This lesson introduces PowerShell Registry processing.

Objectives and Skills edit

After completing this lesson, you will be able to:

  • Describe basic PowerShell Windows Registry concepts.
  • Create PowerShell scripts to manage Registry keys.

Readings edit

  1. Wikipedia: Windows Registry
  2. Wikipedia: INI file
  3. BonusBits: Mastering PowerShell Chapter 16 - The Registry

Multimedia edit

  1. YouTube: Working With Registry Items In Powershell
  2. YouTube: Windows PowerShell - How To - Windows Registry

Examples edit

Get-PSDrive edit

The Get-PSDrive cmdlet gets the drives available in the current session, including logical mapped network drives and drives exposed by Windows PowerShell providers.[1]

Get-PSDrive -PSProvider Registry

Example output:

PS C:\Windows\system32> Get-PSDrive

Name           Used (GB)     Free (GB) Provider      Root                                               CurrentLocation
----           ---------     --------- --------      ----                                               ---------------
Alias                                  Alias
C                  56.04        408.13 FileSystem    C:\                                               Windows\system32
Cert                                   Certificate   \
D                                      FileSystem    D:\
Env                                    Environment
Function                               Function
HKCU                                   Registry      HKEY_CURRENT_USER
HKLM                                   Registry      HKEY_LOCAL_MACHINE
Variable                               Variable
WSMan                                  WSMan

New-Item edit

The New-Item cmdlet creates a new item and sets its value.[2]

$path = 'HKCU:\Software\Scripts'
if(!(Test-Path -Path $path))
{
    New-Item -Path $path
}

$path = 'HKCU:\Software\Scripts\My Script'
if(!(Test-Path -Path $path))
{
    New-Item -Path $path
}

New-ItemProperty edit

The New-ItemProperty cmdlet creates a new property for an item and sets its value.[3]

$path = 'HKCU:\Software\Scripts\My Script'
$name = 'RunCount'
New-ItemProperty -Path $path -Name $name -PropertyType DWord -Value 0

Get-Item edit

The Get-Item cmdlet gets the item at the specified location.[4]

$path = 'HKCU:\Software\Scripts\My Script'
$key = Get-Item -Path $path
foreach($name in $key.Property)
{
    $property = Get-ItemProperty -Path $path -Name $name
    Write-Output ($name + ' = ' + $property.$name)
}

Get-ItemProperty edit

The Get-ItemProperty cmdlet gets the properties of a specified item.[5]

$path = 'HKCU:\Software\Scripts\My Script'
try
{
    $name = 'RunCount'
    $key = Get-ItemProperty -Path $path -Name $name -ErrorAction Stop
    $runs = $key.RunCount
}
catch
{
    $runs = 0
}

Set-ItemProperty edit

The Set-ItemProperty cmdlet changes the value of the property of the specified item.[6]

$path = 'HKCU:\Software\Scripts\My Script'
$name = 'RunCount'
$runs++
Set-ItemProperty -Path $path -Name $name -Value $runs

Remove-Item edit

The Remove-Item cmdlet deletes one or more items.[7]

$path = 'HKCU:\Software\Scripts\My Script'
Remove-Item -Path $path -Confirm

Remove-ItemProperty edit

The Remove-ItemProperty cmdlet deletes a property and its value from an item.[8]

$path = 'HKCU:\Software\Scripts\My Script'
$name = 'RunCount'
Remove-ItemProperty -Path $path -Name $name -Confirm

Activities edit

  1. Review Microsoft TechNet: Use PowerShell to Back Up System State Prior to Making Changes. Use the Checkpoint-Computer cmdlet to create a system restore point.
  2. Review Microsoft TechNet: Using the Get-PSDrive Cmdlet. Use the Get-PSDrive cmdlet to display available drives. Identify the drive names supported by the Registry provider. Use a foreach loop and the Get-ChildItem (alias Dir) cmdlet to display the root keys available in the registry drives.
  3. Review PowerShell.com: The Registry. Create a script that uses a foreach loop to display all Registry entries that contain the word 'PowerShell' in the key or the value.
  4. Review CrucialSecurityBlog: Typed URLs. Create a script that uses a foreach loop to display Internet Explorer history (Internet Explorer Typed Urls).
  5. Review Microsoft MSDN: Run and RunOnce Registry Keys. Create a script to add a RunOnce item to automatically run either PowerShell or PowerShell ISE (your choice) at the next logon.
  6. Review AskVG.com: How to Enable “Open Command Window Here” Option in Context Menu in Windows Vista and 7. Create a script to delete the 'Extended' item property from the following keys. Be sure to use the -Confirm option and carefully confirm that only the Extended property will be removed. Use Windows Explorer to confirm that 'Open command window here' now appears on the context menu without holding down the Shift key.
    • HKLM:\SOFTWARE\Classes\Directory\shell\cmd
    • HKLM:\SOFTWARE\Classes\Drive\shell\cmd

