Create and Delete Registry Keys via PowerShell in Windows

Posted on Matthew By Matthew No Comments on Create and Delete Registry Keys via PowerShell in Windows
Featured-image-9

The Registry Editor (regedit.exe) and the reg.exe command-line utility aren’t the only tools in Windows for accessing and managing the registry. PowerShell offers a lot of tools for administrators to interact with the registry. In this article, you will learn “Get and Edit Registry Keys: How to Create and Delete Registry Keys via PowerShell in Windows”. Here are other related guides: How to apply Windows Updates with PowerShell, and how to automate Windows Update with PowerShell and Task Scheduler.  

Note: You can use PowerShell to create, edit, or remove a registry key/parameters, search for the value, and connect to a remote computer’s registry.

Manage Windows Registry Keys with PowerShell

Managing registry keys using PowerShell is simple, but keep in mind that even minor changes might leave your operating system useless.

As a result, before making any changes to the registry, you should be quite certain of what you are doing, have current backups of your system and data, and keep track of all changes you make. If you’re a Linux user see: How to setup PowerShell on a Linux server.

Managing Windows Registry with PowerShell

To get the values of all the registry keys on a local machine, we first have to find the path to the registry. To get a list of all the local drives in the current session. Use the Get-PSDrive cmdlet:

Get-PSDrive
image1-6
Using Get-PSDrive cmdlet

Using the Get-PSDrive cmdlet, we can see that there are two entries for the registry: HKEY_CURRENT_USER (HKCU) and HKEY_LOCAL_MACHINE (HKLM). To navigate to the local machine or current user registry root key run the following command: 

cd HKLM:\ or cd HKCU:\

Useful Cmdlet for Windows Registry Keys Management

1: Store the current working location by using the Push-Location cmdlet.
2: Change the current working location to the appropriate registry drive by using the Set-Location cmdlet: 

set-location -path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\
image2-6
Using  Set-Location cmdlet

3: Use the Get-ChildItem cmdlet to output all the registry keys in the current hive with their properties.

4: To get the parameters for a specific key (such as the Run key), use Get-Item cmdlet, specifying the path:

Get-Item -path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
image3-6
Using Get-Item cmdlet

5: Use the Test-Path cmdlet to determine if the registry key already exists.
6: Use the New-Item cmdlet to create the new registry key.
7: Use the Pop-Location cmdlet to return to the starting working location.

Registry parameters should be considered as properties of the registry key (similar to file/folder properties). The xxx-ItemProperty cmdlets are used to manage registry parameters:

  • Get-ItemProperty – get the value of a registry parameter
  • Set-ItemProperty – change the value of a registry parameter
  • New-ItemProperty – create registry parameter
  • Rename-ItemProperty – rename parameter
  • Remove-ItemProperty — remove registry parameter

You can use one of two commands to browse to a specific registry key (for example, the one responsible for automatic driver update settings):

cd HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DriverSearching
or
Set-Location -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DriverSearching

Please see How to fix Windows Update Error Code 0xC1900101 – 0x30018 on Windows 10/11, How to Back Up and Restore the Windows Registry, How to display Windows system information via the Windows registry, and How to Solve “The parameter is incorrect” problem on External Hard Disk in Windows.

Searching in the Registry with PowerShell

To find particular keys in the registry, use a script like the following, which searches the registry for keys that contain “OneDrive” in their name:

get-childitem -path hkcu:\ -recurse -ErrorAction SilentlyContinue | Where-Object {$_.Name -like "*OneDrive*"}
image4-5
Searching for key in registry

Please see how to search through the Windows registry, and Group Managed Service Accounts: How to create a KDS root key using PowerShell.

Editing Windows Registry with PowerShell

If we want to change one of the parameters for a registry key, we need to use the Set-ItemProperty cmdlet. For example, we could use the following command to set a new string value for the “VMware User Process” parameter of the “Run” key:

Set-Itemproperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'VMware User Process' -value 'C:\Program Files\VMware\VMware Tools\vmtoolsd.exe'
image6-5
Editing Registry

Below is the edited registry key in the registry editor:

image5-6
Registry editor

How to Create and Delete Registry Keys via PowerShell in Windows

In this session below, we shall discuss how to create and delete Registry Keys via PowerShell. Please see how to set up PowerShell on Linux: How to setup PowerShell on a Linux server.

Creating Registry Key with PowerShell in Windows

Creating a new registry key by using Windows PowerShell is the same as creating a new file or a new folder. To create a new registry key, use the New-Item command.

