This lesson introduces PowerShell Registry processing.
Objectives and Skills
After completing this lesson, you will be able to:
- Describe basic PowerShell Windows Registry concepts.
- Create PowerShell scripts to manage Registry keys.
Readings
- Wikipedia: Windows Registry
- Wikipedia: INI file
- BonusBits: Mastering PowerShell Chapter 16 - The Registry
Multimedia
Examples
Get-PSDrive
The Get-PSDrive cmdlet gets the drives available in the current session, including logical mapped network drives and drives exposed by Windows PowerShell providers.[1]
Get-PSDrive -PSProvider Registry
Example output:
PS C:\Windows\system32> Get-PSDrive
Name Used (GB) Free (GB) Provider Root CurrentLocation
---- --------- --------- -------- ---- ---------------
Alias Alias
C 56.04 408.13 FileSystem C:\ Windows\system32
Cert Certificate \
D FileSystem D:\
Env Environment
Function Function
HKCU Registry HKEY_CURRENT_USER
HKLM Registry HKEY_LOCAL_MACHINE
Variable Variable
WSMan WSMan
New-Item
The New-Item cmdlet creates a new item and sets its value.[2]
$path = 'HKCU:\Software\Scripts'
if(!(Test-Path -Path $path))
{
New-Item -Path $path
}
$path = 'HKCU:\Software\Scripts\My Script'
if(!(Test-Path -Path $path))
{
New-Item -Path $path
}
New-ItemProperty
The New-ItemProperty cmdlet creates a new property for an item and sets its value.[3]
$path = 'HKCU:\Software\Scripts\My Script'
$name = 'RunCount'
New-ItemProperty -Path $path -Name $name -PropertyType DWord -Value 0
Get-Item
The Get-Item cmdlet gets the item at the specified location.[4]
$path = 'HKCU:\Software\Scripts\My Script'
$key = Get-Item -Path $path
foreach($name in $key.Property)
{
$property = Get-ItemProperty -Path $path -Name $name
Write-Output ($name + ' = ' + $property.$name)
}
Get-ItemProperty
The Get-ItemProperty cmdlet gets the properties of a specified item.[5]
$path = 'HKCU:\Software\Scripts\My Script'
try
{
$name = 'RunCount'
$key = Get-ItemProperty -Path $path -Name $name -ErrorAction Stop
$runs = $key.RunCount
}
catch
{
$runs = 0
}
Set-ItemProperty
The Set-ItemProperty cmdlet changes the value of the property of the specified item.[6]
$path = 'HKCU:\Software\Scripts\My Script'
$name = 'RunCount'
$runs++
Set-ItemProperty -Path $path -Name $name -Value $runs
Remove-Item
The Remove-Item cmdlet deletes one or more items.[7]
$path = 'HKCU:\Software\Scripts\My Script'
Remove-Item -Path $path -Confirm
Remove-ItemProperty
The Remove-ItemProperty cmdlet deletes a property and its value from an item.[8]
$path = 'HKCU:\Software\Scripts\My Script'
$name = 'RunCount'
Remove-ItemProperty -Path $path -Name $name -Confirm
Activities
- Review Microsoft TechNet: Use PowerShell to Back Up System State Prior to Making Changes. Use the Checkpoint-Computer cmdlet to create a system restore point.
- Review Microsoft TechNet: Using the Get-PSDrive Cmdlet. Use the Get-PSDrive cmdlet to display available drives. Identify the drive names supported by the Registry provider. Use a foreach loop and the Get-ChildItem (alias Dir) cmdlet to display the root keys available in the registry drives.
- Review PowerShell.com: The Registry. Create a script that uses a foreach loop to display all Registry entries that contain the word 'PowerShell' in the key or the value.
- Review CrucialSecurityBlog: Typed URLs. Create a script that uses a foreach loop to display Internet Explorer history (Internet Explorer Typed Urls).
- Review Microsoft MSDN: Run and RunOnce Registry Keys. Create a script to add a RunOnce item to automatically run either PowerShell or PowerShell ISE (your choice) at the next logon.
- Review AskVG.com: How to Enable “Open Command Window Here” Option in Context Menu in Windows Vista and 7. Create a script to delete the 'Extended' item property from the following keys. Be sure to use the -Confirm option and carefully confirm that only the Extended property will be removed. Use Windows Explorer to confirm that 'Open command window here' now appears on the context menu without holding down the Shift key.
