Accessing the Registry with PowerShell
With PowerShell’s Get-ItemProperty you can interrogate the registry. Once you are comfortable with the technique you can progress to making registry changes with Set-ItemProperty.
Investigating the Registry with PowerShell’s ItemProperty
- Listing Registry Values with Get-ItemProperty
- Changing Registry Values with Set-ItemProperty
- PowerShell’s ItemProperty
While learning about PowerShell’s ability to extract and set values in the registry I find it useful to have regedit running in parallel. My scenario: to check the operating system’s build number. Please amend the value of $RegKey for the item that you are interested in.
# Access the PowerShell Registry with Get-ItemProperty
$RegKey ="Software\Microsoft\Windows NT\CurrentVersion\"
Get-ItemProperty -path. -name CurrentBuildNumber
Note 1: To omit the dot (period) after -path is fatal. -path. is correct.
Note 2: Observe how cd hklm: points PowerShell to the registry, and not the file system.
Note 3: You could append either of these pipes to filter the output:
| Format-Table c*
| Format-List c*
This example uses Set-ItemProperty to change the value of PaintDesktopVersion, as a result your operating system will display the Build Number – see screenshot.
If you haven’t backed up at least the HKEY_CURRENT_USER\Control Panel\Desktop portion of the registry, please take this action before continuing:
Launch Regedit, File Menu, Export…, Click the radio button next to: Selected Branch, give the file a name.
# PowerShell Set-ItemProperty script to set values in the registry
$RegKey ="HKCU:\Control Panel\Desktop"
Set-ItemProperty -path $RegKey -name PaintDesktopVersion -value 1
Note 1: The crucial point is that we are using the verb ‘Set’ not ‘Get’. Set-ItemProperty has the useful parameter -value.
Note 2: On reflection, you can see how PowerShell mimics the registry’s sections of: Key, Value, Data. However, confusingly, the registry’s value = PowerShell -name. Furthermore, Registry’s Data = PowerShell’s -value.
Note 3: To see the fruits of your registry hack logoff, then logon again. you should see the Build number just above the clock in the bottom left corner.
SolarWinds’ Network Performance Monitor will help you discover what’s happening on your network. This utility will also guide you through troubleshooting; the dashboard will indicate whether the root cause is a broken link, faulty equipment or resource overload.
What I like best is the way NPM suggests solutions to network problems. Its also has the ability to monitor the health of individual VMware virtual machines. If you are interested in troubleshooting, and creating network maps, then I recommend that you try NPM now.
As a beginner, people will tell you that accessing the registry with PowerShell is as easy as accessing the file system. Guy says that doing useful work means learning knack. Let start with PowerShell’s PSDrive provider, which opens the door to the registry. Thus you can type:
CD HKLM:\ (Just as easy as when you type: cd C:\)
I reminder that HKLM is an abbreviation of HKEY_LOCAL_MACHINE, which is well-known to PowerShell. There is also the users section of the registry at HKCU.
To go back one step, you can see the connections between PowerShell, the registry and the file system by typing plain: Get-PSDrive
a) Using familiar aliases
# PowerShell Registry Access
Note: You need a carriage return after the first line.
b) You can get the same result as above, but using native PowerShell commands
# PowerShell Registry listing
Get-Childitem -ErrorAction SilentlyContinue
Note 1: You need the colon, thus HKLM: (and not plain HKLM)
Note 2: The backslash makes sure that you connect to the root of HKLM.
Note 3: -ErrorAction SilentlyContinue suppresses the error message PermissionDenied to the SECURITY hive.
Note 4: SKC means SubKey count and VC means Value count.
This Engineer’s Toolset v10 provides a comprehensive console of 50 utilities for troubleshooting computer problems. Guy says it helps me monitor what’s occurring on the network, and each tool teaches me more about how the underlying system operates.
There are so many good gadgets; it’s like having free rein of a sweetshop. Thankfully the utilities are displayed logically: monitoring, network discovery, diagnostic, and Cisco tools. Try the SolarWinds Engineer’s Toolset now!
Using PowerShell to Search for Registry Entries
Get-ChildItem is like DOS’s dir, -recurse tells PowerShell to drill down starting at HKLM. The crucial command is -Include followed by the value to search for, which in this case is Winlogon.
# PowerShell script to search the registry
Get-ChildItem HKLM: -recurse -Include Winlogon -ErrorAction SilentlyContinue
SKC – SubKey Count = 3 (Sub folders under Winlogon)
VC – Number of ‘Named Values’ = 25 on my machine.
ItemProperty – A PowerShell Noun to Interrogate the Registry
ItemProperty is the key noun for interrogating the registry with PowerShell. While the two most important verbs are get and set, this is how to list the family members:
Get-Command -Noun ItemProperty
Summary of PowerShell’s ItemProperty Family
Learning about the PowerShell’s ItemProperty family is both enjoyable and instructive. This is a classic progression from viewing data with Get-ItemProperty to changing values with Set-ItemProperty.
If you like this page then please share it with your friends
See more Microsoft PowerShell file tutorials:
Please email me if you have a better example script. Also please report any factual mistakes, grammatical errors or broken links, I will be happy to correct the fault.