Registry values are the files that contain the properties and settings of the operating system or an installed application. They store individual/global configurations of applications during startup and login. These values come in different formats and can have values in string, hexadecimal or binary.
To get a desired registry key value in PowerShell, users will need to enter syntax called commandlets (cmdlets). These are lightweight commands built in .NET Framework that perform a specific task or form a part of a script in Windows PowerShell.
Methods to Get Registry Key Value in Powershell
- HKEY_LOCAL_MACHINE(HKLM)
- HKEY_CURRENT_CONFIG(HKCC)
- HKEY_CLASSES_ROOT(HKCR)
- HKEY_USERS(HKU)
- HKEY_CURRENT_USER(HKCU)
These ‘hives’ contain further sub-directories called Keys which may also contain their own subkeys. These keys are the folders that hold the values and properties of the system/application.
Test-Path
Before we learn to get registry values, it is beneficial to know how to generate and test the path of the registry directory in PowerShell. To do this, you can validate the pathkey using the Test-path
commandlet.
This commandlet then returns a ‘True’ value if the key/path exists and returns a ‘False’ value if the path or key does not exist.
- Open Run and type
powershell
to open the PowerShell console - Inside, type the following syntax and press Enter. replace the <registry hive> and <registry path> with their respective entries
Test-Path <registry hive>:\<registry path>
eg:Test-Path HKCU:\Software\Microsoft\Windows\CurrentVersion\Run
- If the directory folder or path has a blank space between their name, keep the name inside double quotes (“”)
Test-Path <registry hive>:\"<registry path>"
- Now, to test if the value or the registry entry exists in the key, you can use the script provided below.
Here, the-Path $regkey
and-Name $name
are to be replaced with their respective values.
Function Test-RegistryValue ($regkey, $name) {
if (Get-ItemProperty -Path $regkey -Name $name -ErrorAction Ignore) {
$true
} else {
$false
}
}
Example,
Function Test-RegistryValue ($regkey, $name) {
if (Get-ItemProperty -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\Run -Name Chromium -ErrorAction Ignore) {
$true
} else {
$false
}
}
Reg Query
The Reg Query
cmdlet returns a list of keys or subkey contents. This cmdlet shows the contents that are under the next level or tier of the directory. This cmdlet is useful as it shows all the content inside the specified registry path or directory.
In this example, the query will display the registry entries that are under the “Run” sub key.
- Open Run and type
powershell
to open the PowerShell console - Inside, type the following commandlets and press Enter
Reg Query “<registry hive>\<registry pathname>”
eg:Reg Query “HKCU\Software\Microsoft\Windows\CurrentVersion\Run”
Using Get-Item
The method to get the desired registry key value in PowerShell is by using the Get-Item cmdlets. This retrieves information from directories specified by the user in PowerShell. There are mainly two methods to get the key value from the Get-Item
cmdlet.
By using these cmdlets, users can get the desired registry key value in PowerShell.
Get-ItemPropertyValue
Another method to retrieve desired registry value is by using the Get-ItemPropertyValue
cmdlet. This cmdlet gets the values or properties of the specified items after executing it.
The syntax to get the registry value:
- Open PowerShell and enter the following command
Get-ItemPropertyValue -Path <registry hive>:\<registry key path>
eg: Get-ItemPropertyValue -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\Run -Name Chromium
- You can additionally set the following parameters after entering the registry key path
Parameters | Function |
-Name <String[]> | Gets the property of the specified value inside a key |
-Include <String[]> | Specifies string array that will be included during operation. Parameter works only if the cmdlet includes the content of the item |
-Exclude <String[]> | Specifies string array that will be excluded during operation |
After entering the syntax, press the Enter key and then the specified registry key contents will be displayed on PowerShell.
Get-ChildItem
Another method to obtain the required registry value in PowerShell is by using the Get-ChildItem
cmdlet. This cmdlet enumerates and then displays all the listed items from the specified directory. The cmdlet however, does not return anything if a directory is empty.
The following syntax is used to retrieve key value from Get-ChildItem cmdlet:
Get-ChildItem -Path <registry hive>:\<registry key path>
eg:Get-ChildItem -Path HKCU:\Software\Microsoft\Windows\CurrentVersion
- To execute the cmdlet with parameters, write them in the following manner
eg:Get-ChildItem -Path HKCU:\Software\Microsoft\Windows\CurrentVersion -Name -Exclude C*
The cmdlet excludes all the key and subkeys under theHKCU:\Software\Microsoft\Windows\CurrentVersion
path that start with the letter C - You can set the following additional parameters after entering the registry key path
Parameter | Functions |
-Include <string[]*> | Includes keys and objects specified in the parameter [eg: -Include *.txt ] |
-Exclude <string[]*> | Excludes keys and objects specified in the parameter [eg: -Exclude C* ] |
-Depth <uint32> | Defines the number of subkeys the cmdlet can go through. Integer values can range from 0 to 4,294,967,295 [eg: -Depth 3 ] |
-Name | Lists the subkeys inside the specified key |
-Hidden | Lists only the hidden items inside the specified key. Shows hidden items with the inclusion of -Force parameter |
Using this cmdlet instead of Get-ItemPropertyValue
gives you a more readable output of the contents inside the registry key .