Monday, June 1, 2009

Working with Registry in Powershell

Microsoft has made registry accessing very simple using powershell. You can access the system registry just like any other drive in powershell.

For example, you can easily list all the registry entries in HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run registry key with Get-ItemProperty cmdlet


PS C:\> cd HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
PS HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run> Get-ItemProperty .

RTHDCPL : RTHDCPL.EXE
Alcmtr : ALCMTR.EXE
IgfxTray : C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds : C:\WINDOWS\system32\hkcmd.exe
Persistence : C:\WINDOWS\system32\igfxpers.exe

PS HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run>

You can add a new entry to registry key using New-ItemProperty cmdlet

I have just added a entry to HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run to autostart notepad.exe on the windows boot-up


PS C:\> New-ItemProperty -path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -name "Notepad" -value "C:\WINDOWS\NOTEPAD.EXE" -type string

Notepad
-------
C:\WINDOWS\NOTEPAD.EXE

PS C:\> Get-ItemProperty -path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

RTHDCPL : RTHDCPL.EXE
Alcmtr : ALCMTR.EXE
IgfxTray : C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds : C:\WINDOWS\system32\hkcmd.exe
Persistence : C:\WINDOWS\system32\igfxpers.exe
Notepad : C:\WINDOWS\NOTEPAD.EXE

As you might have noticed in the above code window, i have used PropertyType as 'String'. Below is the list of PropertyType Values available for Registry Entries

PropertyType ValueMeaning
BinaryBinary data
DWordA number that is a valid UInt32
ExpandStringA string that can contain environment variables that are dynamically expanded
MultiStringA multiline string
StringAny string value
QWord8 bytes of binary data

A registry entry can be removed from a registry key with the help of Remove-ItemProperty cmdlet


PS C:\> Remove-ItemProperty -path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -name "Notepad"
PS C:\> Get-ItemProperty -path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

RTHDCPL : RTHDCPL.EXE
Alcmtr : ALCMTR.EXE
IgfxTray : C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds : C:\WINDOWS\system32\hkcmd.exe
Persistence : C:\WINDOWS\system32\igfxpers.exe

1 comment:

  1. As you mentioned above that powershell has simplified many things like registry accessing just like any other drive in powershell. and we can easily add a new entry to registry key using New-ItemProperty command.It really sounds good

    ReplyDelete