{"id":51883,"date":"2009-12-02T00:01:00","date_gmt":"2009-12-02T00:01:00","guid":{"rendered":"https:\/\/blogs.technet.microsoft.com\/heyscriptingguy\/2009\/12\/02\/hey-scripting-guy-can-i-use-the-registry-to-retrieve-a-list-of-the-most-recently-run-programs\/"},"modified":"2009-12-02T00:01:00","modified_gmt":"2009-12-02T00:01:00","slug":"hey-scripting-guy-can-i-use-the-registry-to-retrieve-a-list-of-the-most-recently-run-programs","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/scripting\/hey-scripting-guy-can-i-use-the-registry-to-retrieve-a-list-of-the-most-recently-run-programs\/","title":{"rendered":"Hey, Scripting Guy! Can I Use the Registry to Retrieve a List of the Most Recently Run Programs?"},"content":{"rendered":"

\"Bookmark<\/a><\/p>\n

<\/span> <\/p>\n

<\/p>\n

\"Hey,<\/p>\n

Hey, Scripting Guy! When I work on a computer, I often run many commands. I generally use Run<\/b> from the Start menu to launch these programs. When I am finished, I use a script I copied from the Scripting Guys archive<\/a> to display all the commands that I ran and then I save them in a Notepad file. However, that script no longer works on Windows 7. Because Windows 7 contains Windows PowerShell 2.0, I am wondering if you could convert that old VBScript script to Windows PowerShell for me. Pretty please?<\/p>\n

<\/span><\/p>\n

— KE
<\/p>\n

<\/span><\/p>\n

\"Hey,Hello KE, <\/span><\/p>\n

Microsoft Scripting Guy Ed Wilson here. It is the day after Thanksgiving<\/a> in the United States as I am answering your e-mail. I feel a little sluggish due to an overdose of carbs. I have had two pots of English Breakfast tea this morning, and I still feel sleepy. <\/p>\n

<\/span><\/p>\n

But, KE, your e-mail intrigued me, so it pulled me to action. The script you refer to reads the registry and performs a little cleanup of the data that is contained there. The ReadMostRecentlyRunCommands.vbs script from that post is seen here. <\/p>\n

<\/span><\/p>\n

ReadMostRecentlyRunCommands.vbs<\/p>\n

<\/strong><\/span><\/p>\n

Const HKEY_CURRENT_USER = &H80000001
 
strComputer = “.”
 
Set objRegistry = GetObject(“winmgmts:\\” & strComputer & “rootdefault:StdRegProv”)<\/p>\n

strKeyPath = “SoftwareMicrosoftWindowsCurrentVersionExplorerRunMRU”
objRegistry.EnumValues HKEY_CURRENT_USER, strKeyPath, arrValueNames, arrValueTypes
 
For Each strValue in arrValueNames
    If Len(strValue) = 1 Then
        objRegistry.GetStringValue HKEY_CURRENT_USER,strKeyPath,strValue,strRunCommand
        intLength = Len(strRunCommand)
        strRunCommand = Left(strRunCommand, intLength – 2)
        Wscript.Echo strRunCommand
    End If  
Next<\/p>\n

<\/font><\/font><\/span><\/p>\n

There is no magic in Windows PowerShell. If the VBScript script will not work, rewriting it in Windows PowerShell will not work either. To fix something that was broken because of a change in the operating system, you would need to discover a new approach. When I ran the ReadMostRecentlyRunCommands.vbs script, it returned the error seen here:<\/p>\n

<\/span><\/p>\n

\"Image<\/font><\/a><\/p>\n


The “Object not a collection” error occurs in VBScript when the script tries to use For…Each…Next<\/b> to walk through something that either does not exist or is a single item. The error is displayed because the object is not a collection or an array. When I checked the registry, I saw that the RunMRU<\/b> registry key was empty. This is shown here:<\/p>\n

