Skip to main content

PowerShell working with registry keys




Basic PowerShell commands to work with Windows Registry.

Don't mess up with the registry, if you're not sure of what you are doing.

Messing up with the registry for fun is just good in a virtual environment with no important data at all.
 
To list software registry keys on path HKCU type this command below:

Get-ChildItem -Path hkcu:\software  | Select Name


It will list all the software registry keys, it's good to list all the software registry keys and check for any illicit software installed by malwares or viruses.

If there's a lot of software installed on the PC it will be a long list.

But PowerShell comes handy when it comes to filtering.

Code below will filter for any Keys in HKCU path that has "Ad" values on it.

Use the parameter "-like" and not "-eq", -eq or equal will match 100% and will not return any value if no match at all.

Get-ChildItem -Path hkcu:\software  | Where-Object {$_.Name -like '*Ad*'}

Sample output:

    Hive: HKEY_CURRENT_USER\software


Name                           Property                                                                                                          
----                           --------                                                                                                          
Adobe                             

Below is another code filtering example that will look for any keys with "Win" string.

Sample output:

Get-ChildItem -Path hkcu:\software  | Where-Object {$_.Name -like '*Win*'}

    Hive: HKEY_CURRENT_USER\software

Name                           Property                                                                                                           
----                           --------                                                                                                          
Cygwin
GnuWin32
Windows Live Writer
Winpolicies
WinRAR
WinRAR SFX                     C%%Program Files%WinRAR : C:\Program Files\WinRAR

Those are just basics way of handling registry keys, using PowerShell.

If want to learn some more using PowerShell on messing up with the registry check out cmdlets: Start-Transaction, Use-Transaction, Complete-Transaction

 To check out some more tips on how to play around or edit the registry using PowerShell refer to Technet links below.

Check out links below for Technet references:
http://technet.microsoft.com/en-us/library/hh849774.aspx
http://technet.microsoft.com/en-us/library/dd315270.aspx


Hope it helps you to get started on how to edit the Windows registry using PowerShell.


Cheers!!!

Labels:

Comments

Post a Comment

Popular posts from this blog

WMIC get computer name

WMIC get computer model, manufacturer, computer name and  username. WMIC is a command-line tool and that can generate information about computer model, its manufacturer, its username and other informations depending on the parameters provided. Why would you need a command line tool if there’s a GUI to check? If you have 20 or 100 computers, or even more. It’s quite a big task just checking the GUI to check the computer model and username. If you have remote computers, you need to delegate someone in the remote office or location to check. Or you can just write a batch file or script to automate the task. Here’s the code below on how get computer model, manufacturer and the username. Open an elevated command prompt and type:     wmic computersystem get "Model","Manufacturer", "Name", "UserName" Just copy and paste the code above, the word “computersystem” does not need to be change to a computer name. A
Post a Comment
Read more

Notepad++ convert multiple lines to a single line and vice versa

Notepad++ is an awesome text editing tool, it can accept regex to process the text data. If the data is in a “.csv” format or comma separated values which is basically just a text file that can either be opened using a text editor, excel or even word. Notepad++ can process the contents of the file using regex. Example if the data has multiple rows or lines, and what is needed is to convert the whole lines of data into a single line. Notepad++ can easily do it using regex. However, if the data is on a single line and it needs to be converted into multiple lines or rows then regex can also be used for this case. Here’s an example on how to convert multiple rows or lines into a single line. Example data: Multiple rows, just a sample data. Press Ctrl+H, and  on "Find what" type: [\r\n]+ and on "Replace with" type with: , (white space) --white space is needed if need to have a space in between the data. See image below, "Regular Expression" must be se
1 comment
Read more

Print error 016-799 - Fuji Film Xerox

016-799 Fuji Xerox or Fuji Film print error code. That shows a description error as “Print instruction Fail detected in decomposer.” The error code and error description are alien languages for users and even system administrators who are not familiar with Fuji Xerox error code. The error code is quite simple and easy to fix, if the job print goes to the printer but print out doesn’t come out. So, basically the print job was received by the printer, but the printer just doesn’t know what type of paper or what size to use or which tray to utilize for the print out. In some instances, this is just a paper mismatch but the error description; if using Windows 10 to print does not exactly points to what is the issue. First thing to check, is the paper size selected by the user to print. Example, if the printer configuration is A3 and A4 sizes only. But then the person printing the file accidentally chooses “A4 Cover” then this error 016-799 will occur.
6 comments
Read more