PowerShell Registry Management
The Windows Registry is a hierarchical database that stores configuration settings for the operating system, installed software, hardware, and user preferences. PowerShell accesses the registry through the Registry provider — using the same cmdlets used to navigate the file system, but pointed at registry paths instead of folder paths. This makes reading, writing, and automating registry changes consistent with everything else in PowerShell.
Registry Structure
Registry
|
+-- HKEY_LOCAL_MACHINE (HKLM)
| Hardware, System, Software settings for all users
|
+-- HKEY_CURRENT_USER (HKCU)
| Settings for the currently logged-in user
|
+-- HKEY_CLASSES_ROOT (HKCR)
| File associations and COM object registrations
|
+-- HKEY_USERS (HKU)
| Settings for all user profiles
|
+-- HKEY_CURRENT_CONFIG (HKCC)
Current hardware profile
PowerShell Registry Drive Mappings
PowerShell maps the two most commonly used registry hives to drives:
| PowerShell Drive | Registry Hive | Description |
|---|---|---|
| HKLM: | HKEY_LOCAL_MACHINE | System and software settings (all users) |
| HKCU: | HKEY_CURRENT_USER | Settings for the current user |
# Navigate to a registry path just like a folder
Set-Location HKLM:\SOFTWARE\Microsoft
# List registry keys (subkeys)
Get-ChildItem HKLM:\SOFTWARE
# Go back to the filesystem
Set-Location C:\
Reading Registry Values
Get-ItemProperty – Read Key Values
# Read all values in a registry key
Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion"
# Read a specific value
$version = Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion"
Write-Host "OS Version: $($version.CurrentVersion)"
Write-Host "Product Name: $($version.ProductName)"
Write-Host "Build Number: $($version.CurrentBuildNumber)"
Write-Host "Install Date: $([datetime]::FromFileTime($version.InstallDate * 10000000 + 116444736000000000))"
Output:
OS Version: 10.0
Product Name: Windows 10 Pro
Build Number: 22621
Get-ItemPropertyValue – Read a Single Value
# Read just one specific registry value cleanly
$buildNum = Get-ItemPropertyValue `
-Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion" `
-Name "CurrentBuildNumber"
Write-Host "Build: $buildNum"
Creating Registry Keys
# Create a new registry key (like creating a folder)
New-Item -Path "HKCU:\SOFTWARE\eStudy247" -Force
# Create a nested key
New-Item -Path "HKCU:\SOFTWARE\eStudy247\Settings" -Force
Write-Host "Registry key created."
Creating and Updating Registry Values
New-ItemProperty – Create a New Value
New-ItemProperty `
-Path "HKCU:\SOFTWARE\eStudy247\Settings" `
-Name "Theme" `
-Value "Dark" `
-PropertyType String `
-Force
Set-ItemProperty – Update an Existing Value
Set-ItemProperty `
-Path "HKCU:\SOFTWARE\eStudy247\Settings" `
-Name "Theme" `
-Value "Light"
Write-Host "Theme updated."
Registry Value Types
| Type Name | PropertyType Value | Description | Example |
|---|---|---|---|
| REG_SZ | String | Plain text string | "Dark" |
| REG_DWORD | DWord | 32-bit integer | 1 or 0 |
| REG_QWORD | QWord | 64-bit integer | Large number |
| REG_EXPAND_SZ | ExpandString | String with env variables | %USERPROFILE%\Docs |
| REG_MULTI_SZ | MultiString | Array of strings | @("val1","val2") |
| REG_BINARY | Binary | Raw binary data | Byte array |
$keyPath = "HKCU:\SOFTWARE\eStudy247\Settings"
# String value
New-ItemProperty -Path $keyPath -Name "AppName" -Value "eStudy247" -PropertyType String -Force
# DWORD (integer 0/1 for true/false flags)
New-ItemProperty -Path $keyPath -Name "AutoUpdate" -Value 1 -PropertyType DWord -Force
# ExpandString (environment variable path)
New-ItemProperty -Path $keyPath -Name "DataPath" -Value "%USERPROFILE%\eStudy247\Data" -PropertyType ExpandString -Force
# MultiString (array)
New-ItemProperty -Path $keyPath -Name "Languages" -Value @("English","Hindi","Tamil") -PropertyType MultiString -Force
Checking If a Key or Value Exists
# Check if a registry key exists
Test-Path -Path "HKCU:\SOFTWARE\eStudy247" # True or False
# Check if a value exists
$key = Get-ItemProperty -Path "HKCU:\SOFTWARE\eStudy247\Settings" -ErrorAction SilentlyContinue
if ($key -and $null -ne $key.Theme) {
Write-Host "Theme setting: $($key.Theme)"
} else {
Write-Host "Theme setting not found."
