2016-09-22 12:43:57 +00:00
---
title: About the registry_key Resource
2018-02-16 00:28:15 +00:00
platform: windows
2016-09-22 12:43:57 +00:00
---
# registry_key
Use the `registry_key` InSpec audit resource to test key values in the Windows registry.
2017-10-03 21:35:10 +00:00
<br>
2018-08-09 12:34:49 +00:00
## Availability
### Installation
This resource is distributed along with InSpec itself. You can use it automatically.
### Version
This resource first became available in v1.0.0 of InSpec.
2016-09-27 19:03:23 +00:00
## Syntax
2016-09-22 12:43:57 +00:00
A `registry_key` resource block declares the item in the Windows registry, the path to a setting under that item, and then one (or more) name/value pairs to be tested.
Use a registry key name and path:
describe registry_key('Task Scheduler','HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Schedule') do
its('Start') { should eq 2 }
end
Use only a registry key path:
describe registry_key('Task Scheduler','HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Schedule') do
its('Start') { should eq 2 }
end
Or use a Ruby Hash:
describe registry_key({
name: 'Task Scheduler',
hive: 'HKEY_LOCAL_MACHINE',
2016-11-21 16:14:59 +00:00
key: '\SYSTEM\CurrentControlSet\services\Schedule'
2016-09-22 12:43:57 +00:00
}) do
its('Start') { should eq 2 }
end
2016-09-27 19:03:23 +00:00
### Registry Key Path Separators
2016-09-22 12:43:57 +00:00
A Windows registry key can be used as a string in Ruby code, such as when a registry key is used as the name of a recipe. In Ruby, when a registry key is enclosed in a double-quoted string (`" "`), the same backslash character (`\`) that is used to define the registry key path separator is also used in Ruby to define an escape character. Therefore, the registry key path separators must be escaped when they are enclosed in a double-quoted string. For example, the following registry key:
HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Themes
2018-03-20 12:43:30 +00:00
may be enclosed in a single-quoted string with a single backslash:
2016-09-22 12:43:57 +00:00
'HKCU\SOFTWARE\path\to\key\Themes'
or may be enclosed in a double-quoted string with an extra backslash as an escape character:
"HKCU\\SOFTWARE\\path\\to\\key\\Themes"
2017-04-06 21:43:48 +00:00
<p class="warning">
Please make sure that you use backslashes instead of forward slashes. Forward slashes will not work for registry keys.
</p>
# The following will not work:
# describe registry_key('HKLM/SOFTWARE/Microsoft/NET Framework Setup/NDP/v4/Full/1033') do
# its('Release') { should eq 378675 }
# end
# You should use:
describe registry_key('HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\1033') do
its('Release') { should eq 378675 }
end
2017-10-03 21:35:10 +00:00
<br>
## Examples
The following examples show how to use this InSpec audit resource.
### Test the start time for the Schedule service
2016-09-22 12:43:57 +00:00
2017-10-03 21:35:10 +00:00
describe registry_key('Task Scheduler','HKEY_LOCAL_MACHINE\...\Schedule') do
its('Start') { should eq 2 }
end
2016-09-22 12:43:57 +00:00
2017-10-03 21:35:10 +00:00
where `'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Schedule'` is the full path to the setting.
2016-09-22 12:43:57 +00:00
2017-10-03 21:35:10 +00:00
### Use a regular expression in responses
describe registry_key({
hive: 'HKEY_LOCAL_MACHINE',
key: 'SOFTWARE\Microsoft\Windows NT\CurrentVersion'
}) do
its('ProductName') { should match /^[a-zA-Z0-9\(\)\s]*2012\s[rR]2[a-zA-Z0-9\(\)\s]*$/ }
end
<br>
## Matchers
2018-02-16 03:07:18 +00:00
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
2016-09-22 12:43:57 +00:00
2016-09-27 19:03:23 +00:00
### children
2016-09-22 12:43:57 +00:00
The `children` matcher return all of the child items of a registry key. A regular expression may be used to filter child items:
describe registry_key('Key Name', '\path\to\key').children(regex)
...
end
For example, to get all child items for a registry key:
describe registry_key('Task Scheduler','HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet').children do
it { should_not eq [] }
end
The following example shows how find a property that may exist against multiple registry keys, and then test that property for every registry key in which that property is located:
describe registry_key({
2016-10-25 20:34:30 +00:00
hive: 'HKEY_USERS'
}).children(/^S-1-5-21-[0-9]+-[0-9]+-[0-9]+-[0-9]{3,}\\Software\\Policies\\Microsoft\\Windows\\Installer/).each { |key|
2016-09-22 12:43:57 +00:00
describe registry_key(key) do
its('AlwaysInstallElevated') { should eq 'value' }
end
}
2016-09-27 19:03:23 +00:00
### exist
2016-09-22 12:43:57 +00:00
The `exist` matcher tests if the registry key is present:
it { should exist }
2016-09-27 19:03:23 +00:00
### have_property
2016-09-22 12:43:57 +00:00
The `have_property` matcher tests if a property exists for a registry key:
it { should have_property 'value' }
2016-10-20 10:57:06 +00:00
### have\_property\_value
2016-09-22 12:43:57 +00:00
The `have_property_value` matcher tests if a property value exists for a registry key:
it { should have_property_value 'value' }
2016-09-27 19:03:23 +00:00
### have_value
2016-09-22 12:43:57 +00:00
The `have_value` matcher tests if a value exists for a registry key:
it { should have_value 'value' }
2016-09-27 19:03:23 +00:00
### name
2016-09-22 12:43:57 +00:00
The `name` matcher tests the value for the specified registry setting:
its('name') { should eq 'value' }
2017-04-06 21:43:48 +00:00
<p class="warning">
2018-07-19 19:00:39 +00:00
Any name with a dot will not work as expected: <code>its('explorer.exe') { should eq 'test' }</code>. For details, see <a href="https://github.com/inspec/inspec/issues/1281">https://github.com/inspec/inspec/issues/1281</a>
2017-04-06 21:43:48 +00:00
</p>
# instead of:
# its('explorer.exe') { should eq 'test' }
2018-07-19 19:00:39 +00:00
# either use have_property_value...
2017-04-06 21:43:48 +00:00
it { should have_property_value('explorer.exe', :string, 'test') }
2018-07-19 19:00:39 +00:00
2018-08-09 13:17:05 +00:00
# ...or provide the name in an array
its(['explorer.exe']) { should eq 'test' }
The latter workaround may be preferable because upon failure, Inspec will present the expected and actual values:
inspec> describe registry_key('HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Windows\Control Panel\Desktop') do
inspec> its(["SCRNSAVE.EXE"]) { should eq "FlyingToasters.scr" }
inspec> end
Profile: inspec-shell
Version: (not specified)
Registry Key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Windows\Control Panel\Desktop
× ["SCRNSAVE.EXE"] should eq "FlyingToasters.scr"
expected: "FlyingToasters.scr"
got: "scrnsave.scr"
(compared using ==)
Test Summary: 0 successful, 1 failure, 0 skipped
`have_property_value` only presents a false assertion:
Registry Key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Windows\Control Panel\Desktop
× should have property value "SCRNSAVE.EXE", "FlyingToasters.scr"
expected #has_property_value?("SCRNSAVE.EXE", "FlyingToasters.scr") to return true, got false