Managing Registry with PowerShell
Managing registry with PowerShell: Registry keys are items on Windows PowerShell drives, working with them is very similar to working with files and folders. Registry entries are properties of keys and, as such, cannot be directly browsed, we need to take a slightly different approach when working with them. PowerShell is a powerful scripting language that can be used to manage the Windows registry. You can create, modify, and delete registry keys and values using various cmdlets. Here is a brief overview of how to perform common registry management tasks with PowerShell.
Playing with Windows Registry is dangerous and sometimes may cause system damage. Only proceed if you know what you are doing. First try on test servers with proper registry backup.
Get list of available providers:
PS C:\Temp> Get-PSDrive
Name Used (GB) Free (GB) Provider Root CurrentLocation
---- --------- --------- -------- ---- ---------------
Alias Alias
C 126.24 112.22 FileSystem C:\ Temp
Cert Certificate \
D 38.72 892.80 FileSystem D:\
E 196.21 735.31 FileSystem E:\
Env Environment
Function Function
HKCU Registry HKEY_CURRENT_USER
HKLM Registry HKEY_LOCAL_MACHINE
Variable Variable
WSMan WSManListing All Subkeys of a Registry Key:
PS C:\>Get-ChildItem -Path HKCU:\ | Select-Object Name
Name
----
HKEY_CURRENT_USER\AppEvents
HKEY_CURRENT_USER\Console
HKEY_CURRENT_USER\Control Panel
HKEY_CURRENT_USER\Environment
HKEY_CURRENT_USER\EUDC
HKEY_CURRENT_USER\Keyboard Layout
HKEY_CURRENT_USER\Network
HKEY_CURRENT_USER\Printers
HKEY_CURRENT_USER\SOFTWARE
HKEY_CURRENT_USER\System
HKEY_CURRENT_USER\Uninstall
HKEY_CURRENT_USER\Volatile EnvironmentIf you use Get-ChildItem -Path hkcu:\ , this will display Name and Property.
The following command will copy all Keys and properties in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion1
PS C:\> Copy-Item -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion' -Destination 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion1'
Creating Keys
Creating new keys in the registry is simpler than creating a new item in a file system. Because all registry keys are containers, you do not need to specify the item type; you simply supply an explicit path, such as:
PS C:\Temp> New-Item -Path HKCU:\NewItem_DeleteMe
Hive: HKEY_CURRENT_USER
Name Property
---- --------
NewItem_DeleteMe
Deleting Keys
Deleting items is essentially the same for all providers. The following commands will silently remove items:
Remove-Item -Path HKCU:\NewItem_DeleteMe\-
To view a registry key:
Get-Item -Path "HKLM:\Software\ExampleKey" -
To create a new registry key:
New-Item -Path "HKLM:\Software\ExampleKey" -Force -
To create or modify a registry value:
Set-ItemProperty -Path "HKLM:\Software\ExampleKey" -Name "ValueName" -Value "ValueData" -Type "String" -ForceChange the -Type parameter to "DWord", "QWord", "Binary", or "MultiString" if needed.
-
To retrieve a registry value:
Get-ItemProperty -Path "HKLM:\Software\ExampleKey" -Name "ValueName" -
To delete a registry value:
Remove-ItemProperty -Path "HKLM:\Software\ExampleKey" -Name "ValueName" -
To delete a registry key:
Remove-Item -Path "HKLM:\Software\ExampleKey" -Recurse -Force
Remember to replace "HKLM" with "HKCU" if you want to work with the current user's registry hive instead of the local machine's hive. Also, replace "ExampleKey", "ValueName", and "ValueData" with the appropriate key, value name, and data for your specific use case.
*** Always be careful when working with the registry, as incorrect changes can cause issues with your system. It's a good idea to back up your registry or create a system restore point before making changes.