--- title: About the registry_key Resource --- # registry_key Use the `registry_key` InSpec audit resource to test key values in the Windows registry. ## Syntax A `registry_key` resource block declares the item in the Windows registry, the path to a setting under that item, and then one (or more) name/value pairs to be tested. Use a registry key name and path: describe registry_key('Task Scheduler','HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Schedule') do its('Start') { should eq 2 } end Use only a registry key path: describe registry_key('Task Scheduler','HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Schedule') do its('Start') { should eq 2 } end Or use a Ruby Hash: describe registry_key({ name: 'Task Scheduler', hive: 'HKEY_LOCAL_MACHINE', key: ''\SYSTEM\CurrentControlSet\services\Schedule' }) do its('Start') { should eq 2 } end ### Registry Key Path Separators A Windows registry key can be used as a string in Ruby code, such as when a registry key is used as the name of a recipe. In Ruby, when a registry key is enclosed in a double-quoted string (`" "`), the same backslash character (`\`) that is used to define the registry key path separator is also used in Ruby to define an escape character. Therefore, the registry key path separators must be escaped when they are enclosed in a double-quoted string. For example, the following registry key: HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Themes may be encloused in a single-quoted string with a single backslash: 'HKCU\SOFTWARE\path\to\key\Themes' or may be enclosed in a double-quoted string with an extra backslash as an escape character: "HKCU\\SOFTWARE\\path\\to\\key\\Themes" ## Matchers This InSpec audit resource has the following matchers: ### be <%= partial "/shared/matcher_be" %> ### children The `children` matcher return all of the child items of a registry key. A regular expression may be used to filter child items: describe registry_key('Key Name', '\path\to\key').children(regex) ... end For example, to get all child items for a registry key: describe registry_key('Task Scheduler','HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet').children do it { should_not eq [] } end The following example shows how find a property that may exist against multiple registry keys, and then test that property for every registry key in which that property is located: describe registry_key({ hive: HKEY_USERS }).children(/^S-1-5-21-[0-9]+-[0-9]+-[0-9]+-[0-9]{3,}\\Software\\Policies\\Microsoft\\Windows\\Installer/).each { |key| describe registry_key(key) do its('AlwaysInstallElevated') { should eq 'value' } end } ### cmp <%= partial "/shared/matcher_cmp" %> ### eq <%= partial "/shared/matcher_eq" %> ### exist The `exist` matcher tests if the registry key is present: it { should exist } ### have_property The `have_property` matcher tests if a property exists for a registry key: it { should have_property 'value' } ### have\_property\_value The `have_property_value` matcher tests if a property value exists for a registry key: it { should have_property_value 'value' } ### have_value The `have_value` matcher tests if a value exists for a registry key: it { should have_value 'value' } ### include <%= partial "/shared/matcher_include" %> ### match <%= partial "/shared/matcher_match" %> ### name The `name` matcher tests the value for the specified registry setting: its('name') { should eq 'value' } ## Examples The following examples show how to use this InSpec audit resource. ### Test the start time for the Schedule service describe registry_key('Task Scheduler','HKEY_LOCAL_MACHINE\...\Schedule') do its('Start') { should eq 2 } end where `'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Schedule'` is the full path to the setting. ### Use a regular expression in responses describe registry_key({ hive: 'HKEY_LOCAL_MACHINE', key: 'SOFTWARE\Microsoft\Windows NT\CurrentVersion' }) do its('ProductName') { should match /^[a-zA-Z0-9\(\)\s]*2012\s[rR]2[a-zA-Z0-9\(\)\s]*$/ } end