The concept of a drive in PowerShell is not about physical drives, but about representing any data store as a consistent interface. Using the right provider you can even access the registry as if it was a file structure.
Navigating In The Shell
Open PowerShell by typing PowerShell into the search bar and pressing enter.When PowerShell opens, type:
cd HKCU:To change to the HKEY_CURRENT _USER hive.
The keys in the registry are like folders. However, key values don’t behave like files. Instead, they are managed as properties of keys and are displayed in the property column. To see a list of keys you can simply run:
Dir
To do more with the keys its easiest to create a variable for the key. Lets make a variable called key, for the HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer key.
$key = Get-Item HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer
Next lets see how many values my key variable contains. To do this we need to use a property called ValueCount.
$key.ValueCount
As you can see there are 6 values. It tells us how many values there are but doesn’t tell us what the values are called to do that you need to take a look at the keys property property.
$key.Property
If you want to retrieve the contents of the values you can use the PSPath property along with the Get-ItemProperty command as follows. We will create a variable called value to help us with receiving individual values.
$value = Get-ItemProperty $key.PSPath
That will retrieve the contents for all values in the key, but because we created the value variable we can parse it an individual property to retrieve. For example.
$value.ShellstateWill return only the contents of the Shellstate value.
Creating Keys
Creating new keys is like creating a new folder:New-Item -type Directory “Type New Key Name Here”
Deleting Keys
Deleting a key is done using the Remove-Item command like so:Remove-Item “Type New Key Name Here”
Creating Values
To add new values to a key you must use the Set-ItemPropertyItemType | Holds | DataType |
String | A string | REG_SZ |
ExpandedString | A string with environment variables that are resolved when invoked | REG_EXPANDED_SZ |
Binary | Binary value | REG_BINARY |
DWord | Numeric Value | REG_DWORD |
MultiString | Text of multiple lines | REG_MULTI_SZ |
QWord | 64-Bit numeric values | REG_QWORD |
Set-ItemProperty HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer –type string –name “New Value” –value “123”You can replace the path for the key in which you want to create the value and you can substitute the –type parameter for a different type from the above table.
Deleting Values
You can delete values using the Remove-ItemProperty command.Remove-ItemProperty HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer “New Value”
No comments:
Post a Comment