One of the most important data stores on Windows machines is the Windows Registry. It is a hierarchical database, and stores low-level settings for the system and the applications on the system. You will need to add or read keys, and in rare cases even remove some. The most important cmdlets to work with the registry are the following:
|
Get-Item |
Retrieves one or more keys or values from the Registry |
|
Get-ItemProperty |
Retrieves one or more values from the Registry |
|
New-ItemProperty |
Creates a new value in the Registry |
|
Rename-ItemProperty |
Renames a Registry value to a new key |
|
Remove-ItemProperty |
Removes a Registry value |
One of the most practical examples in this context is to retrieve the installed applications from the registry with the specific uninstallation strings:
#registry path for 64-bit software installations
$installations64bit = 'Registry::HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall{*}'
#registry path for 32-bit software installations
$installations32bit = 'Registry::HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionUninstall{*}'
#retrieve all values and add the architecture as an additional NoteProperty to it
$allInstalledSoftwareInstallations = @(Get-ItemProperty -Path $installations64bit | Add-Member -MemberType NoteProperty -Name Architecture -Value '64bit' -PassThru)
$allInstalledSoftwareInstallations += Get-ItemProperty -Path $installations32bit | Add-Member -MemberType NoteProperty -Name Architecture -Value '32bit' -PassThru
#show all installed software installations sorted on the display name
$allInstalledSoftwareInstallations | Select-Object -Property DisplayName, DisplayVersion, UninstallString, Architecture | Sort-Object -Property DisplayName | Out-GridView
As you can see from this example, we are using the PSDrive to access the registry and retrieving all child keys with the asterisk:
$installations64bit = 'Registry::HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall{*}'
In Windows, there are two locations available for installed applications: 64-bit and 32-bit. We are retrieving both and differentiating them with an additional NoteProperty architecture. As a result, you will get a list with all installed applications, differentiable by bit version and including the uninstallation string. You can now easily work with this list by using filtering or sorting, and even execute uninstallations without any effort.
The next example shows how to create new registry keys, which are being retrieved from Disk Cleanup at cleanmgr.exe. Disk Cleanup has some available arguments, which you can validate with:
#Explaining usage and showing possible attributes
cleanmgr.exe /?
We will make use of sagerun in our example to automatically execute all available cleanup handlers, such as Empty Recycle Bin, from the Disk Cleanup executed in the code.
The following code creates registry values named StateFlags##ID## with the value 2 in every registry key underneath the VolumeCaches key. Afterward, Disk Cleanup is executed with the sagerun argument and the previously used ID. It will now run through all registry keys in VolumeCaches and execute every cleanup handler, which includes a correctly named value, StateFlags##ID##, with the value 2 (enabled):
#Sets the location to the registry path, which contains all the cleanup methods
Set-Location 'HKLM:SOFTWAREMicrosoftWindowsCurrentVersionExplorerVolumeCaches'
#Runs through all keys and creates a new key with the name 'StateFlags1234' and the value 2
foreach ($item in $(Get-ChildItem).PSPath)
{
#Skipping existing keys
if (-not (Get-ItemProperty -Path $item -Name 'StateFlags1234'))
{
New-ItemProperty -Path $item -Name 'StateFlags1234' -Value 2
}
}
<#
Runs the cleanmgr.exe with the slag sagerun
It will run through all the keys in the previously set registry location and search for the keys 'Stateflags##ID##'
The value 2 sets this options to enabled - so every cleanup method is being executed.
#>
cleanmgr.exe /sagerun:1234
In this example, you can feel the real power of PowerShell. With these few lines of code, you easily created registry keys and started an executable. With this script, you will always run all available cleanup handlers, even if they are completely new.
Especially if you are working in software deployment and creating application packages, you will regularly need to work with registry keys.