The Registry Editor (regedit.exe) and the reg.exe command-line utility aren’t the only tools in Windows for accessing and managing the registry. PowerShell offers a lot of tools for administrators to interact with the registry. You can use PowerShell to create, edit, or remove a registry key/parameters, search for the value, and connect to a remote computer’s registry. Managing registry keys using PowerShell is simple, but keep in mind that even minor changes might leave your operating system useless. As a result, before making any changes to the registry, you should be quite certain of what you are doing, have current backups of your system and data, and keep track of all changes you make. If you’re a Linux user see: How to setup PowerShell on a Linux server.
Here are other related guides: How to apply Windows Updates with PowerShell, How to automate Windows Update with PowerShell and Task Scheduler, to setup PowerShell on Linux: How to setup PowerShell on a Linux server, and for Active Directory management see: How to create Bulk Users in Active Directory using PowerShell.
In this article, we’ll see how to get, edit, create and delete registry keys with PowerShell, perform a search, and use PowerShell to connect to the registry from a remote computer.
Navigate the Windows Registry with PowerShell
To get the values of all the registry keys on a local machine, we first have to find the path to the registry. To get a list of all the local drives, use the Get-PSDrive cmdlet:
Get-PSDrive
Using the Get-PSDrive cmdlet, we can see that there are two entries for the registry: HKEY_CURRENT_USER (HKCU) and HKEY_LOCAL_MACHINE (HKLM). To navigate to the local machine or current user registry root key run the following command:
cd HKLM:\ or cd HKCU:\Useful Cmdlet for registry keys management:
- Store the current working location by using the Push-Location cmdlet.
- Change the current working location to the appropriate registry drive by using the Set-Location cmdlet:
set-location -path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\
- Use the Get-ChildItem cmdlet to output all the registry keys in the current hive with their properties.
- To get the parameters for a specific key (such as the Run key), use Get-Item cmdlet, specifying the path:
Get-Item -path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- Use the Test-Path cmdlet to determine if the registry key already exists.
- Use the New-Item cmdlet to create the new registry key.
- Use the Pop-Location cmdlet to return to the starting working location.
Registry parameters should be considered as properties of the registry key (similar to file/folder properties). The xxx-ItemProperty cmdlets are used to manage registry parameters:
- Get-ItemProperty – get the value of a registry parameter
- Set-ItemProperty – change the value of a registry parameter
- New-ItemProperty – create registry parameter
- Rename-ItemProperty – rename parameter
- Remove-ItemProperty — remove registry parameter
You can use one of two commands to browse to a specific registry key (for example, the one responsible for automatic driver update settings):
cd HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DriverSearching
or
Set-Location -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DriverSearchingSearching in the Registry with PowerShell
To find particular keys in the registry, use a script like the following, which searches the registry for keys that contain “OneDrive” in their name:
get-childitem -path hkcu:\ -recurse -ErrorAction SilentlyContinue | Where-Object {$_.Name -like "*OneDrive*"}
Editing the Registry with PowerShell
If we want to change one of the parameters for a registry key, we need to use the Set-ItemProperty cmdlet. For example, we could use the following command to set a new string value for the “VMware User Process” parameter of the “Run” key:
Set-Itemproperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'VMware User Process' -value 'C:\Program Files\VMware\VMware Tools\vmtoolsd.exe'
Below is the edited registry key in the registry editor:
Creating a Registry Key with PowerShell
Creating a new registry key by using Windows PowerShell is the same as creating a new file or a new folder. To create a new registry key, use the New-Item command. Let’s create a new key with the name TestKey in HKEY_CURRENT_USERS software registry hive:
New-Item –Path "HKCU:\Software" –Name TestKey
And now let’s create a parameter called “TestParam” for our new key and set its value to the string “TestKeyValue”:
New-ItemProperty -Path "HKCU:\Software\TestKey" -Name "TestParam" -Value ”TestKeyValue” -PropertyType "String"
Let’s have a look at it in the registry:
You can use the following data types for registry parameters:
- String (REG_SZ)
- ExpandString (REG_EXPAND_SZ)
- MultiString (REG_MULTI_SZ)
- Binary (REG_BINARY)
- DWord (REG_DWORD)
- Qword (REG_QWORD)
- Unknown (unsupported registry data type)
If you need to check if a specific registry key exists, use the Test-Path cmdlet:
Test-Path 'HKCU:\software\TestKey'Using the Copy-Item cmdlet, you can copy entries from one registry key to another:
$source='HKLM:\SOFTWARE\7-zip\'
$dest = 'HKLM:\SOFTWARE\backup'
Copy-Item -Path $source -Destination $dest -Recurse
If you want to copy everything, including subkeys, add the –Recurse switch.
Renaming a Registry Key or Parameter with PowerShell
To rename a registry key, use the Rename-Item cmdlet:
Rename-Item -Path "HKCU:\software\TestKey" NewTestKey
To rename a parameter of a registry key, use the Rename –ItemProperty cmdlet:
Rename-ItemProperty -Path "HKCU:\software\NewTestKey" -Name "TestParam" -NewName "NewTestParam"
Let’s have a look at it in the registry:
Deleting a Registry Key or Parameter
The Remove-ItemProperty command is used to remove a parameter in the registry key. Let’s remove the parameter TestKey created earlier:
Remove-ItemProperty -Path "HKCU:\software\NewTestKey" -Name "TestParam"You can delete the entire registry key with all its contents:
Remove-Item –Path "HKCU:\software\NewTestKey" –Recurse
The –Recurse parameter authorizes PowerShell to delete all the subkeys without additional confirmation. If you want to delete all subkeys inside the specified key without deleting the key itself, you should add the “*” symbol at the end of the path:
Remove-Item -Path "HKCU:\software\TestKey\*" -RecurseGetting a Registry Value from a Remote Computer via PowerShell
PowerShell allows you to access a remote computer’s registry. You can connect to a remote computer using WinRM (Invoke-Command cmdlet). To get the value of a registry parameter from a remote computer, run the following command.
Invoke-Command –ComputerName dc1 –ScriptBlock {Get-ItemProperty -Path 'HKCU:\Software\System' -Name WorkingDirectory}Or using a remote registry connection (the Remote Registry service must be enabled)
$Server = "lon-fs1"
$Reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $Server)
$RegKey= $Reg.OpenSubKey("System\Setup")
$RegValue = $RegKey.GetValue("WorkingDirectory")Editing the Registry Remotely with PowerShell
To edit a registry remotely, we first need to connect to it using Enter-PSSession cmdlet:
Enter-PSSession pdc -Credential Enterprise\Matthew
The system will prompt you for the password for the user account you specified. After authentication, you will be able to use PowerShell commands on the remote computer.
Conclusion
You now understand Microsoft Windows PowerShell’s essential registry management capabilities. If you have any questions concerning this process, please leave them in the comments section below.