PowerShell is a task-based command line interface and scripting language developed by Microsoft. It provides an interactive console, associated file system and graphical user interface tools that can be used to automate tasks on Windows systems.
Learn how to use PowerShell to acquire a registry value and query registry entries using a number of ways in this tutorial.
Let’s get started!
Prerequisites
All of the examples in this post will be presented using PowerShell 7.1, which is the most recent version at the time of publication. If you like, you may also utilize Windows PowerShell 5.1. You need also have a working knowledge of PowerShell Drives.
Without Administrator credentials, certain examples may not function.
Using Get-ChildItem to get Registry Keys and Values
The Get-ChildItem cmdlet is one of the simplest methods to locate registry keys and values. By enumerating things in PowerShell drives, this PowerShell function obtains registry data and more. The HKLM drive retrieved by performing Get-PSDrive is the PowerShell drive in this scenario.
In a PowerShell console, type the following command.
HKLM:SOFTWAREPoliciesMicrosoftWindowsWindowsUpdate’ Get-ChildItem -Path
The following is an example of a screenshot:
- The WindowsUpdate registry key’s whole route
- The important AU
- The following is a list of registry entries in the AU key, along with their values.
Obtaining Windows Update registry values
One brief note about the screenshot above. You’ll note that the result is a bit deceptive. Normally, the properties of an object are represented as PowerShell console output. Because this object has no attributes, Get-ChildItem acts differently in this scenario. To generate the display formatting that you see, further commands are done in the background.
How to Use the Windows Registry to Check for a Pending Reboot
To obtain registry values, use Get-ItemProperty.
Using the Get-ItemProperty cmdlet to make the result more understandable, let’s continue with the same registry key as previously.
Get-ItemProperty is the best method for acquiring an item property’s keys and values from the registry. Execute the following command:
HKLM:SOFTWAREPoliciesMicrosoftWindowsWindowsUpdateAU’ Get-ItemProperty -Path
A list of the keys and values may be found in the screenshot below:
- AU stands for the registration container.
- PS properties are PowerShell-related properties.
To obtain registry values, use Get-ItemProperty.
Alternatively, you may use.NET to provide the registry item path and obtain the same result, but somewhat quicker. To obtain a registry value, run the following command using the.NET Registry Class:
Registry::HKEY LOCAL MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdateAU Get-ItemProperty -Path
To obtain registry values, use Get-ItemProperty.Value
It’s now time to examine critical values. Let’s look at the value for the key NoAutoUpdate using the Get-ItemPropertyValue cmdlet and the same registry container as previously. Use PowerShell to run the following command:
HKLM:SOFTWAREPoliciesMicrosoftWindowsWindowsUpdateAU’ Get-ItemPropertyValue -Name NoAutoUpdate -Path ‘HKLM:SOFTWAREPoliciesMicrosoftWindowsWindowsUpdateAU’ Get-ItemPropertyValue -Path ‘HKLM:SOFTWAREPoliciesMi
If you use Receive-ItemPropertyValue instead of Get-ItemPropertyValue, you’ll get a more concise result that simply shows the value and none of the extra information you saw before.
The value associated with the NoAutoUpdate key
Querying the Registry in the Absence of PS Drives
You’ve been working with the registry using PowerShell drives throughout this lesson. This isn’t the only method to do it; you can also use.NET to access registry information using.NET classes!
For example, you may need to utilize PowerShell to obtain a HKLM: registry value. AU: AutoUpdate on a distant computer. SOFTWAREPoliciesMicrosoftWindowsWindowsUpdateAU: AutoUpdate on a remote computer.
With.NET, you may do so by:
- On the remote machine, open the registry connection.
$Registry = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey(‘LocalMachine’, $Computername) $Registry = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey(‘LocalMachine’, $Computername)
2. Locate the registry key you’re searching for and open it.
$RegistryKey = $Registry.OpenSubKey(“SOFTWAREPoliciesMicrosoftWindowsWindowsUpdateAU”, $true); $RegistryKey = $Registry.OpenSubKey(“SOFTWAREPoliciesMicrosoftWindowsWindowsUpdateAU”, $true); $RegistryKey = $Registr
3. Querying the value of the registry value inside the registry key using the GetValue() function.
$RegistryKey.GetValue(‘AU’)
It’s quicker to utilize.NET drives instead of PowerShell drives, and it’s a simple method to connect to and use PowerShell to query registry entries and values on distant systems.
Using Test-Path to Check Registry Values
Sometimes all you need to do is check whether a registry value exists. The Test-Path cmdlet is used to do this.
Continuing with the WindowsUpdate container, perform the following PowerShell command to determine whether the AU container is present:
HKLM:SOFTWAREPoliciesMicrosoftWindowsWindowsUpdateAU’ Test-Path
The key or container exists if the result is True. But what if you need to verify the existence of a value or entry? For this test, let’s create a custom function:
if (Get-ItemProperty -Path $regkey -Name $name -ErrorAction Ignore) $true else $false if (Get-ItemProperty -Path $regkey -Name $name -ErrorAction Ignore) $true else $false if (Get-ItemProperty -Path $regkey -Name $name
You give a path and name of the key or container, as well as the value you want to find, and the custom function returns True or False (3), as seen in the picture below:
To test, enter a key and a value, then click Return. Is it true or false?
Steps to Follow
What more can you do using the Acquire-ChildItem, Get-ItemProperty, and Get-ItemPropertyValue cmdlets to get registry keys and values?
Check out Microsoft Docs’ article on ‘Working with Registry Keys’ if you want to learn more about using PowerShell to operate with the registry. The ATA blog article Using Active Setup: How to Set a Registry Value in All Users Hives also has a fantastic illustration of setting registry settings.
Frequently Asked Questions
How do I read a registry value in PowerShell?
A: PowerShell has a cmdlet called Get-ItemProperty that can be used to read registry values. The following command uses this cmdlet, but also causes the output of the HKLM:\SOFTWARE\Classes\AppID key, which is in HKEY_LOCAL_MACHINE by default, to be piped into it as well.
How do I get the registry key in PowerShell?
A: To get the registry key you need to run a command in PowerShell using the Get-ItemProperty cmdlet. This is usually done by running a command like this,
How do I check the value of my registry?
A: You can check the value of your registry by opening regedit.exe and navigating to HKEY_CURRENT_USER\Software\Microsoft\.NETFramework, then looking for a folder called AppData. If there is no such folder in that location, you should go back one more level until you find it
