileRenameOperations” of key “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager”) as string else "No Available Regkey"
E: Singular expression refers to nonexistent object.

I am comparing the relevance statement I made from this forum thread: Output value of registry key as string

Thanks in advance for any feedback.

Hi,

I use this analysis for Pending Restart information – check it out! Pending Restart - Windows on Github and Pending Restart - Windows on BigFix.me

For your specific question the issue is that you are missing the space in session manager and your second value <string> of key <string> is missing of native registry at the end.

For the optimized relevance take a look at the analysis above.

Bill

This is the general form I use to read ALL registry values in HKLM, just swap out the value name and key path:

unique values of (it as string) of values "PendingFileRenameOperations" of keys "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager" of (x64 registries; x32 registries)

Once you have the raw data, you can go from there. The IF/THEN/ELSE is not needed if you use plural relevance, and this relevance statement will work on both 32bit and 64bit systems.

It is annoying that there are still 32bit windows installs on new hardware sold today, in particular low end Intel Atom tablets.

Hello guys,

Cool. Replacing my original relevance statement with the one below did the trick by correcting the syntax that Bill recommended:

if exist (value “PendingFileRenameOperations” of it) of key “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager” of native registry then (value “PendingFileRenameOperations” of key “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager” of native registry) as string else “No Available Regkey”

The one that you posted also worked, jgstew (with the correction of the missing space in the “SessionManager”). I will try and check this out and do more testing as this one is more general for x64 and x32.

Thank you both for your help :slight_smile: