Registry Scanner

The Registry Scanner in PDQ Connect enables IT administrators to scan a registry location and view the keys and values in that location. 

Configuring a Registry Scanner

To create a registry scanner, click the "More" button on the left navigation menu and then click "Custom scanners" from the dropdown. From the resulting Scanners page, click "Create scanner" and then select "Registry" as the type. Below is an overview of how to configure each option. 

Name: The name of the scanner. This can be seen as a column on the Registry tab of a device, useful to identify which scanner was used to locate a specific registry object. 

Type: Select "Registry" to specify the current scanner as a registry scanner. 

Hive: The Hive dropdown offers two options to select from: HKEY_LOCAL_MACHINE and HKEY_USERS. Currently, other registry hives such as HKEY_CURRENT_CONFIG and HKEY_CURRENT_USER are not supported by the registry scanner. 

Path: The parent registry key where the registry value or subkey is located. Multiple paths may be entered by adding each path on a new line. 

 

PDQ Connect automatically adds a backslash on both ends of the path when it runs a registry scan. In order for the scanner to succeed, it is important that the path does not start or end with a backslash.

Search subkeys: Select this option to recursively search all keys below the specified path(s). 

Scope: Defines the type of object that will be returned by the registry scanner. Selecting "Key" will only return registry keys, while "Value" will only return registry values. It is possible to select both options at once. 

Match Type: Used to specify criteria that must be met in order for a registry object to be returned by a scan. By default, the match type is set to "All" and will return all results found within the selected scope. 

 

String values entered for the match type only apply to the registry subkey or value shown under the "Name" column on the Registry tab. Match type does not apply to the registry hive or path. 

Viewing Registry Scan Results

The findings of all registry scanners can collectively be viewed by clicking on a device and selecting the "Registry" tab. Note that if you have never created a custom registry scanner or no results have been found by any existing scanner, the page will display "No rows." 

Each column header on the registry tab corresponds to a distinct element of a registry object. While administrators often informally use the term ‘Registry Key’ as a catchall when referring to multiple registry components, PDQ Connect assigns precise terminology for each individual element.

  • Object type: Specifies if the object is a registry value or a registry key. 
  • Hive: Identifies the root location of the registry path. Possible locations are HKEY_LOCAL_MACHINE and HKEY_USERS. 
  • Path: The parent registry key where the registry subkey or value is located. 
  • Name: The child registry key or the registry value, defined by object type. 
  • Value type: The type of registry value, such as String or DWORD. Does not apply to registry keys.
  • Value data: The data contained instead a registry value. Does not apply to registry keys.
  • Scanner: The name of the registry scanner that PDQ Connect used to locate the registry key or value.

Scan for a Registry Key

To scan for the existence of a specific registry key: 

  1. Select the Hive where the key exists
  2. Enter the parent path that contains the key. 
  3. Select "Key" as the scope
  4. Select the "Contains" or "Equals" for the Match type.
  5. Enter the name of the registry key. 
  6. Hit Save

Example: 

The illustration to the right displays how to configure a registry scanner to search for the existence of the following registry key. Note that "Protocol" is the target registry key, and therefore not included in the Path.

Registry Key Name: Protocol

Registry Key Location:

HKEY_LOCAL_MACHINE\SOFTWARE\Admin Arsenal\PDQ Deploy\Protocol  

When the scanner is saved, PDQ Connect will beginning scanning systems for the existence of the registry key. For any machine where the key is found, the results will be recorded in the device details tab that device under the Registry tab as shown below. 

Scan for a Registry Value

To scan for the existence of a specific registry value: 

  1. Select the Hive where the key exists
  2. Enter the parent path that contains the registry value. 
  3. Select "Value" as the scope
  4. Select the "Contains" or "Equals" for the Match type.
  5. Enter the name of the registry value. 
  6. Hit Save

Example: 

The illustration to the right displays how to configure a registry scanner to search for the existence of the following registry value. Note that because the target is now a registry value and not a registry key, the entire key is used for the path, and the value is used for the Match type string. 

Registry Value Name: UseKerberos

Registry Value Location: HKEY_LOCAL_MACHINE\SOFTWARE\Admin Arsenal\PDQ Deploy\Protocol

When the scanner is saved, PDQ Connect will beginning scanning systems for the existence of the registry value. For any machine where the value is found, the results will be recorded in the device details tab that device under the Registry tab as shown below. 

FAQ

The following are some commonly asked questions when working with Registry Scanners. 

Question: Can I create Groups and Filter devices based on the results of a registry scan? 

  • Answer: Yes. "Registry" can be selected as the data source when creating a group or filter. Available items that can be filtered on are Hive, Name, Object type, Path, Value type, Value data, and Scanner name. See Creating Groups from Custom Scans for more information. 

Question: Can I create reports based on the results of a registry scan? 

  • Answer: Yes, the same items available for use in a filter can be used in a report. Select "Registry" as the source column and then select the desired columns. 

Question: Can I scan for specific data in a registry value? 

  • Answer: It is not possible to use value data as a match string in a registry scanner, only the value name. In order to view devices that contain specific value data, create a scanner that uses the name of the value as the match string. From there, create a group or report that filters on the "Value data" column. 

Question: Can I use wildcards in a registry path? 

  • Answer: Wildcards are not supported in registry scanners. While it may be possible to use an asterisk in some parts of the path, the scanner was not designed with this functionality in mind and may yield inconsistent results. 

 

Still have a question or want to share what you have learned? Visit our Community Discord to get help and collaborate with others.