Prof. Powershell

Riding the Registry, Part 2

Mini-series on PowerShell tricks for working with registry starts now.

Last time I reviewed how to use the registry PSDrive to navigate your local registry. As you poked around, I'm sure you realized some limitations, such as getting registry values. They aren't presented like files. Instead, think of them as items:

PS HKLM:\software\microsoft\windows\currentversion> get-item .

   Hive: Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\

SKC  VC  Name              Property
---  --  ----              --------
 57  13  currentversion    {DevicePath, MediaPathUnexpanded, SM_GamesName,

I use the Get-Item cmdlet specifying the current directory, the period, for the item path. The SKC number represents SubKey Count and VC represents ValueCount. These values are the Properties. How do we get the registry values from this key? Use Get-ItemProperty:

PS HKLM:\software\microsoft\windows\currentversion> get-itemproperty . | foreach {$} | select name,value

Name                         Value
----                         -----
DevicePath                   C:\WINDOWS\inf
MediaPathUnexpanded          C:\WINDOWS\Media
SM_GamesName                 Games
SM_ConfigureProgramsName     Set Program Access and Defaults
ProgramFilesDir              C:\Program Files
CommonFilesDir               C:\Program Files\Common Files
ProductId                    55555-123-1614466-11111
ProgramFilesPath             C:\Program Files
SM_AccessoriesName           Accessories
PF_AccessoriesName           Accessories
WallPaperDir                 C:\WINDOWS\Web\Wallpaper
MediaPath                    C:\WINDOWS\Media
SM_ConfigureProgramsExisted  1

Not very elegant, I agree, but it works. But what about the sub-keys and their values? That takes a little combination of ForEach and Get-ItemProperty. For example, suppose I want to enumerate all the applications under the Uninstall key and get the app's displayname, publisher and uninstall string. Of course, not every entry will have these values but I'm okay with that:

PS HKLM:\software\microsoft\windows\currentversion\uninstall> dir | foreach {get-itemproperty $_.pspath | Select PSChildName,Displayname,Publisher,UninstallString} | export-csv c:\uninstalldata.csv -notypeinformation

The PSChildName property will be the name of the registry key which is helpful, since some keys won't have all the values I'm after. But now I have an easy to use CSV file with valuable information. I'm sure you can think of other ways to use this sort of information.

When you need to look at a specific registry key, use the Get-Item cmdlet. Although this is really only useful for identifying registry keys with data. To get to the actual registry values, you will use Get-ItemProperty.

I'll leave you with one more example:

PS C:\> dir "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results" -rec | foreach {get-itemproperty -path $_.pspath | Select @{name="Action";expression={$_.PSChildname}},Last*} | ft -auto

Action    LastSuccessTime      LastError
------    ---------------      ---------
Detect    2009-08-26 05:09:17          0
Download  2009-08-26 12:17:17          0
Install   2009-08-26 07:00:36          0

This expression enumerates the Windows Update registry keys and displays the last results for detection, download and installation. I'm piping everything to Format-Table so I can get nice results to include in this column.

About the Author

Jeffery Hicks is an IT veteran with over 25 years of experience, much of it spent as an IT infrastructure consultant specializing in Microsoft server technologies with an emphasis in automation and efficiency. He is a multi-year recipient of the Microsoft MVP Award in Windows PowerShell. He works today as an independent author, trainer and consultant. Jeff has written for numerous online sites and print publications, is a contributing editor at, and a frequent speaker at technology conferences and user groups.

comments powered by Disqus
Most   Popular