With PowerShell's Get-ItemProperty you can interrogate the registry.
Once you are comfortable with the technique you can progress to making
registry changes with Set-ItemProperty.
Investigating the Registry with PowerShell's
ItemProperty
While learning about PowerShell's ability to extract and set values
in the registry I find it useful to have regedit running in parallel.
My scenario: to check the operating system's build number. Please
amend the value of $RegKey for the item that you are interested in.
# Access the PowerShell Registry with Get-ItemProperty $RegKey
="Software\Microsoft\Windows NT\CurrentVersion\"
Cd hklm:\$RegKey Get-ItemProperty -path. -name
CurrentBuildNumber
Note 1: To omit the dot (period) after -path
is fatal. -path. is correct.
Note 2: Observe how cd hklm: points PowerShell to
the registry, and not the file system.
Note 3: You could append either of these pipes
to filter the output:
| Format-Table c*
| Format-List c*
This example uses set-ItemProperty to change the value of
PaintDesktopVersion, as a result your operating system will display the
Build Number - see screenshot.
If you haven't backed up at least the HKEY_CURRENT_USER\Control
Panel\Desktop portion of the
registry, please take this action before continuing:
Launch Regedit, File
Menu, Export..., Click the radio button next to: Selected Branch, give
the file a name.
# PowerShell Set-ItemProperty script to set values in the registry $RegKey
="HKCU:\Control Panel\Desktop"
set-ItemProperty -path $RegKey -name PaintDesktopVersion -value 1
Learning Points
Note 1: The crucial point is that we are using
the verb 'Set' not 'Get'. Set-ItemProperty has the useful
parameter -value.
Note 2: On reflection, you can see how PowerShell
mimics the registry's sections of: Key, Value, Data. However,
confusingly, the registry's value = PowerShell -name. Furthermore,
Registry's Data = PowerShell's -value.
Note 3: To see the fruits of your registry hack
logoff, then logon again. you should see the Build number just above the
clock in the bottom left corner.
Windows Management Instrumentation (WMI) is one of the hidden
treasures of Microsoft operating systems. Fortunately, Solarwinds
have created a
Free WMI Monitor so that you can discover these gems of performance
information, and thus improve your PowerShell scripts. Take the guess work out of which WMI counters to use when scripting the
operating system, Active Directory or Exchange Server.
As a beginner, people will tell you that accessing the registry with
PowerShell is as easy
as accessing the file system. Guy says that doing useful work
means learning knack. Let start with PowerShell's PSDrive provider, which opens the door to the registry. Thus you
can type:
CD HKLM:\ (Just as easy as when you type: cd C:\)
I reminder that HKLM is an abbreviation of HKEY_LOCAL_MACHINE, which is well-known to
PowerShell. There is also the users section of the registry at HKCU.
To go back one step, you can see the connections between PowerShell, the registry and
the file system by typing plain: Get-PSDrive
Note 1: You need the colon, thus HKLM: (and not
plain HKLM)
Note 2: The backslash makes sure that you connect to
the root of HKLM.
Note 3: -ErrorAction SilentlyContinue suppresses the error message PermissionDenied
to the SECURITY hive.
Note 4: SKC means SubKey count and VC means Value
count.
Guy Recommends: Solarwinds' Free Bulk Import Tool
Import users from a spreadsheet. Just provide a list of the
users with their fields in the
top row, and save as .csv file. Then launch this FREE utility and match
your fields with AD's
attributes, click to import the users. Optionally, you can
provide the name of the OU where the new accounts will be born.
There are also two bonus tools in this free download, and all 3 have been approved by Microsoft:
Get-ChildItem is like DOS's dir, -recurse tells PowerShell to drill down
starting at HKLM. The crucial command is -include followed by the
value to search for, which in this case is Winlogon.
# PowerShell script to search the registry
Get-ChildItem HKLM: -recurse -include Winlogon -ErrorAction
SilentlyContinue
SKC - SubKey Count = 3 (Sub folders under Winlogon) VC - Number of
'Named Values' = 25 on my machine.
ItemProperty - A PowerShell Noun to
Interrogate the Registry
ItemProperty is the key noun for interrogating the registry with
PowerShell. While the two most important verbs are get and set,
this is how to list the family members:
Learning about the PowerShell's ItemProperty family is both enjoyable and
instructive. This is a classic progression from viewing data with Get-ItemProperty
to changing values with set-ItemProperty.
If you like this page then please share it with your friends
Please email me if you have a better example script. Also please report any factual mistakes, grammatical errors or broken links, I will be happy to correct the fault.
Windows Management Instrumentation (WMI) is one of the hidden
treasures of Microsoft operating systems.
Fortunately, Solarwinds
have created the
Free WMI Monitor so that you can actually see and understand these gems of
performance information. Take the guess work out of which
WMI counters to use for applications like Microsoft Active Directory,
SQL or Exchange Server.