<\/span><\/p>\n

\"Image<\/font><\/a><\/p>\n


Then it dawned on me: In Windows 7 (as in Windows Vista), the Start\/Run<\/b> menu item is not enabled because you use the Search Programs and Files box to launch programs. To add the Run<\/b> command, right-click the Start<\/b> button, click Properties<\/b>, click Customize<\/b>, and select the Run command<\/b> check box (near the bottom of the list). This is shown here: <\/p>\n

<\/span><\/p>\n

\"Image<\/font><\/a><\/p>\n


After the Run<\/b> command is added and you run a couple of programs, the ReadMostRecentlyRunCommands.vbs script will work. KE, now we can set about translating your VBScript script into Windows PowerShell. <\/p>\n

<\/span><\/p>\n

Rather than use the WMI StdRegProv<\/b> WMI class that was used in the ReadMostRecentlyRunCommands.vbs script, we will use the Windows PowerShell Registry provider. Instead of using the Len<\/b> and Left<\/b> string manipulation functions, we will use regular expressions. The net result is the GetMostRecentlyRunPrograms.ps1 script. <\/p>\n

<\/span><\/p>\n

GetMostRecentlyRunPrograms.ps1<\/p>\n

<\/strong><\/span><\/p>\n

$MRUregKey = “HKCU:SoftwareMicrosoftWindowsCurrentVersionExplorerrunmru”
Get-Itemproperty $MRUregKey |
ForEach-Object {
 $_.psbase.members |
 Where-Object { $_.name.length -eq 1 } |
 ForEach-Object { [regex]::match($_.value,”w*”).value }
} #end foreach-object<\/p>\n

<\/font><\/font><\/span><\/p>\n

The GetMostRecentlyRunPrograms.ps1 script begins by assigning the registry key to the $MRUregKey<\/b> variable. The HKCU:<\/b> Windows PowerShell drive is rooted in the HKEY_CURRENT_USER<\/b> registry hive. The Get-ItemProperty<\/b> cmdlet returns all of the values contained in the registry key. In reality, the information about the previously run commands is contained in the results of this one-line command. However, the display is not very clean. This is shown here:<\/p>\n

<\/span><\/p>\n

PS C:> Get-ItemProperty “HKCU:SoftwareMicrosoftWindowsCurrentVersionExplorerrunmru”<\/p>\n


PSPath       : Microsoft.PowerShell.CoreRegistry::HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer
               runmru
PSParentPath : Microsoft.PowerShell.CoreRegistry::HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer
PSChildName  : runmru
PSDrive      : HKCU
PSProvider   : Microsoft.PowerShell.CoreRegistry
a            : notepad1
MRUList      : cba
b            : calc1
c            : regedit1<\/p>\n

PS C:><\/p>\n

<\/font><\/span><\/p>\n

As you can see, the registry values a, b and c contain the most recently run programs. The MRUList<\/b> value keeps track of each of the entries to avoid duplication. If you run Notepad five times, there will still only be one entry for Notepad: item a. <\/p>\n

<\/span><\/p>\n

The results of the Get-ItemProperty<\/b> cmdlet are piped down the pipeline for further processing. This is shown here:<\/p>\n

<\/span><\/p>\n

Get-Itemproperty $MRUregKey |<\/p>\n

<\/font><\/span><\/p>\n

Because there could be multiple registry values to be processed, the ForEach-Object<\/b> cmdlet is used. The code block opens with a curly bracket; it is important to remember to close the curly bracket when all the code is written. To keep from forgetting to close the curly bracket, I always type the closing bracket at the same time I type the opening bracket. This is shown here:<\/p>\n

<\/span><\/p>\n

ForEach-Object {<\/p>\n

}<\/p>\n

<\/font><\/span><\/p>\n

The action we wish to perform on each item in the collection is placed between the curly brackets. Because the name of the property is not directly accessible from the custom Windows PowerShell object that is created by the Get-ItemProperty<\/b> cmdlet, it is necessary to reference the underlying Windows PowerShell object. To do this, use the psbase<\/b> property and choose the members of that base object. We pipe these for further processing. This is seen here:<\/p>\n

