Accessing the Registry with PowerShell
Accessing the Registry with PowerShell
There is a knack to accessing values in the registry with PowerShell. In the beginning navigation is deceptively difficult, but once you master the techniques it becomes reassuringly easy.
Topics for PowerShell and Registry
- The Beginner's Conundrum
- Easy Ways of Accessing the Registry with PowerShell
- ItemProperty - An Important PowerShell Noun for the Registry
- Changing CachedLogonsCount
♣
The Beginner's Conundrum
As a beginner people tell you that accessing the registry is as easy as accessing the file system. PowerShell does the work courtesy of a PSDrive provider, which opens the door to the registry. Thus you can type:
CD HKLM:\ (Just as easy as when you type: cd C:\)
I reminder that HKLM is an abbreviation of HKEY_LOCAL_MACHINE, which is well-known to PowerShell. There is also the users section of the registry at HKCU.
To go back one step, you can see the connection between the registry and the file system by typing plain: Get-PSDrive
Easy Ways of Accessing the Registry with PowerShell
a) Using familiar aliases
cd HKLM:\
Dir
b) Get the same result as above, but using native PowerShell commands
Set-Location HKLM:\
get-Childitem
Learning Points
Note 1: You need the colon, thus HKLM: (and not plain HKLM)
Note 2: The backslash makes sure that you connect to the root of the registry.
Note 3: Don't worry about the error message PermissionDenied to the SECURITY hive, that's normal.
So far .... So good
Superficially, the simple commands shown above work as expected. The problems start when you try to view values in the registry, and they get worse if you try and change Reg_SZ or DWORD setting. This is where analogies with the file-system break down, and we need to learn new techniques.
Scenario: you want to check or enumerate the name of the logged on user.
$RegKey ="Software\Microsoft\Windows NT\CurrentVersion\Winlogon"
Cd hklm:\$RegKey
get-ItemProperty -path. -name DefaultUserName
Note 1: To omit the dot (period) after -path is fatal. -path. is correct.
Note 2: Here is an alternative shorter version
$RegKey = "HKLM:\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon"
get-ItemProperty -path $RegKey
-name DefaultUserName
ItemProperty - An Important PowerShell Noun for the Registry
We have already had a lucky break, because we've been tipped off there is PowerShell cmdlet called get-ItemProperty. Now we can exploit this knowledge by checking for similar nouns to ItemProperty.
get-Command -noun ItemProperty
Expected Results
Clear-ItemProperty
Copy-ItemProperty
Get-ItemProperty
Move-ItemProperty
New-ItemProperty
Remove-ItemProperty
Rename-ItemProperty
Set-ItemProperty
Eureka! Let us investigate Set-ItemProperty and see if it has any parameters to change settings in the registry.
get-Help Set-ItemProperty -full
Note 1: Do you see a parameter called -Value? Now we have the skill to change values in a named registry key.
Changing CachedLogonsCount
I have just chosen CachedLogonsCount almost at random, my greatest joy is when you modify this REG_SZ to a registry entry that you are interested in.
Scenario - Let us increase Cached Logons to 50.
(It does
not make sense to change the DefaultUserName.)
If you haven't backed up at least the Winlogon portion of the
registry, please take this action before continuing:
Launch Regedit, File
Menu, Export..., Click the radio button next to: Selected Branch, give
the file a name.
$RegKey ="HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon"
set-ItemProperty -path $RegKey -name cachedlogonscount
-value 50
Learning Points
Note 1: The crucial point is that we are using the verb 'Set' not 'Get'. Set-ItemProperty has the useful parameter -value.
Note 2: On reflection, you can see how PowerShell mimics the registry's sections of: Key, Value, Data. However, slightly confusingly, Registry's Value = PowerShell -name. Furthermore, Registry's Data = PowerShell's -value.
Guy Recommends: SolarWinds LANSurveyor
LANSurveyor will produce a neat diagram of your network topology. But that's just the start; LANSurveyor can create an inventory of the hardware and software of your machines and network devices. Other neat features include dynamic update for when you add new devices to your network. I also love the ability to export the diagrams to Microsoft Visio.
Finally, Guy bets that if you take a free trial of LANSurveyor then you will find a device on your network that you had forgotten about, or someone else installed without you realizing!
Download a Free Trial of LANSurveyor
Summary of PowerShell and Registry
The union between PowerShell and the Registry is a marriage made in heaven. If you are a minor expert on Regedit then PowerShell scripting is a wonderful alternative way of making changes. From a learning point of view, go slowly at first. Tune-in to the PowerShell method for navigating the registry keys, and go slowly through the syntax for enumerating the values. Once you learn about set-ItemProperty then you can script changes to your favorite registry hacks.
See more Microsoft PowerShell tutorials:
• PowerShell Home • Out-GridView • Out-File • Files • Registry • Get-Credential
Please write in if you see errors of any kind. Please report any factual mistakes, grammatical errors or broken links, I will be happy to not only to correct the fault, but also to give you credit.
Download my ebook:
|
*
|
|
|
|
Home Copyright © 1999-2009 Computer Performance LTD All rights reserved Please report a broken link, or an error. | |
