Clarification on Registry Key discoveries

Ran across this in my travels, difficulty getting a monitor to work properly

To clarify some of the registry MP fragments, make sure you follow the whole path

This post is to help with using the Monitor.RegistryValue.Exists.mpx fragment

Example - Verify Registry Key under TestService

This is an excerpt from the MP Fragment header

%%
Description:
    This fragment includes a Monitor which checks for the existence of a registry VALUE
 RegValuePath - needs to be in the format of "SOFTWARE\Microsoft\CCM\HttpPort" or "SYSTEM\CurrentControlSet\Services\CcmExec\Start" as HKLM is assumed
 RegValueName - needs to be the actual Reg VALUE name or your description of it (NO SPACES or special characters allowed) such as "HttpPort"
Version: 1.1
LastModified: 29-May-2017
%%

In the MP Fragment, you substitute the variables

<AttributeName>##RegValueName##</AttributeName>
<Path>##RegValuePath##</Path>

<AttributeName>ObjectName</AttributeName>
<Path>SYSTEM\SysInfo\AppName</Path>

Registry Key = HKLM\SYSTEM\CurrentControlSet\Services\HealthService\Test

Fragment variable (##RegValueName##) = SYSTEM\CurrentControlSet\Services\HealthService\Test

AttributeName or ##RegValueName## is simply whatever you want to call the attribute

Simply the name of the Registry value for my example is Test

Substitute ##RegValueName## for Test

If you're testing in the lab, decrease frequency so you don't have to wait as long

<Frequency>120</Frequency>

Remember to increase the frequency when you're done

Upload MP (don't forget to version your pack!)

Watch Health Explorer and test away adding or removing your key

Helpful testing tips to add a key to the registry and flip the health

reg add "HKLM\System\CurrentControlSet\Services\TestService" /v "Test" /t REG_SZ /d Test

reg delete "HKLM\System\CurrentControlSet\Services\TestService" /v "Test"