Let’s create a new key with the name TestKey in HKEY_CURRENT_USERS software registry hive:

New-Item –Path "HKCU:\Software" –Name TestKey
image7-5
Created TestKey in Registry

And now let’s create a parameter called “TestParam” for our new key and set its value to the string “TestKeyValue”:

New-ItemProperty -Path "HKCU:\Software\TestKey" -Name "TestParam" -Value ”TestKeyValue”  -PropertyType "String"
image8-4
Setting Key parameter and value

Let’s have a look at it in the registry:

image9-1
Viewing set parameter and value in registry editor

You can use the following data types for registry parameters:

  • String (REG_SZ)
  • ExpandString (REG_EXPAND_SZ)
  • MultiString (REG_MULTI_SZ)
  • Binary (REG_BINARY)
  • DWord (REG_DWORD)
  • Qword (REG_QWORD)
  • Unknown (unsupported registry data type)

If you need to check if a specific registry key exists, use the Test-Path cmdlet:

Test-Path 'HKCU:\software\TestKey'

Using the Copy-Item cmdlet, you can copy entries from one registry key to another:

$source='HKLM:\SOFTWARE\7-zip\'
$dest = 'HKLM:\SOFTWARE\backup'
Copy-Item -Path $source -Destination $dest -Recurse


If you want to copy everything, including subkeys, add the –Recurse switch.

Renaming a Registry Key or Parameter with PowerShell

To rename a registry key, use the Rename-Item cmdlet:

Rename-Item -Path "HKCU:\software\TestKey"  NewTestKey
image12-1
TestKey renamed to NewTestKey

To rename a parameter of a registry key, use the Rename –ItemProperty cmdlet:

Rename-ItemProperty -Path "HKCU:\software\NewTestKey" -Name "TestParam" -NewName "NewTestParam"
image13
Renaming registry keys and value in PowerShell

Let’s have a look at it in the registry:

image14
NewTestKey value renamed to NewTestParam

Delete the Windows Registry Key or Parameter with PowerShell

The Remove-ItemProperty command is used to remove a parameter in the registry key. Let’s remove the parameter TestKey created earlier:

Remove-ItemProperty -Path "HKCU:\software\NewTestKey" -Name "TestParam"

You can delete the entire registry key with all its contents:

Remove-Item –Path "HKCU:\software\NewTestKey" –Recurse
image11-1
TestKey deleted from registry

The –Recurse parameter authorizes PowerShell to delete all the subkeys without additional confirmation.

If you want to delete all subkeys inside the specified key without deleting the key itself, you should add the “*” symbol at the end of the path:

Remove-Item -Path "HKCU:\software\TestKey\*" -Recurse

Getting a Registry Value from a Remote Computer via PowerShell

PowerShell allows you to access a remote computer’s registry. You can connect to a remote computer using WinRM (Invoke-Command cmdlet).

To get the value of a registry parameter from a remote computer, run the following command.

Invoke-Command –ComputerName dc1 –ScriptBlock {Get-ItemProperty -Path 'HKCU:\Software\System' -Name WorkingDirectory}

Or using a remote registry connection (the Remote Registry service must be enabled)

$Server = "lon-fs1"
$Reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $Server)
$RegKey= $Reg.OpenSubKey("System\Setup")
$RegValue = $RegKey.GetValue("WorkingDirectory")

Editing the Registry Remotely with PowerShell

To edit a registry remotely, we first need to connect to it using Enter-PSSession cmdlet:

Enter-PSSession pdc -Credential Enterprise\Matthew
image10-1
Connecting to a remote computer

The system will prompt you for the password for the user account you specified. After authentication, you will be able to use PowerShell commands on the remote computer.

You now understand Microsoft Windows PowerShell’s essential registry management capabilities “Get and Edit Registry Keys: How to Create and Delete Registry Keys via PowerShell in Windows”. If you have any questions concerning this process, please leave them in the comments section below.

5/5 - (1 vote)
Scripts, Windows Tags:, , , , , , , ,

Related Posts

More Related Articles

OOBEZDP OOBEZDP: Something went wrong during the Windows deployment Windows
Featured image This network connection does not exist How to fix this network connection does not exist Windows
Azure App Service How to Restore Deleted Azure App Service Using PowerShell Automation
Assigned Access Single App Kiosk Mode: Assigned Access using Local Settings Windows
Featured Image Restore Point Creation in Windows 10 and Windows 11 Windows
Disable Open File Security Warnings on Windows How to Disable Open File Security Warnings on Windows Security | Vulnerability Scans and Assessment

Leave a Reply