Prof. Powershell
Riding the Registry, Part 2
Mini-series on PowerShell tricks for working with registry starts now.
- By Jeffery Hicks
- 09/08/2009
Last time I reviewed how to use the registry PSDrive to navigate your local registry. As you poked around, I'm sure you realized some limitations, such as getting registry values. They aren't presented like files. Instead, think of them as items:
PS HKLM:\software\microsoft\windows\currentversion> get-item .
Hive: Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\
software\microsoft\windows
SKC VC Name Property
--- -- ---- --------
57 13 currentversion {DevicePath, MediaPathUnexpanded, SM_GamesName,
SM_ConfigureProgramsName...}
I use the Get-Item cmdlet specifying the current directory, the period, for the item path. The SKC number represents SubKey Count and VC represents ValueCount. These values are the Properties. How do we get the registry values from this key? Use Get-ItemProperty:
PS HKLM:\software\microsoft\windows\currentversion> get-itemproperty . | foreach {$_.PSBase.properties} | select name,value
Name Value
---- -----
DevicePath C:\WINDOWS\inf
MediaPathUnexpanded C:\WINDOWS\Media
SM_GamesName Games
SM_ConfigureProgramsName Set Program Access and Defaults
ProgramFilesDir C:\Program Files
CommonFilesDir C:\Program Files\Common Files
ProductId 55555-123-1614466-11111
ProgramFilesPath C:\Program Files
SM_AccessoriesName Accessories
PF_AccessoriesName Accessories
WallPaperDir C:\WINDOWS\Web\Wallpaper
MediaPath C:\WINDOWS\Media
SM_ConfigureProgramsExisted 1
Not very elegant, I agree, but it works. But what about the sub-keys and their values? That takes a little combination of ForEach and Get-ItemProperty. For example, suppose I want to enumerate all the applications under the Uninstall key and get the app's displayname, publisher and uninstall string. Of course, not every entry will have these values but I'm okay with that:
PS HKLM:\software\microsoft\windows\currentversion\uninstall> dir | foreach {get-itemproperty $_.pspath | Select PSChildName,Displayname,Publisher,UninstallString} | export-csv c:\uninstalldata.csv -notypeinformation
The PSChildName property will be the name of the registry key which is helpful, since some keys won't have all the values I'm after. But now I have an easy to use CSV file with valuable information. I'm sure you can think of other ways to use this sort of information.
When you need to look at a specific registry key, use the Get-Item cmdlet. Although this is really only useful for identifying registry keys with data. To get to the actual registry values, you will use Get-ItemProperty.
I'll leave you with one more example:
PS C:\> dir "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results" -rec | foreach {get-itemproperty -path $_.pspath | Select @{name="Action";expression={$_.PSChildname}},Last*} | ft -auto
Action LastSuccessTime LastError
------ --------------- ---------
Detect 2009-08-26 05:09:17 0
Download 2009-08-26 12:17:17 0
Install 2009-08-26 07:00:36 0
This expression enumerates the Windows Update registry keys and displays the last results for detection, download and installation. I'm piping everything to Format-Table so I can get nice results to include in this column.
About the Author
Jeffery Hicks is an IT veteran with over 25 years of experience, much of it spent as an IT infrastructure consultant specializing in Microsoft server technologies with an emphasis in automation and efficiency. He is a multi-year recipient of the Microsoft MVP Award in Windows PowerShell. He works today as an independent author, trainer and consultant. Jeff has written for numerous online sites and print publications, is a contributing editor at Petri.com, and a frequent speaker at technology conferences and user groups.