- HKLM:\SOFTWARE\Classes\Directory\shell\cmd
- HKLM:\SOFTWARE\Classes\Drive\shell\cmd
Lesson Summary
- The Windows Registry is a hierarchical database that stores configuration settings and options on Microsoft Windows operating systems.[9]
- The Registry supports strongly-typed data values, while INI files are text only.[10]
- Regedit.exe is the built-in Windows Registry editor.[11]
- The Registry contains two basic elements: keys and values. Registry keys are container objects similar to folders. Registry values are non-container objects similar to files. Keys may contain values or further keys.[12]
- Keys are referenced with a syntax similar to Windows' path names, using backslashes to indicate levels of hierarchy. Keys must have a case insensitive name without backslashes.[13]
- The keys at the root level of the hierarchical database are generally named by their Windows API definitions, which all begin "HKEY".[14]
- HKEY_LOCAL_MACHINE, abbreviated as HKLM, stores settings that are specific to the local computer.[15]
- HKEY_CURRENT_USER abbreviated HKCU, stores settings that are specific to the currently logged-in user[16]
- The INI file format is a simple text file with a basic structure composed of sections, properties, and values used primarily in MS-DOS and 16-bit versions of Windows.[17]
- Windows NT and later versions of Windows use the Registry for configuration settings.[18]
- Applications built on the .NET Framework and portable applications often use XML-format configuration files rather than the Registry.[19]
- The PowerShell Registry provider exposes two registry paths: HKLM for HKEY_LOCAL_MACHINE and HKCU for HKEY_CURRENT_USER.[20]
- The Get-PSDrive cmdlet gets the drives available in the current session, including logical mapped network drives and drives exposed by Windows PowerShell providers.[21]
- The New-Item cmdlet creates a new item and sets its value.[22]
- The New-ItemProperty cmdlet creates a new property for an item and sets its value.[23]
- The Get-Item cmdlet gets the item at the specified location.[24]
- The Get-ItemProperty cmdlet gets the properties of a specified item.[25]
- The Set-ItemProperty cmdlet changes the value of the property of the specified item.[26]
- The Remove-Item cmdlet deletes one or more items.[27]
- The Remove-ItemProperty cmdlet deletes a property and its value from an item.[28]
Key Terms
- hive
- A logical group of keys, subkeys, and values in the Registry that has a set of supporting files containing backups of its data.[29]
Review Questions
Assessments
- Flashcards: Quizlet: Windows PowerShell - Registry
- Quiz: Quizlet: Windows PowerShell - Registry
See Also
References
- ↑ Microsoft TechNet:Get-PSDrive
- ↑ Microsoft TechNet: New-Item
- ↑ Microsoft TechNet: New-ItemProperty
- ↑ Microsoft TechNet: Get-Item
- ↑ Microsoft TechNet: Get-ItemProperty
- ↑ Microsoft TechNet: Set-ItemProperty
- ↑ Microsoft TechNet: Remove-Item
- ↑ Microsoft TechNet: Remove-ItemProperty
- ↑ Wikipedia: Windows Registry
- ↑ Wikipedia: Windows Registry
- ↑ Wikipedia: Windows Registry
- ↑ Wikipedia: Windows Registry
- ↑ Wikipedia: Windows Registry
- ↑ Wikipedia: Windows Registry
- ↑ Wikipedia: Windows Registry
- ↑ Wikipedia: Windows Registry
- ↑ Wikipedia: INI file
- ↑ Wikipedia: INI file
- ↑ Wikipedia: INI file
- ↑ Microsoft TechNet: Using the Get-PSDrive Cmdlet
- ↑ http://technet.microsoft.com/en-us/library/hh849796.aspx Microsoft TechNet:Get-PSDrive]
- ↑ Microsoft TechNet: New-Item
- ↑ Microsoft TechNet: New-ItemProperty
- ↑ Microsoft TechNet: Get-Item
- ↑ Microsoft TechNet: Get-ItemProperty
- ↑ Microsoft TechNet: Set-ItemProperty
- ↑ Microsoft TechNet: Remove-Item
- ↑ Microsoft TechNet: Remove-ItemProperty
- ↑ Microsoft MSDN: Registry Hives