Windows Registry with PowerShell: Reading, Writing and Deleting Keys

by | PowerShell Basics

PowerShell Basics - Registry - Creating Reading and Deleting by Michael Simmons

The Windows Registry is a hierarchical database that stores configuration settings and options for the Windows operating system, applications, and hardware devices. In this article, we will explore how to manage the Windows Registry using PowerShell, including reading, writing, and deleting registry keys and values.

The Absolutely Necessary Warning Section on Messing with Your Registry

Modifying the registry carries certain risks, as incorrect changes can lead to system instability or application malfunctions. You can seriously screw up your OS, or – with PowerShell and remote management – all of the servers that you’re trying to fix!

To HELP REDUCE THESE RISKS – consider the following:

  • Perform registry exports and backups before making changes. You can use the reg export command in the Command Prompt or PowerShell to export registry keys to a .reg file. Alternatively, you can use the Export-Clixml cmdlet to save registry key information to an XML file, which is available in cross-platform PowerShell 7:

I think for a registry export I would probably just use the dos command. The PowerShell isn’t doing anything very special here, no extra functionality and I would just keep it simple. Still, there could be a good use case for doing it all in PowerShell with the import/export functionality.

Here’s the PowerShell code to export the reg keys into an XML format.

$key = Get-Item -Path "HKLM:\SOFTWARE\ExampleKey"
$key | Export-Clixml -Path "ExampleKeyBackup.xml"

To import the saved information, you can use the Import-Clixml cmdlet:

$importedKey = Import-Clixml -Path "ExampleKeyBackup.xml

# Recreate the registry key
New-Item -Path $importedKey.PSPath -Force

# Recreate the registry values
foreach ($property in $importedKey.Property) {
    $value = $importedKey.GetValue($property)
    Set-ItemProperty -Path $importedKey.PSPath -Name $property -Value $value
}

This script imports the XML content into a PowerShell object, recreates the registry key using the New-Item cmdlet, and then iterates through the properties to recreate the registry values using the Set-ItemProperty cmdlet. You can see that the PowerShell version of this import starts to get more complicated, where importing the registry backup that was created with the reg export command is more strait-forward:

If you have exported the registry key using the reg export command, you will get a .reg file. Importing a .reg file is different from importing an XML file. To import a .reg file, you can use the reg import command in the Command Prompt or PowerShell:

  1. Open an elevated Command Prompt or PowerShell (Run as Administrator).
  2. Import the .reg file with the reg import command.
reg import "Path\to\your\ExampleKeyBackup.reg"

This command will merge the contents of the .reg file into the registry.

Keep in mind that using the reg import command can overwrite existing registry keys and values. Always make sure to backup the current state of your registry before importing a .reg file to avoid potential issues.

  • Use the -WhatIf parameter on PowerShell cmdlets to preview changes before executing them. This parameter simulates the cmdlet’s actions without making any actual changes, allowing you to review the potential impact before proceeding. It’s not always perfect, but it’s there and can definitely help to guide you or warn you off making a change that you didn’t intend.

Ok, now if I haven’t scared you off of the whole idea, let’s get to the good parts!

Accessing the Windows Registry with PowerShell

PowerShell includes a Registry Provider (read all about Powershell providers if you are wondering), which allows you to access and manage the registry just like a file system. The provider exposes registry hives as drives:

  • HKLM: HKEY_LOCAL_MACHINE
  • HKCU: HKEY_CURRENT_USER
  • HKCR: HKEY_CLASSES_ROOT
  • HKU: HKEY_USERS
  • HKCC: HKEY_CURRENT_CONFIG

To access registry keys, you can use the registry drive notation. For example, to access the HKEY_LOCAL_MACHINE hive, you can use the following command:

cd HKLM:

Reading Registry Keys and Values

To read registry keys and values, you can use the Get-Item and Get-ItemProperty cmdlets. The following example retrieves a registry key and its values:

powershell
$key = Get-Item -Path "HKLM:\SOFTWARE\ExampleKey"
$values = Get-ItemProperty -Path $key.PSPath

Creating and Modifying Registry Keys and Values

To create or modify registry keys and values, you can use the New-Item, Set-Item, and Set-ItemProperty cmdlets. The following example creates a new registry key and sets a value:

$key = New-Item -Path "HKLM:\SOFTWARE\ExampleKey"
Set-ItemProperty -Path $key.PSPath -Name "ExampleValue" -Value "Sample Data"

Deleting Registry Keys and Values

To delete registry keys and values, you can use the Remove-Item and Remove-ItemProperty cmdlets. The following example deletes a registry value and then the key:

Remove-ItemProperty -Path "HKLM:\SOFTWARE\ExampleKey" -Name "ExampleValue"
Remove-Item -Path "HKLM:\SOFTWARE\ExampleKey"

Best Practices and Precautions

  • Always back up the registry before making changes to reduce the risk of unintended consequences.
  • Run PowerShell with administrative privileges when modifying the registry to ensure you have the necessary permissions.
  • Test registry changes on non-production systems first to confirm their effects and avoid unexpected issues on critical systems.

Conclusion

PowerShell provides a powerful and flexible way to manage the Windows Registry, making it an essential tool for system administrators. By understanding the cmdlets and best practices covered in this article, you can confidently read, write, and delete registry keys and values while minimizing potential risks. As you continue to develop your PowerShell skills, explore further registry management tasks and incorporate them into your daily workflow.