Editing the PowerShell registry is a knack.
In the beginning accessing values in the registry with PowerShell navigation is deceptively difficult, but once you master
the syntax of HKLM:\ the technique it becomes reassuringly easy.
As a beginner, people will tell you that accessing the registry with
PowerShell is as easy
as accessing the file system. Guy says that doing useful work
means learning knack. Let start with PowerShell's PSDrive provider, which opens the door to the registry. Thus you
can type:
CD HKLM:\ (Similar to typing: cd C:\)
I reminder that HKLM is an abbreviation of HKEY_LOCAL_MACHINE, which is well-known to
PowerShell. There is also the users section of the registry at HKCU.
To go back a step, this is how you make the connection between PowerShell, the
registry, and the file system; simply type: Get-PSDrive
Note 1: You need the colon, thus HKLM: (and not
plain HKLM)
Note 2: The backslash makes sure that you connect to
the root of HKLM.
Note 3: -ErrorAction SilentlyContinue suppresses the error message PermissionDenied
to the SECURITY hive.
Note 4: If you see 'SKC' it means SubKey count, and VC means Value
count.
Using PowerShell to Search for Registry Entries Get-ChildItem is like DOS's dir, -recurse tells PowerShell to drill down
starting at HKLM. The crucial command is -Include followed by the
value to search for, which in this case is Winlogon.
Clear-Host # Example script for PowerShell to search the
registry Get-ChildItem HKLM:\Software\Microsoft -recurse -Include
Winlogon ` -ErrorAction SilentlyContinue
Note 5: The backtick means the command continues on
the next line.
Guy Recommends: A Free Trial of the Network Performance Monitor
(NPM)
SolarWinds'
Network Performance Monitor
will help you discover what's happening on your network. This
utility will also guide you through troubleshooting; the dashboard will
indicate whether the root cause is a broken link, faulty equipment or
resource overload.
What I like best is the way NPM suggests solutions to network
problems. Its also has the ability to monitor the health of individual VMware
virtual machines. If you are interested in troubleshooting, and creating
network maps, then I recommend that you try NPM now.
Superficially, the simple commands shown above work as expected.
Problems
start when you try to view values in the registry, and they get worse if
you try and change Reg_SZ or DWORD setting.
This is where analogies with the file-system break down, and we need to
learn new techniques.
Scenario: you want to check or enumerate the name of the user who is logged on.
We have already had a lucky break, because we've been tipped off
there is PowerShell cmdlet called Get-ItemProperty. Now we can exploit this knowledge
by checking for similar nouns to ItemProperty.
# Research more PowerShell registry cmdlets Get-Command -Noun ItemProperty
Eureka! Let us investigate Set-ItemProperty and see if it has any
parameters to change settings in the registry.
# Find more about the PowerShell Set-ItemProperty cmdlet
Get-Help Set-ItemProperty -full
Note 9: Do you see a parameter called -Value? Now
we have the skill to employ PowerShell to change values in a named registry key.
Guy
Recommends: Free WMI Monitor for PowerShell
Windows Management Instrumentation (WMI) is one of the hidden
treasures of Microsoft's operating systems. Fortunately, SolarWinds
have created a
Free WMI Monitor so that you can discover these gems of performance
information, and thus improve your PowerShell scripts.
Take the guess work out of which WMI counters to use when scripting the
operating system, Active Directory, or Exchange Server. Give this WMI monitor a
try - it's free.
I have just chosen CachedLogonsCount almost at random, my greatest joy is
when you change this REG_SZ registry entry to a value that you are interested in.
Scenario - Let us increase Cached Logons to 50. (It does
not make sense to change the DefaultUserName.)
If you haven't backed up at least the Winlogon portion of the
registry, please take this action before continuing: Launch Regedit, File
Menu, Export..., Click the radio button next to: Selected Branch, give
the file a name.
# Example of a PowerShell registry change $RegKey ="HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon"
Set-ItemProperty -path $RegKey -name cachedlogonscount
-value 50
Learning Points
Note 10: The crucial point is that to change a
PowerShell registry key we need
the verb 'Set' not 'Get'. Set-ItemProperty has the useful
parameter -value.
Note 11: On reflection, you can see how PowerShell
mimics the registry's sections of: Key, Value, Data. However,
confusingly, the registry's value = PowerShell -name. Furthermore,
Registry's Data = PowerShell's -value.
The union between PowerShell and the Registry is a marriage made in
heaven. If you are a minor expert on Regedit then PowerShell scripting
is a wonderful alternative way of making changes. From a learning
point of view, go slowly at first. Tune-In to the PowerShell method
for navigating the registry keys, and go slowly through the syntax for
enumerating the values. Once you learn about Set-ItemProperty then you
can script changes to your favorite registry hacks.
If you like this page then please share it with your friends
See more Microsoft PowerShell Examples of Real Life Tasks
Please email me if you have a better example script. Also please report any factual mistakes, grammatical errors or broken links, I will be happy to correct the fault.
Windows Management Instrumentation (WMI) is
most useful for PowerShell scripting.
SolarWinds
have produced this
Free WMI Monitor to take the guess work out of which
WMI counters to use for applications like Microsoft Active Directory,
SQL or Exchange Server.