Lesson Summary edit

  • The Windows Registry is a hierarchical database that stores configuration settings and options on Microsoft Windows operating systems.[9]
  • The Registry supports strongly-typed data values, while INI files are text only.[10]
  • Regedit.exe is the built-in Windows Registry editor.[11]
  • The Registry contains two basic elements: keys and values. Registry keys are container objects similar to folders. Registry values are non-container objects similar to files. Keys may contain values or further keys.[12]
  • Keys are referenced with a syntax similar to Windows' path names, using backslashes to indicate levels of hierarchy. Keys must have a case insensitive name without backslashes.[13]
  • The keys at the root level of the hierarchical database are generally named by their Windows API definitions, which all begin "HKEY".[14]
  • HKEY_LOCAL_MACHINE, abbreviated as HKLM, stores settings that are specific to the local computer.[15]
  • HKEY_CURRENT_USER abbreviated HKCU, stores settings that are specific to the currently logged-in user[16]
  • The INI file format is a simple text file with a basic structure composed of sections, properties, and values used primarily in MS-DOS and 16-bit versions of Windows.[17]
  • Windows NT and later versions of Windows use the Registry for configuration settings.[18]
  • Applications built on the .NET Framework and portable applications often use XML-format configuration files rather than the Registry.[19]
  • The PowerShell Registry provider exposes two registry paths: HKLM for HKEY_LOCAL_MACHINE and HKCU for HKEY_CURRENT_USER.[20]
  • The Get-PSDrive cmdlet gets the drives available in the current session, including logical mapped network drives and drives exposed by Windows PowerShell providers.[21]
  • The New-Item cmdlet creates a new item and sets its value.[22]
  • The New-ItemProperty cmdlet creates a new property for an item and sets its value.[23]
  • The Get-Item cmdlet gets the item at the specified location.[24]
  • The Get-ItemProperty cmdlet gets the properties of a specified item.[25]
  • The Set-ItemProperty cmdlet changes the value of the property of the specified item.[26]
  • The Remove-Item cmdlet deletes one or more items.[27]
  • The Remove-ItemProperty cmdlet deletes a property and its value from an item.[28]

Key Terms edit

hive
A logical group of keys, subkeys, and values in the Registry that has a set of supporting files containing backups of its data.[29]

Review Questions edit

Enable JavaScript to hide answers.
Click on a question to see the answer.
1. The Windows Registry is _____.
The Windows Registry is a hierarchical database that stores configuration settings and options on Microsoft Windows operating systems.
1. The Registry supports _____ data values, while INI files are _____.
The Registry supports strongly-typed data values, while INI files are text only.
1. Regedit.exe is _____.
Regedit.exe is the built-in Windows Registry editor.
2. The Registry contains two basic elements: _____ and _____.
The Registry contains two basic elements: keys and values.
3. Registry keys are container objects similar to _____. Registry values are non-container objects similar to _____. Keys may contain _____.
The Registry contains two basic elements: keys and values. Registry keys are container objects similar to folders. Registry values are non-container objects similar to files. Keys may contain values or further keys.
4. Keys are referenced with a syntax similar to Windows' path names, using _____. Keys must have _____.
Keys are referenced with a syntax similar to Windows' path names, using backslashes to indicate levels of hierarchy. Keys must have a case insensitive name without backslashes.
5. The keys at the root level of the hierarchical database are generally named by their Windows API definitions, which all begin _____.
The keys at the root level of the hierarchical database are generally named by their Windows API definitions, which all begin "HKEY".
6. HKEY_LOCAL_MACHINE, abbreviated as HKLM, stores _____.
HKEY_LOCAL_MACHINE, abbreviated as HKLM, stores settings that are specific to the local computer.
7. HKEY_CURRENT_USER abbreviated HKCU, stores _____.
HKEY_CURRENT_USER abbreviated HKCU, stores settings that are specific to the currently logged-in user.
8. The INI file format is _____ used primarily in _____.
The INI file format is a simple text file with a basic structure composed of sections, properties, and values used primarily in MS-DOS and 16-bit versions of Windows.
9. Windows NT and later versions of Windows use _____ for configuration settings.
Windows NT and later versions of Windows use the Registry for configuration settings.
10. Applications built on the .NET Framework and portable applications often use _____ rather than the Registry.
Applications built on the .NET Framework and portable applications often use XML-format configuration files rather than the Registry.
11. The PowerShell Registry provider _____.
The PowerShell Registry provider exposes two registry paths: HKLM for HKEY_LOCAL_MACHINE and HKCU for HKEY_CURRENT_USER.
12. The Get-PSDrive cmdlet _____.
The Get-PSDrive cmdlet gets the drives available in the current session, including logical mapped network drives and drives exposed by Windows PowerShell providers.
13. The New-Item cmdlet _____.
The New-Item cmdlet creates a new item and sets its value.
14. The New-ItemProperty cmdlet _____.
The New-ItemProperty cmdlet creates a new property for an item and sets its value.
15. The Get-Item cmdlet _____.
The Get-Item cmdlet gets the item at the specified location.
16. The Get-ItemProperty cmdlet _____.
The Get-ItemProperty cmdlet gets the properties of a specified item.
17. The Set-ItemProperty cmdlet _____.
The Set-ItemProperty cmdlet changes the value of the property of the specified item.
18. The Remove-Item cmdlet _____.
The Remove-Item cmdlet deletes one or more items.
19. The Remove-ItemProperty cmdlet _____.
The Remove-ItemProperty cmdlet deletes a property and its value from an item.

Assessments edit

See Also edit

References edit

  Type classification: this is a lesson resource.
  Completion status: this resource is considered to be complete.