<\/span><\/p>\n

$_.psbase.members |<\/p>\n

<\/font><\/span><\/p>\n

Now we want to choose property names that are only one character in length. We can access the name<\/b> property from the collection of members of the psbase<\/b> object. This is done by using the $_<\/b> automatic variable. The $_<\/b> automatic variable refers to the current item on the pipeline. The name<\/b> property has the length<\/b> property. If the name is one character in length, it gets piped down the pipeline for further processing. This is shown here:<\/p>\n

<\/span><\/p>\n

Where-Object { $_.name.length -eq 1 } |<\/p>\n

<\/font><\/span><\/p>\n

It is now time to remove the backward slash (<\/b>) and the number character (#<\/b>). To do this, we once again need to use the ForEach-Object<\/b> cmdlet because we want to walk through all the one-character property names that were found in the previous command. We again use the $_<\/b> automatic variable to refer to the current object on the pipeline, and this time we use the [regex]<\/b> type accelerator to allow us to find objects that match the regular expression pattern “w*<\/b>”. The w<\/b> pattern will match lowercase letters, uppercase letters, and numbers. But because the numbers, in our example are separated by the backward slash, our pattern will work. To test the pattern, you can work interactively on the Windows PowerShell console. This is seen here:<\/p>\n

<\/span><\/p>\n

PS C:> $a = “notepad1”
PS C:> [regex]::match($a,”w*”)<\/p>\n


Groups   : {}
Success  : True
Captures : {}
Index    : 0
Length   : 0
Value    :<\/p>\n

PS C:><\/p>\n

<\/font><\/span><\/p>\n

The completed ForEach-Object<\/b> command is shown here:<\/p>\n

<\/span><\/p>\n

ForEach-Object { [regex]::match($_.value,”w*”).value }<\/p>\n

<\/font><\/span><\/p>\n

When the script runs, the following output is displayed on my computer:<\/p>\n

<\/span><\/p>\n

PS C:Usersed.NWTRADERS> C:dataScriptingGuysGetMostRecentlyRunPrograms.ps1
notepad
calc
regedit<\/p>\n

<\/font><\/span><\/p>\n

KE, that is all there is to using the registry to retrieve a listing of the most recently run programs. Registry Week will continue tomorrow when we will talk about…wait a minute. <\/p>\n

<\/span><\/p>\n

If you want to know exactly what we will be looking at tomorrow, follow us on Twitter<\/a> or Facebook<\/a>. If you have any questions, send e-mail to us at scripter@microsoft.com<\/a> or post your questions on the Official Scripting Guys Forum<\/a>. See you tomorrow. Until then, peace.<\/p>\n

<\/span><\/p>\n

 <\/p>\n

<\/span><\/p>\n

Ed Wilson and Craig Liebendorfer, Scripting Guys<\/p>\n

<\/span><\/b><\/p>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

  Hey, Scripting Guy! When I work on a computer, I often run many commands. I generally use Run from the Start menu to launch these programs. When I am finished, I use a script I copied from the Scripting Guys archive to display all the commands that I ran and then I save them […]<\/p>\n","protected":false},"author":595,"featured_media":87096,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[31,26,174,3,4,45],"class_list":["post-51883","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-scripting","tag-operating-system","tag-registry","tag-regular-expressions","tag-scripting-guy","tag-scripting-techniques","tag-windows-powershell"],"acf":[],"blog_post_summary":"

  Hey, Scripting Guy! When I work on a computer, I often run many commands. I generally use Run from the Start menu to launch these programs. When I am finished, I use a script I copied from the Scripting Guys archive to display all the commands that I ran and then I save them […]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/51883","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/users\/595"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/comments?post=51883"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/51883\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media\/87096"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media?parent=51883"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/categories?post=51883"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/tags?post=51883"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}