Delete registry value specific to user and contained in user's hive

Question

Trying to get a script to run across my domain to delete a registry value contained in the user's hive.

This is the path it will be located: HKCU:\Software\Microsoft\OfficeCompat\Outlook\AddinCleanLoad\
and
HKCU:\Software\Microsoft\OfficeCompat\Outlook\AddinUsage\

Obviously this will need to be changed for HKEY_USERS + SID when running as another user or remotely. But I don't to search all the existing SID.

This is the registry value that will vary per user: C:\Users\USERNAME\AppData\Roaming\ZeroSpam\adxloader.dll

So find the value within the hive I could use the $env:APPDATA variable in powershell but since i'm deleting the value, I'm going to run as admin so this is not going to work (variable will return path of admin).

So how would I go about in Powershell to search all (note wildcard in SID) HKEY_USERS\S-1-5-21-*\Software\Microsoft\OfficeCompat\Outlook\AddinCleanLoad\ and HKEY_USERS\S-1-5-21-\Software\Microsoft\OfficeCompat\Outlook\AddinUsage\ to find and delete any value of *\AppData\Roaming\ZeroSpam\adxloader.dll ? (the path before the dll is important as another in program file exists and I dont wanna delete that one)

I've tried with no luck: Get-ChildItem -Path "REGISTRY::HKEY_USERS\" -Recurse -Include *\AppData\Roaming\ZeroSpam\* -ErrorAction SilentlyContinue

Answer 1

Managed to do what I want with this:

$path = "REGISTRY::HKEY_USERS\S-1-5-21*\Software\Microsoft\OfficeCompat\Outlook\Addin*"
$values = (Get-Item -Path $path ).GetValueNames() | Where {$_ -like "*\AppData\Roaming\ZeroSpam\*"}
Remove-ItemProperty -Path $path -Name $values[0] -ErrorAction SilentlyContinue
Remove-ItemProperty -Path $path -Name $values[1] -ErrorAction SilentlyContinue