PowerShell Registry Get-ItemProperty

Accessing the Registry with PowerShell

With PowerShell’s Get-ItemProperty you can interrogate the registry.  Once you are comfortable with the technique you can progress to making registry changes with Set-ItemProperty.

Investigating the Registry with PowerShell’s ItemProperty

• Listing Registry Values with Get-ItemProperty
• Changing Registry Values with Set-ItemProperty
• The_Beginners_Conundrum
• PowerShell’s ItemProperty
• New-ItemProperty

 ♣

Listing Registry Values with PowerShell’s Get-ItemProperty

While learning about PowerShell’s ability to extract and set values in the registry I find it useful to have regedit running in parallel.  My scenario: to check the operating system’s build number.  Please amend the value of $RegKey for the item that you are interested in.

Note 1:  To omit the dot (period) after -path is fatal.  -path. is correct.

Note 2: Observe how cd hklm: points PowerShell to the registry, and not the file system.

Note 3:  You could append either of these pipes to filter the output:
           | Format-Table c*
           | Format-List c*

Changing Registry Values with Set-ItemProperty

This example uses Set-ItemProperty to change the value of PaintDesktopVersion, as a result your operating system will display the Build Number – see screenshot.

If you haven’t backed up at least the HKEY_CURRENT_USER\Control Panel\Desktop portion of the registry, please take this action before continuing:

Launch Regedit, File Menu, Export…, Click the radio button next to: Selected Branch, give the file a name.

Learning Points

Note 1:  The crucial point is that we are using the verb ‘Set’ not ‘Get’.  Set-ItemProperty has the useful parameter -value.

Note 2: On reflection, you can see how PowerShell mimics the registry’s sections of: Key, Value, Data.  However, confusingly, the registry’s value = PowerShell -name. Furthermore, Registry’s Data = PowerShell’s -value.

Note 3:  To see the fruits of your registry hack logoff, then logon again. you should see the Build number just above the clock in the bottom left corner.

See more examples of PowerShell registry keys here.

Guy Recommends:  A Free Trial of the Network Performance Monitor (NPM) v11.5

SolarWinds’ Network Performance Monitor will help you discover what’s happening on your network.  This utility will also guide you through troubleshooting; the dashboard will indicate whether the root cause is a broken link, faulty equipment or resource overload.

What I like best is the way NPM suggests solutions to network problems.  Its also has the ability to monitor the health of individual VMware virtual machines.  If you are interested in troubleshooting, and creating network maps, then I recommend that you try NPM now.

Download a free trial of Solarwinds’ Network Performance Monitor

The Beginner’s Conundrum

As a beginner, people will tell you that accessing the registry with PowerShell is as easy as accessing the file system.  Guy says that doing useful work means learning knack.  Let start with PowerShell’s PSDrive provider, which opens the door to the registry.  Thus you can type:

CD HKLM:\   (Just as easy as when you type:   cd C:\)

I reminder that HKLM is an abbreviation of HKEY_LOCAL_MACHINE, which is well-known to PowerShell.  There is also the users section of the registry at HKCU.

To go back one step, you can see the connections between PowerShell, the registry and the file system by typing plain:  Get-PSDrive

Easy Ways of Accessing the Registry with PowerShell

 a) Using familiar aliases

Note: You need a carriage return after the first line.

b) You can get the same result as above, but using native PowerShell commands

Learning Points

Note 1: You need the colon, thus HKLM: (and not plain HKLM)

Note 2: The backslash makes sure that you connect to the root of HKLM.

Note 3: -ErrorAction SilentlyContinue suppresses the error message PermissionDenied to the SECURITY hive.

Note 4: SKC means SubKey count and VC means Value count.

Guy Recommends: SolarWinds Engineer’s Toolset v10

This Engineer’s Toolset v10 provides a comprehensive console of 50 utilities for troubleshooting computer problems.  Guy says it helps me monitor what’s occurring on the network, and each tool teaches me more about how the underlying system operates.

There are so many good gadgets; it’s like having free rein of a sweetshop.  Thankfully the utilities are displayed logically: monitoring, network discovery, diagnostic, and Cisco tools.  Try the SolarWinds Engineer’s Toolset now!

Download your fully functional trial copy of the Engineer’s Toolset v10

Using PowerShell to Search for Registry Entries

Get-ChildItem is like DOS’s dir, -recurse tells PowerShell to drill down starting at HKLM.  The crucial command is -Include followed by the value to search for, which in this case is Winlogon.

SKC – SubKey Count = 3 (Sub folders under Winlogon)
VC – Number of ‘Named Values’ = 25 on my machine.

ItemProperty – A PowerShell Noun to Interrogate the Registry

ItemProperty is the key noun for interrogating the registry with PowerShell.  While the two most important verbs are get and set, this is how to list the family members:

Summary of PowerShell’s ItemProperty Family

Learning about the PowerShell’s ItemProperty family is both enjoyable and instructive.  This is a classic progression from viewing data with Get-ItemProperty to changing values with Set-ItemProperty.

See more Microsoft PowerShell file tutorials:

• PowerShell Home   • Add-Content   • Get-Content   • Set-Content  • PowerShell -Filter   • Test-Path

• PowerShell Get-ChildItem   • Get-ChildItem -Include   • Get-ChildItem -Exclude   • Compare-Object

• PowerShell Registry  • Get-Credential  • PowerShell ItemProperty  • PowerShell ItemPropery GCI

Please email me if you have a better example script. Also please report any factual mistakes, grammatical errors or broken links, I will be happy to correct the fault.