Close

Powershell – Accessing the registry

There are 2 main cmdlets you use to identify and navigate the registry (instead of using regedit).

Announcement

You can find all my latest posts on medium.

First of you navigate the registry in the same style as navigating a folder structure, i.e. you navigate it using cd and get-childitem. But the registry doesn’t reside inside the c:\ drive, instead it resides in it’s own drive called registry:

PS C:\> Get-PSProvider

Name                 Capabilities                                      Drives
----                 ------------                                      ------
WSMan                Credentials                                       {WSMan}
Alias                ShouldProcess                                     {Alias}
Environment          ShouldProcess                                     {Env}
FileSystem           Filter, ShouldProcess                             {C, E, A, D}
Function             ShouldProcess                                     {Function}
Registry             ShouldProcess, Transactions                       {HKLM, HKCU}
Variable             ShouldProcess                                     {Variable}
Certificate          ShouldProcess                                     {cert}

Here you should see that that all the registry info is stored in 2 drives, HKLM and HKCU.

The other important cmdlet that you also need to use is the get-itemproperty cmdlet. Here’s an example on how to explore the registry to find the version of .net installed.