How To Use PowerShell To Edit the Windows RegistryHow To Use PowerShell To Edit the Windows Registry
PowerShell offers extensive capabilities for managing Windows Registry operations. This guide explains how to create, read, and modify values using a concise set of commands.
April 29, 2024
Although the Registry Editor remains the primary tool for modifying the Windows Registry, PowerShell offers a versatile alternative capable of handling most tasks. However, before you begin using PowerShell for registry modifications, it’s important to consider three key points.
Firstly, it’s important to understand the inherent risks associated with modifying the registry. Whether you’re using PowerShell or the Registry Editor, an incorrect modification can destroy your Windows system and applications. I strongly advise against experimenting with registry modifications on your primary system. Instead, consider setting up a dedicated virtual machine. This way, any mishap will be contained within the virtual environment, leaving your production system unchanged.
Secondly, when accessing the registry in PowerShell, you must use abbreviated forms for the top-level registry keys. For instance, HKEY_LOCAL_MACHINE is abbreviated as HKLM, and HKEY_CURRENT_USER becomes HKCU.
Thirdly, making registry modifications requires administrative privileges. Therefore, you must run PowerShell in an elevated session. Additionally, if the Registry Editor is open while making changes via PowerShell, you will need to refresh the Registry Editor to see the modifications take effect.
Creating a Registry Key
The first technique that I want to show you is how to create a registry key. We will use HKEY_LOCAL_MACHINE\SOFTWARE\Posey as an example.
The cmdlet used for creating a registry key is New-Item. You might recognize this cmdlet; it’s also used to create files and folders. The difference is that if you wanted to use the New-Item cmdlet to create a file or folder, you would need to set the ItemType parameter to File or Directory. However, there is no ItemType for the registry. Thus, you will omit the ItemType parameter for registry operations.
Here is the command to create the previously mentioned registry key:
New-Item “HKLM:\SOFTWARE\Posey”
You can see the command and its effect on the Windows registry in Figure 1 below.
Figure 1. I have used PowerShell to create a registry key.
Notice that despite entering HKLM as the top-level key, PowerShell interpreted it as HKEY_LOCAL_MACHINE.
Creating a Registry Value
Now that we have a new registry key, let’s add a value to it.
You can’t use the New-Item cmdlet to add a registry value. Instead, you must use the New-ItemProperty. When using New-ItemProperty, there are four required parameters:
The name of the value you are creating.
The path, indicating the full registry key path for where you want to create the value.
The Type parameter, which tells Windows what type of value you are defining. For example, you might create a DWORD value.
The actual value itself.
With that in mind, let’s suppose we want to create a DWORD value at HKLM:\SOFTWARE\POSEY, name the new value Data, and assign it a value of 0. The command would be:
New-ItemProperty -Name Data -Path HKLM:\SOFTWARE\POSEY -Type DWORD -Value 0
You can see the command and the modification it caused in the registry in Figure 2.
Figure 2. I have added a value called Data to the registry.
Reading a Registry Value
Now let’s look at how to read a value from the registry.
Reading a value works almost exactly like creating a value. The main difference is that you will use the Get-ItemProperty cmdlet instead of New-ItemProperty. Additionally, you only need to provide the Path and Name parameters.
For example, if we wanted to read the value that we just created, the command would be:
Get-ItemProperty -Path HKLM:\SOFTWARE\Posey -Name Data
This command returns more than just the raw data value, as shown in Figure 3. If you only want to see the value, append the pipe symbol, followed by Select-Object Data (or the name of the value that you are trying to retrieve).
Figure 3. This is how you read a value from the registry.
Modifying a Registry Value
The last topic I will cover is how to modify a registry value.
To do so, you will use the Set-ItemProperty cmdlet. The syntax is nearly identical to that of the New-ItemProperty cmdlet used for creating a value. The difference is that you don’t need to use the Type parameter.
For example, if we want to change the Data value from 0 to 1, we would use this command:
Set-ItemProperty -Name Data -Path HKLM:\SOFTWARE\POSEY -Type DWORD -Value 1
Figure 4. You can use the Set-ItemProperty cmdlet to modify a registry value.
About the Author
You May Also Like