Editing the PowerShell registry is a knack.
In the beginning accessing values in the registry with PowerShell navigation is deceptively difficult, but once you master
the syntax of HKLM:\ the technique it becomes reassuringly easy.
As a beginner, people will tell you that accessing the registry with
PowerShell is as easy
as accessing the file system. Guy says that doing useful work
means learning knack. Let start with PowerShell's PSDrive provider, which opens the door to the registry. Thus you
can type:
CD HKLM:\ (Just as easy as when you type: cd C:\)
I reminder that HKLM is an abbreviation of HKEY_LOCAL_MACHINE, which is well-known to
PowerShell. There is also the users section of the registry at HKCU.
To go back one step, you can see the connections between PowerShell, the
registry and the file system by typing plain: Get-PSDrive
Note 1: You need the colon, thus HKLM: (and not
plain HKLM)
Note 2: The backslash makes sure that you connect to
the root of HKLM.
Note 3: -ErrorAction SilentlyContinue suppresses the error message PermissionDenied
to the SECURITY hive.
Note 4: SKC means SubKey count and VC means Value
count.
Using PowerShell to Search for Registry Entries
Get-ChildItem is like DOS's dir, -recurse tells PowerShell to drill down
starting at HKLM. The crucial command is -include followed by the
value to search for, which in this case is Winlogon.
# Example script for PowerShell to search the registry
Get-ChildItem HKLM: -recurse -include Winlogon -ErrorAction
SilentlyContinue
SKC - SubKey Count = 3 (Sub folders under Winlogon) VC - Number of
'Named Values' = 25 on my machine.
Windows Management Instrumentation (WMI) is one of the hidden
treasures of Microsoft operating systems. Fortunately, Solarwinds
have created a
Free WMI Monitor so that you can discover these gems of performance
information, and thus improve your PowerShell scripts. Take the guess work out of which WMI counters to use when scripting the
operating system, Active Directory or Exchange Server.
Superficially, the simple commands shown above work as expected.
Problems
start when you try to view values in the registry, and they get worse if
you try and change Reg_SZ or DWORD setting.
This is where analogies with the file-system break down, and we need to
learn new techniques.
Scenario: you want to check or enumerate the name of the user who is logged on.
We have already had a lucky break, because we've been tipped off
there is PowerShell cmdlet called Get-ItemProperty. Now we can exploit this knowledge
by checking for similar nouns to ItemProperty.
Research More PowerShell registry cmdlets Get-Command -noun ItemProperty
Eureka! Let us investigate Set-ItemProperty and see if it has any
parameters to change settings in the registry.
# Find more about the PowerShell Set-ItemProperty cmdlet
Get-Help Set-ItemProperty -full
Note 1: Do you see a parameter called -Value? Now
we have the skill to employ PowerShell to change values in a named registry key.
Guy Recommends: Solarwinds' Free Bulk Import Tool
Import users from a spreadsheet. Just provide a list of the
users with their fields in the
top row, and save as .csv file. Then launch this FREE utility and match
your fields with AD's
attributes, click to import the users. Optionally, you can
provide the name of the OU where the new accounts will be born.
There are also two bonus tools in this free download, and all 3 have been approved by Microsoft:
I have just chosen CachedLogonsCount almost at random, my greatest joy is
when you change this REG_SZ registry entry to a value that you are interested in.
Scenario - Let us increase Cached Logons to 50. (It does
not make sense to change the DefaultUserName.)
If you haven't backed up at least the Winlogon portion of the
registry, please take this action before continuing: Launch Regedit, File
Menu, Export..., Click the radio button next to: Selected Branch, give
the file a name.
# Example of a PowerShell registry change $RegKey ="HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon"
Set-ItemProperty -path $RegKey -name cachedlogonscount
-value 50
Learning Points
Note 1: The crucial point is that to change a
PowerShell registry key we need
the verb 'Set' not 'Get'. Set-ItemProperty has the useful
parameter -value.
Note 2: On reflection, you can see how PowerShell
mimics the registry's sections of: Key, Value, Data. However,
confusingly, the registry's value = PowerShell -name. Furthermore,
Registry's Data = PowerShell's -value.
The union between PowerShell and the Registry is a marriage made in
heaven. If you are a minor expert on Regedit then PowerShell scripting
is a wonderful alternative way of making changes. From a learning
point of view, go slowly at first. Tune-in to the PowerShell method
for navigating the registry keys, and go slowly through the syntax for
enumerating the values. Once you learn about Set-ItemProperty then you
can script changes to your favorite registry hacks.
If you like this page then please share it with your friends
See more Microsoft PowerShell Examples of Real Life Tasks
Please email me if you have a better example script. Also please report any factual mistakes, grammatical errors or broken links, I will be happy to correct the fault.
Windows Management Instrumentation (WMI) is one of the hidden
treasures of Microsoft operating systems.
Fortunately, Solarwinds
have created the
Free WMI Monitor so that you can actually see and understand these gems of
performance information. Take the guess work out of which
WMI counters to use for applications like Microsoft Active Directory,
SQL or Exchange Server.
