Sunday, April 29, 2012

Navigate the Registry Command-Line Style Like it’s a Drive Using PowerShell

sshot-11
The concept of a drive in PowerShell is not about physical drives, but about representing any data store as a consistent interface. Using the right provider you can even access  the registry as if it was a file structure.

Navigating In The Shell

Open PowerShell by typing PowerShell into the search bar and pressing enter.

When PowerShell opens, type:
cd HKCU:
To change to the HKEY_CURRENT _USER hive.

The keys in the registry are like folders. However, key values don’t behave like files. Instead, they are managed as properties of keys and are displayed in the property column.  To see a list of keys you can simply run:
Dir

To do more with the keys its easiest to create a variable for the key. Lets make a variable called key, for the HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer key.
$key = Get-Item HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer

Next lets see how many values my key variable contains. To do this we need to use a property called ValueCount.
$key.ValueCount

As you can see there are 6 values. It tells us how many values there are but doesn’t tell us what the values are called to do that you need to take a look at the keys property property.
$key.Property

If you want to retrieve the contents of the values you can use the PSPath property along with the Get-ItemProperty command as follows. We will create a variable called value to help us with receiving individual values.
$value = Get-ItemProperty $key.PSPath

That will retrieve the contents for all values in the key, but because we created the value variable we can parse it an individual property to retrieve. For example.
$value.Shellstate
Will return only the contents of the Shellstate value.

Creating  Keys

Creating new keys is like creating a new folder:
New-Item -type Directory “Type New Key Name Here”

Deleting Keys

Deleting a key is done using  the Remove-Item command like so:
Remove-Item “Type New Key Name Here”

Creating Values

To add new values to a key you must use the Set-ItemProperty
ItemTypeHoldsDataType
StringA stringREG_SZ
ExpandedStringA string with environment variables that are resolved when invokedREG_EXPANDED_SZ
BinaryBinary valueREG_BINARY
DWordNumeric ValueREG_DWORD
MultiStringText of multiple linesREG_MULTI_SZ
QWord64-Bit numeric valuesREG_QWORD
To create a value use the following syntax:
Set-ItemProperty HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer –type string –name “New Value” –value “123”
You can replace the path for the key in which you want to create the value and you can substitute the –type parameter for a different type from the above table.

Deleting Values

You can delete values using the Remove-ItemProperty command.
Remove-ItemProperty HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer “New Value”

No comments:

Post a Comment