Problem
You want to automate the configuration of a program, but that program does not document its registry configuration settings.
Solution
To discover a registry setting for a program, use Sysinternals’ Process Monitor to observe registry access by that program. Process Monitor is available from http:// www.microsoft.com/technet/sysinternals/FileAndDisk/processmonitor.mspx.
Discussion
In an ideal world, all programs would fully support commandline administration and configuration through PowerShell cmdlets. Many programs do not, however, so the solution is to look through their documentation in the hope that they list the registry keys and properties that control their settings. While many programs document their registry configuration settings, many still do not.
Although these programs may not document their registry settings, you can usually observe their registry access activity to determine the registry paths they use. To illustrate this, we will use the Sysinternals’ Process Monitor to discover PowerShell’s execution policy configuration keys. Although PowerShell documents these keys and makes its automated configuration a breeze, it illustrates the general technique.
Tell Process Monitor to begin capturing information
Switch to the Process Monitor window, and then press CtrlE (or click the magnifying glass icon). Process Monitor now captures all registry access for the program in question.
Manually set the configuration option
Click OK, Apply, or whatever action it takes to actually complete the program’s configuration. For the PowerShell example, this means pressing Enter.
Tell Process Monitor to stop capturing information
Switch again to the Process Monitor window, and then press CtrlE (or click the magnifying glass icon). Process Monitor now no longer captures the application’s activity.
Review the capture logs for registry modification
The Process Monitor window now shows all registry keys that the application interacted with when it applied its configuration setting.
Press CtrlF (or click the binoculars icon); then search for RegSetValue. Process Monitor highlights the first modification to a registry key.
Press Enter (or doubleclick the highlighted row) to see the details about this specific registry modification. In this example, we can see that PowerShell changed the value of the ExecutionPolicy property (under HKLM:\Software\Microsoft\PowerShell\1\ ShellIds\Microsoft.PowerShell)to RemoteSigned. Press F3 to see the next entry that corresponds to a registry modification.
Automate these registry writes
Now that you know all registry writes that the application performed when it updated its settings, judgment and experimentation will help you determine which modifications actually represent this setting. Since PowerShell only performed one registry write (to a key that very obviously represents the execution policy), the choice is pretty clear in this example.
Once you’ve discovered the registry keys, properties, and values that the application uses to store its configuration data, you can use the techniques discussed in Article
PS >$key = "HKLM:\Software\Microsoft\PowerShell\1\" + >> "ShellIds\Microsoft.PowerShell" >> PS >SetItemProperty $key ExecutionPolicy AllSigned PS >GetExecutionPolicy AllSigned PS >SetItemProperty $key ExecutionPolicy RemoteSigned PS >GetExecutionPolicy RemoteSigned