}
Deleting Registry Keys and Values
# Delete a single registry value
Remove-ItemProperty -Path "HKCU:\SOFTWARE\eStudy247\Settings" -Name "Theme"
# Delete a registry key (and all values inside it)
Remove-Item -Path "HKCU:\SOFTWARE\eStudy247\Settings" -Force
# Delete a key and all subkeys recursively
Remove-Item -Path "HKCU:\SOFTWARE\eStudy247" -Recurse -Force
Write-Host "Registry key deleted."
Enumerating Subkeys
# List all direct subkeys under a path
Get-ChildItem -Path "HKLM:\SOFTWARE\Microsoft" |
Select-Object Name, SubKeyCount, ValueCount |
Sort-Object Name
# Recursive listing of all subkeys
Get-ChildItem -Path "HKCU:\SOFTWARE\eStudy247" -Recurse
Working with Remote Registry
# Access registry on a remote computer (requires Remote Registry service running)
$remoteKey = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey(
[Microsoft.Win32.RegistryHive]::LocalMachine,
"RemoteServerName"
)
$subKey = $remoteKey.OpenSubKey("SOFTWARE\Microsoft\Windows NT\CurrentVersion")
Write-Host $subKey.GetValue("ProductName")
$remoteKey.Close()
Real-World Example – Application Configuration Script
function Set-AppConfig {
param (
[string]$AppName = "eStudy247",
[string]$Version = "3.0",
[string]$Theme = "Dark",
[int] $AutoUpdate = 1
)
$regPath = "HKCU:\SOFTWARE\$AppName"
# Create key if missing
if (-not (Test-Path $regPath)) {
New-Item -Path $regPath -Force | Out-Null
Write-Host "Registry key created: $regPath"
}
# Write values
Set-ItemProperty -Path $regPath -Name "Version" -Value $Version
Set-ItemProperty -Path $regPath -Name "Theme" -Value $Theme
Set-ItemProperty -Path $regPath -Name "AutoUpdate" -Value $AutoUpdate
Write-Host "Configuration saved for $AppName"
}
function Get-AppConfig {
param ([string]$AppName = "eStudy247")
$regPath = "HKCU:\SOFTWARE\$AppName"
if (Test-Path $regPath) {
Get-ItemProperty -Path $regPath | Select-Object Version, Theme, AutoUpdate
} else {
Write-Host "No configuration found for $AppName"
}
}
Set-AppConfig -AppName "eStudy247" -Version "4.0" -Theme "Light"
Get-AppConfig -AppName "eStudy247"
Output:
Registry key created: HKCU:\SOFTWARE\eStudy247
Configuration saved for eStudy247
Version Theme AutoUpdate
------- ----- ----------
4.0 Light 1
Backup and Restore Registry Keys
# Export a registry key to a .reg file
reg export "HKCU\SOFTWARE\eStudy247" "C:\Backup\estudy247_backup.reg" /y
Write-Host "Registry exported."
# Import a .reg file back into the registry
reg import "C:\Backup\estudy247_backup.reg"
Write-Host "Registry restored."
Summary
PowerShell accesses the Windows Registry through the Registry provider, navigating HKLM: and HKCU: drives with the same cmdlets used for the file system. Get-ItemProperty and Get-ItemPropertyValue read registry data. New-Item creates keys. New-ItemProperty and Set-ItemProperty create and update values across all data types — strings, integers, binary, and multi-string. Remove-Item and Remove-ItemProperty delete keys and values. Registry automation is essential for software deployment, user configuration management, OS compliance auditing, and system hardening scripts.