Starting from its first version, PowerShell offers an administrator an extensive set of tools to interact with Windows system registry. If necessary, all typical operations with the registry can be performed not in the good old Regedit interface, or reg.exe, but in PowerShell command prompt. In different scripts and scenarios it is indispensable. In this article, we’ll consider how to create, edit or delete keys and parameters of Windows registry, search something or connect to the registry on a remote computer using PowerShell.
First, join the Insider program and select Release Preview ring, which should be your only option. Reboot, then open your Registry Editor. Exit the registry editor, reboot and you should find yourself in the Dev ring, and be ready to receive the first Insider builds of Windows 11 early next week. Let us know how you get on in the comments below.
Once you know each method to check for a pending reboot, there are many different ways to check registry values. You could open up regedit.exe and manually mouse through each registry key. Checking regedit manually. Manually checking via the registry works but we’re human. Open the Windows Registry Editor (enter regedit via Start) Click HKEYLOCALMACHINE so it's selected. Click File Load Hive and navigate to the SOFTWARE file in Windows System32 Config on your.
Registry Navigation Using PowerShell
Working with the registry in PowerShell is similar to working with common files on a local disk.
Display the list of available drives:
get-psdrive
As you can see, the built-in provider allows to get access to the contents of two branches of the registry: HKEY_CURRENT_USER (HKCU) and HKEY_LOCAL_MACHINE (HKLM). The branches of the registry are addressed like drives (HKLM: and HKCU:). For example, to go to the root of HKLM, run this command:
cd HKLM:
You can go to the specific branch of the registry (for example, to the one responsible for the settings of automatic driver updates) using Set-Location command (alias — sl)
Set-Location -Path HKLM:SOFTWAREMicrosoftWindowsCurrentVersionDriverSearching
Display the contents of the key:
dir
Or
Get-ChildItem
Open the same branch in the Registry Editor. As you can see, the command has displayed only the information about the subkeys, not the parameters of the current branch.
The matter is that, from PowerShell point of view, a registry branch (a key) is a file analog, and the parameters stored in this registry key are the properties of this file.
So, to get the parameters of this branch, use Get-Item cmdlet:
Get-Item .
OrGet-Item -Path HKLM:SOFTWAREMicrosoftWindowsCurrentVersionDriverSearching
As you can see, DriverSearching key has only one parameter – SearchOrderConfig with its value equal to 0.
To address the specific key parameter, Get-ItemProperty cmdlet is used. For example, assign the contents of the branch to variable and get the value of the parameter:
$DriverUpdate = Get-ItemProperty –Path ‘HKLM:SOFTWAREMicrosoftWindowsCurrentVersionDriverSearching’
$DriverUpdate.SearchOrderConfig
We have got that the value of SearchOrderConfig parameter is equal to 1.
How to Change the Registry Value
To change the value of SearchOrderConfig parameter, use Set-ItemProperty cmdlet:
Set-ItemProperty -Path 'HKLM:SOFTWAREMicrosoftWindowsCurrentVersionDriverSearching' -Name SearchOrderConfig -Value 0
How to Create a New Register Key or Parameter
To add a new registry key, use New-Item command. Create a new key with the name NewKey:
$HKCU_Desktop= 'HKCU:Control PanelDesktop'
New-Item –Path $HKCU_Desktop –Name NewKey
Add a new string parameter with the name SuperParamString and the value file_name.txt for the created key:
New-ItemProperty -Path $HKCU_DesktopNewKey -Name 'SuperParamString' -Value ”file_name.txt” -PropertyType 'String'
Make sure that the new key and parameter have appeared in the registry.
Deleting a Registry Key or Parameter
Remove the parameter SuperParamString created earlier:
$HKCU_Desktop= 'HKCU:Control PanelDesktop'
Remove-ItemProperty –Path $HKCU_DesktopNewKey –Name 'SuperParamString'
Then delete the entire branch:
Remove-Item –Path $HKCU_DesktopNewKey –Recurse
To remove all items in the branch, but not the branch itself, the command looks like this:
Remove-Item –Path $HKCU_DesktopNewKey* –Recurse
How to Rename a Key or a Parameter
To rename the parameter use this command:
Rename-ItemProperty –path ‘HKCU:Control PanelDesktopNewKey’ –name 'SuperParamString' –newname “OldParamString”
In the same way, you can rename the registry key:
Rename-Item -path 'HKCU:Control PanelDesktopNewKey' OldKey
Search the Registry Using PowerShell
Get Windows Registry Value
PowerShell allows you to search registry. The next script searches the HKCU:Control PanelDesktop the parameters, whose names contain the *dpi* key.
$Path = (Get-ItemProperty ‘HKCU:Control PanelDesktop’)
$Path.PSObject.Properties | ForEach-Object {
If($_.Name -like '*dpi*'){
Write-Host $_.Name ' = ' $_.Value
}
}
Remote Access to the Registry Using PowerShell
PowerShell allows you to access the registry from of a remote computer. You can connect to a remote computer either using WinRM (Invoke-Command or Enter-PSSession):
Get Windows 10 Key From Registry
Invoke-Command –ComputerName srv-fs1 –ScriptBlock { Get-ItemProperty -Path 'HKLM:SystemSetup' -Name WorkingDirectory}
Or using remote registry connection (RemoteRegistry must be enabled)
$Server = 'lon-fs1'
$Reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $Server)
$RegKey= $Reg.OpenSubKey('SystemSetup')
$RegValue = $RegKey.GetValue('WorkingDirectory')
So, we looked at typical examples of using PowerShell to interract with the Windows registry.
