Posted on June 2, 2017 · Posted in Powershell

How to Access and Manage Windows Registry with PowerShell

Starting from its first version, PowerShell offers an administrator an extensive set of tools to interact with Windows system registry. If necessary, all typical operations with the registry can be performed not in the good old  Regedit interface, or reg.exe, but in PowerShell command prompt. In different scripts and scenarios it is indispensable. In this article, we’ll consider how to create, edit or delete keys and parameters of Windows registry, search something or connect to the registry on a remote computer using PowerShell.

Registry Navigation Using PowerShell

Working with the registry in PowerShell is similar to working with common files on a local disk.

Display the list of available drives:

get-psdrive

get-psdrive

As you can see, the built-in provider allows to get access to the contents of two branches of the registry: HKEY_CURRENT_USER (HKCU) and HKEY_LOCAL_MACHINE (HKLM). The branches of the registry are addressed like drives (HKLM:\ and HKCU:\). For example, to go to the root of HKLM, run this command:

cd HKLM:\

You can go to the specific branch of the registry (for example, to the one responsible for the settings of automatic driver updates) using Set-Location command (alias — sl)

Set-Location -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DriverSearching

Display the contents of the key:

dir

Or

Get-ChildItem

Get-ChildItem hklm

Open the same branch in the Registry Editor. As you can see, the command has displayed only the information about the subkeys, not the parameters of the current branch.

registry item

The matter is that, from PowerShell point of view, a registry branch (a key) is a file analog, and the parameters stored in this registry key are the properties of this file.

So, to get the parameters of this branch, use Get-Item cmdlet:

Get-Item .
Or
Get-Item -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DriverSearching

get-item registry

As you can see, DriverSearching key has only one parameter – SearchOrderConfig with its value equal to 0.

To address the specific key parameter, Get-ItemProperty cmdlet is used. For example, assign the contents of the branch to variable and get the value of the parameter:

$DriverUpdate = Get-ItemProperty –Path ‘HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DriverSearching’
$DriverUpdate.SearchOrderConfig

Get-ItemProperty

We have got that the value of SearchOrderConfig parameter is equal to 1.

How to Change the Registry Value

To change the value of SearchOrderConfig parameter, use Set-ItemProperty cmdlet:

Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DriverSearching' -Name SearchOrderConfig -Value 0

Make sure that the value has changed:

Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DriverSearching' -Name SearchOrderConfig

Set-ItemProperty

How to Create a New Register Key or Parameter

To add a new registry key, use New-Item command. Create a new key with the name NewKey:

$HKCU_Desktop= "HKCU:\Control Panel\Desktop"
New-Item –Path $HKCU_Desktop –Name NewKey

Add a new string parameter with the name SuperParamString and the value file_name.txt for the created key:

New-ItemProperty -Path $HKCU_Desktop\NewKey -Name "SuperParamString" -Value ”file_name.txt”  -PropertyType "String"

Make sure that the new key and parameter have appeared in the registry.

powershell create registry parameter

Deleting a Registry Key or Parameter

Remove the parameter SuperParamString created earlier:

$HKCU_Desktop= "HKCU:\Control Panel\Desktop"
Remove-ItemProperty –Path $HKCU_Desktop\NewKey –Name "SuperParamString"

Then delete the entire branch:

Remove-Item –Path $HKCU_Desktop\NewKey –Recurse

Note. –Recurse key shows that all subkeys have to be removed recursively without confirmation.

To remove all items in the branch, but not the branch itself, the command looks like this:

Remove-Item –Path $HKCU_Desktop\NewKey\* –Recurse

How to Rename a Key or a Parameter

To rename the parameter use this command:

Rename-ItemProperty –path ‘HKCU:\Control Panel\Desktop\NewKey’ –name "SuperParamString" –newname “OldParamString”

In the same way, you can rename the registry key:

Rename-Item -path 'HKCU:\Control Panel\Desktop\NewKey' OldKey

Search the Registry Using PowerShell

PowerShell allows you to search registry. The next script searches the HKCU:\Control Panel\Desktop the parameters, whose names contain the *dpi* key.

$Path = (Get-ItemProperty ‘HKCU:\Control Panel\Desktop’)
$Path.PSObject.Properties | ForEach-Object {
If($_.Name -like '*dpi*'){
Write-Host $_.Name ' = ' $_.Value
}
}

Remote Access to the Registry Using PowerShell

PowerShell allows you to access the registry from of a remote computer. You can connect to a remote computer either using WinRM (Invoke-Command or Enter-PSSession):

Invoke-Command –ComputerName srv-fs1 –ScriptBlock { Get-ItemProperty -Path 'HKLM:\System\Setup' -Name WorkingDirectory}

Or using remote registry connection (RemoteRegistry must be enabled)

$Server = "lon-fs1"
$Reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $Server)
$RegKey= $Reg.OpenSubKey("System\Setup")
$RegValue = $RegKey.GetValue("WorkingDirectory")

Tip. If you have to create/modify a certain registry parameter on a number of domain computers, it easier to use GPO features.

So, we looked at typical examples of using PowerShell to interract with the Windows registry.

Previous:
Next:
Related Articles