this days I had an issue, where a registry key was missing after a reboot. the registry key was created by an third party software and was needed by an other software part to function well. I created the registry key manually using Powershell or the Registry Editor, and the registry key wasn’t removed.
My workmates and I investigated several hours, for any software or scripts which removes this registry key on the next reboot.
now I found out, that the original software creates the registry key as “volatile” key. Volatile registry keys aren’t saved to the registry database, and lives only inside the memory. As soon, the computer is shutdown, all volatile registry keys are lost. You can’t see this in any built-in Windows GUI or by a default PowerShell CmdLet.
the only way, I found to check this is:
$hklm = [Microsoft.Win32.RegistryKey]::OpenBaseKey('LocalMachine','default')
# creates a volatile registry key
$a = $hklm.OpenSubKey('Software', $true)
$a.CreateSubKey('Test', $true , [Microsoft.Win32.RegistryOptions]::Volatile)
# load a registry key
$b = $hklm.OpenSubKey('SOFTWARE\Test', $true)
# test a registry key is volatile by creating a stable key --> fails if parent is volatile
try {
$b.CreateSubKey('Test-Not-Volatile', $true , [Microsoft.Win32.RegistryOptions]::None)
$KeyIsVolatile = $false
# remove the temporary key again
$b.DeleteSubKeyTree('Test-Not-Volatile')
}
catch {
$KeyIsVolatile = $true
}
return $KeyIsVolatiledon’t forget to remove the test keys, when it’s false