Google

2009-09-20

A bit of registry with PowerShell

I was trying some PowerShell commands to see how it works with Registry. I liked of course how I can browse registry by simply typing:


Registry:

And the way I prefer it with Get-ChildItem (gci)

gci HKLM:\Software\microsoft\Windows\CurrentVersion\Run

But of course when I type that it shows me the registry keys under that path


SKC VC Name ;
--- -- ---- -------- 
3 1 OptionalComponents {(default)} 

If I actually wanted to see the content, the command to use is Get-ItemProperty (gp)

gp hklm:\software\microsoft\windows\currentversion\run\

Kernel and Hardware Abstraction Layer : KHALMNPR.EXE
Adobe Reader Speed Launcher : "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
atchk : "C:\Program Files\Intel\AMT\atchk.exe"

I removed the PSxxx properties from the results above.


So, what if I wanted remove the registry entry for Adobe Reader Speed Launcher?
Remove-ItemProperty does that:
remove-itemproperty hklm:\software\microsoft\windows\currentversion\run -name "Adobe Reader Speed Launcher"


Is there an alias for that? We can use Get-Alias (gal) to find out


gal | where {$_.Definition -eq "Remove-ItemProperty"} |select name 


Name
------
rp

Note that, we removed something directly under Run key. If we wanted to create a key or delete it, we would not use "*-ItemProperty" but "new-item (ni)" and "remove-item (ri)" respectively:
ni hklm:\software\blahblah
ri hklm:\software\blahblah

Interestingly, if you wanted to search for "blahblah" with gci using a filter like this:
gci hklm:\Software -include "blah*"

it would not work as registry key is a 'path'. So you would use something like
gci hklm:\software | where {$_.name -match "blah"}
or

gci hklm:\software | where {$_.PsPath -match "blah"}
Notice that -match (regexp search) works but -like (pattern search... more like -eq) does not:

gci hklm:\software | where {$_.name -like "blah*"}
returns nothing.

I was curious to find out why; so I typed

gci hklm:\software\ |where {$_.name -match "blah*"} |fl *
and reason is clear:
Name: HKEY_LOCAL_MACHINE\software\blahblah

So, changing above search pattern to "*blah*" works:

gci hklm:\software | where {$_.name -like "*blah*"}
Post a Comment