What time is it? It's reg time!
Nothing new by any means, however new to me today. I've been doing Windows command line administration for years. I'm big into automation, repeatability, check and balances, etc. I kind of wish I was compensated by the number of reg.exe commands I ran over the years.
While troubleshooting application behavior, a key piece of information is when the registry is updated. For example, was the value set at installation time or later during a configuration step? There is not an easy command line way to get the "Last Write Time" value from registry keys. Not saying it can't be done - it is just difficult information to get through the Windows API even with PowerShell.
What I learned today is that through the regedit gui, simply export the key as a .txt file.
The information is in the file:
Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
Class Name: <NO CLASS>
Last Write Time: 10/2/2019 - 10:47 AM
In the past, I've always exported a .reg file which is the default. Never a .txt file.
I actually used this today to determine which AV policy was setting a value by tying an Event Log entry to a "Last Write Time" of a registry key. I don't even have access to the AV server!
Here is to learning something new and making the IT world a better place. One experience at a time.
If you like this site, help us out.
Spread the word and share it with others!