Powershell Basics: Access, Update and Change Registry Values with Examples

Accessing the Registry with PowerShell

Editing the PowerShell registry is a knack.  In the beginning, accessing values in the registry using PowerShell is deceptively difficult, but once you master the syntax of HKLM:\ the technique it becomes reassuringly easy.

Topics for Editing a PowerShell Registry Key

• The Beginner’s Conundrum
• Easy Ways of Accessing the Registry with PowerShell
• List Registry Values with PowerShell
• Changing Registry Values with Set-ItemProperty

The Beginner’s Conundrum

As a beginner, people will tell you that accessing the registry with PowerShell is as easy as accessing the file system.  Guy says that doing useful work means learning knack.  Let start with PowerShell’s PSDrive provider, which opens the door to the registry.  Thus you can type:

CD HKLM:\  (Similar to typing: cd C:\)

A reminder that HKLM is an abbreviation of HKEY_LOCAL_MACHINE, which is well-known to PowerShell.  There is also the users section of the registry at HKCU.

Let us go back a step, this is how you make the connection between PowerShell, the registry, and the file system; simply type: Get-PSDrive

Easy Ways of Accessing the Registry with PowerShell

a) Using the familiar aliases cd and DIR

# PowerShell Registry Access
CD HKLM:\
Dir

Note 1: You need a carriage return after the first line.

b) This is how you can get the same result as above, but using native PowerShell commands:

# PowerShell Registry HKEY_LOCAL_MACHINE listing
Set-Location HKLM:\
Get-Childitem -ErrorAction SilentlyContinue |
Format-Table Name, SubKeyCount, ValueCount -AutoSize

Learning Points
Note 2: You need that colon, thus type HKLM: (and not plain HKLM)

Note 3: The backslash makes sure that you connect to the root of HKLM.

Note 4: -ErrorAction SilentlyContinue suppresses the error message PermissionDenied to the SECURITY hive.  It can be abbreviated to EA 4.

Note 5: In other scripts, if you see ‘SKC’ it means SubKey count, and VC means Value count.

Using PowerShell to Search for Registry Entries
Get-ChildItem is like DOS’s dir, -recurse tells PowerShell to drill down starting at HKLM.  The crucial command is -Include followed by the value to search for, which in this case is Winlogon.

Clear-Host
# Example script for PowerShell to search Winlogon in the registry
Get-ChildItem HKLM:\Software\Microsoft -Recurse -Include Winlogon `
-ErrorAction SilentlyContinue

Note 6: The backtick means the command continues on the next line.

See more on ErrorAction SilentlyContinue

Guy Recommends:  Network Performance Monitor (FREE TRIAL)

SolarWinds Network Performance Monitor (NPM) will help you discover what’s happening on your network.  This utility will also guide you through troubleshooting; the dashboard will indicate whether the root cause is a broken link, faulty equipment or resource overload.

What I like best is the way NPM suggests solutions to network problems.  Its also has the ability to monitor the health of individual VMware virtual machines.  If you are interested in troubleshooting, and creating network maps, then I recommend that you try NPM on a 30-day free trial.

SolarWinds Network Performance Monitor Download 30-day FREE Trial

PowerShell Displays Registry Values with Progress Bar

This script has the same heart as the above example, but it features Write-Progress, and also Start-Job followed by Receive-Job.  The benefit of the progress bar is to indicate to the user that the script is working in the background.

Clear-Host
$Reg = Start-Job -scriptblock {
Get-ChildItem HKLM:\Software\Microsoft -recurse -Include Winlogon -EA 4
}
$max = 10
For($i = 1; $i -le $max; $i++)
{
Write-Progress -Activity "Searching the Registry ... " -Status " $i of $max " `
-percentcomplete ($i / $max*100) -id 1
Start-Sleep 3
}
Receive-Job -Job $Reg

List Registry Values with PowerShell

Superficially, the simple commands shown above work as expected.  Problems start when you try to view values in the registry, and they get worse if you try and change Reg_SZ or DWORD setting.  This is where analogies with the file-system break down, and we need to learn new techniques.

Scenario: you want to check or enumerate the name of the user who is logged on.

# PowerShell Registry Key Winlogon
Clear-Host
$Registry_Key ="Software\Microsoft\Windows NT\CurrentVersion\Winlogon\"
Cd HKLM:\$Registry_Key
Get-ItemProperty -Path. -Name DefaultUserName

Note 7: To omit the dot (period) after -Path is fatal.  -Path. is correct.

Note 8: Finding this PowerShell registry key also works without the final \’
“Software\Microsoft\Windows NT\CurrentVersion\Winlogon”

Note 9: Here is an alternative version without the final ‘\’

# PowerShell Registry Key example 
$Registry_Key = "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon"
 Get-ItemProperty -Path $Registry_Key -Name DefaultUserName

Guy Recommends: Free WMI Monitor for PowerShell (FREE TOOL)

Windows Management Instrumentation (WMI) is one of the hidden treasures of Microsoft’s operating systems.  Fortunately, SolarWinds have created a Free WMI Monitor for PowerShell so that you can discover these gems of performance information, and thus improve your PowerShell scripts.

Take the guesswork out of which WMI counters to use when scripting the operating system, Active Directory, or Exchange Server. Give this WMI monitor a try – it’s free.

SolarWinds WMI Monitor Download 100% Free Tool

ItemProperty – An Important PowerShell Noun for the Registry

We have already had a lucky break, because we’ve been tipped off there is PowerShell cmdlet called Get-ItemProperty.  Now we can exploit this knowledge by checking for similar nouns to ItemProperty.

# Research more PowerShell registry cmdlets
Get-Command -Noun ItemProperty

Expected Results
Clear-ItemProperty
Copy-ItemProperty
Get-ItemProperty
MaintainServerList
Move-ItemProperty
New-ItemProperty
Remove-ItemProperty
Rename-ItemProperty
Set-ItemProperty

Eureka!  Let us investigate Set-ItemProperty and see if it has any parameters to change settings in the registry.

# Find more about the PowerShell Set-ItemProperty cmdlet
Get-Help Set-ItemProperty -Full

Note 10: Do you see a parameter called -Value?   Now we have the skill to employ PowerShell to change values in a named registry key.

Changing Registry

I have chosen to adjust the CachedLogonsCount.

# Example of a PowerShell registry change
$RegKey ="HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon"
Set-ItemProperty -Path $RegKey -Name CachedLogonsCount  -Value 45
Get-ItemProperty -Path. -Name CachedLogonsCount

Learning Point
Note 11: The key parameter is -Value

Note 12: The last line is optional.

See more examples of PowerShell registry keys here »

Summary of Editing the PowerShell Registry

The union between PowerShell and the Registry is a marriage made in heaven.  If you are a minor expert on Regedit then PowerShell scripting is a wonderful alternative way of making changes.  From a learning point of view, go slowly at first.  Tune-In to the PowerShell method for navigating the registry keys, and go slowly through the syntax for enumerating the values.  Once you learn about Set-ItemProperty then you can script changes to your favorite registry hacks.

See more Microsoft PowerShell Examples of Real Life Tasks

• PowerShell Real-life Examples   • Test-Connection   • Invoke-Expression   • Invoke-Command

• Com   • Shell Application   • Measure-Object   • PowerShell Registry   • Compare-Object Registry

• PowerShell and Exchange   • PowerShell and SQL   • Restore-Computer   • Engineers Toolset

Please email me if you have a better example script. Also please report any factual mistakes, grammatical errors or broken links, I will be happy to correct the fault.