Working with Windows Registry and PowerShell

Working with Windows Registry and PowerShell

Most people that does system administration in a Windows environment have had to work with the Windows Registry. This registry serves as a database of settings, used with everything from applications to drivers. The usual way of working with the Windows Registry is through regedit or Group Policy Objects but what if you have a server core that is not domain joined?

As per usual, PowerShell to the rescue!

How does it work

One magical thing about PowerShell is the concept of PowerShell Drives (PSDrives) which works with a PowerShell Provider to make it easy to use data stores in PowerShell. One example is your C-drive, which is available as a PSDrive through the FileSystem provider. There are several other providers that are mapped through PSDrives, like WSMan, Alias, Certificate and more importantly for this article the Registry-provider.

By using the drives HKLM: and HKCU: you can browse the registry, as if it was folders on your computer. Combined with the fact that a registry key is an item, you could then either add a new registry keys or add / change registry entries by changing the properties on said keys.

Example

# List registry items
Get-ChildItem HKCU:
# List registry items, selecting just the name of the item
Get-ChildItem HKCU: | Select-Object Name
# List registry items, recursively 
Get-ChildItem HKCU: -Recurse

Creating new items and changing their property

# Create the item
New-Item HKCU:\Environment\Test
# Create a DWORD, set it to 1
Set-ItemProperty -Path HKCU:\Environment\test\ -Name "dword" -Value "1" -Type DWord
# List all values 
Get-ItemProperty -Path HKCU:\Environment\test\

You can see a lot more examples at the Microsoft documentations.

Leave a Comment