PowerShell Get Registry Value
The Windows Registry and registry editor have long been tools Windows admins have used to resolve issues, apply settings, etc. However, PowerShell makes automating registry changes or programmatically getting registry keys and their values very easy. PowerShell can interact with registry keys and easily get registry values.
Table of contents
What is PowerShell?
Most are familiar with PowerShell. However, just as a refresher, Windows PowerShell is the next generation of scripting environment and language. It allows you to have a much more powerful solution for running and configuring things from the command line.
Unlike the Command Prompt, PowerShell commands, or “cmdlets,” are built with a noun-verb syntax that can manage the file system, the Registry, and other aspects of your Windows environment, both clients and servers. This makes it an excellent tool for system administrators and advanced users.
In Windows 11, you can launch PowerShell using the Windows Terminal. Below is the PowerShell Core terminal.
You can also launch the older Windows PowerShell from the drop-down menu. Either will work for interacting with the Windows registry.
What is the Windows registry?
We have seen and known about the Windows registry for decades now and most understand just how important the registry is. Do you remember the days like me when running Windows 95 or Windows 98 and getting a corrupt registry key that would cause major issues or even prevent the machine from booting?
The registry keeps low-level settings for the Microsoft Windows operating system, including settings, configs, etc, and applications that use the Registry. The registry has things called keys and values, much like a standard relational database does.
You can view the registry by launching the registry editor with regedit.
Using PowerShell to access the registry
You can use other tools from the Windows command line to access the registry, such as reg query. However, PowerShell is by far the better tool and makes the process to access specified items or a specific registry key much easier.
You can access registry keys on your system, including clients and servers and get values using the Get-ItemProperty cmdlet. But before we start to work with the registry, you need to open PowerShell by searching for it in the start menu or by running powershell in the run dialog. Once the PowerShell console is open, we can start to explore the registry.
Let’s look at theGet-ItemProperty cmdlet that is a cmdlet tool that you will want to know about as it can get the registry key values from a registry path you want to zero in on for a machine. For example, to take a look at this, the path HKLM:Software\Microsoft\Windows\CurrentVersion is actually looking at the path that is found on your endpoint you are targeting at the Registry key in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion.
You can use the cmdlet Get-ItemProperty to query the key path:
Get-ItemProperty -Path 'HKLM:SoftwareMicrosoftWindowsCurrentVersion'This command will give you all the properties of the registry path in the PowerShell console.
Using Get-ItemProperty and Get-ChildItem cmdlets
PowerShell provides a suite of cmdlets to interact with the registry, primarily Get-ItemProperty and Get-ChildItem.
The Get-ChildItem cmdlet is used to get the child registry keys of a particular path. It works similarly to the Get-ItemProperty cmdlet, but it returns the registry keys instead of registry values.
A use that you may want to think about for the Get-ChildItem cmdlet might be something like the following example, where we retrieve all the registry keys under the Control Panel:
Get-ChildItem -Path 'HKCU:Control Panel'
More PowerShell cmdlets to work with the registry
To get the current value of a specific registry value from a registry key, we use the Get-ItemPropertyValue cmdlet. This PowerShell command is particularly useful when retrieving a single registry value from a reg key.
You can use the command below to display the contents of a registry key, in this case “ProductName” under Current Version:
Get-ItemPropertyValue 'HKLM:SOFTWAREMicrosoftWindows NTCurrentVersion' -Name ProductName
Additionally, we have the Get-Item cmdlet. The Get-Item cmdlet is used to get the item at the specified path. This could be a file, a registry entry, or even a registry key.
Managing Registry Values Remotely
PowerShell is also “powerful” since it can also be used by admins to manage and configure machines that are remote, even across the Internet if the right connectivity, via VPN, or otherwise is in place. You can use the cmdlet Enter-PSSession to connect to a remote computer and then run PowerShell cmdlets as if you were local to the computer.
Check out my post covering Enter-PSSession here: Enter-PSsession: Run PowerShell Remote Commands.
Using Test-Path
The Test-Path cmdlet comes in handy when checking whether a registry key or registry value exists at a specified path. It returns true if the item exists at the specified path and false if it doesn’t.
For instance, to check whether a registry key exists in the current user hive, we could use the below command:
Test-Path -Path 'HKCU:Control PanelMouse'
If you are writing scripts for automation, this is a handy cmdlet that allows you to check whether or not a particular key exists and then perform other actions based on the key’s existence.
Wrapping up
PowerShell is a great tool that we have as administrators now. It can do so many things and configure just about any aspect of your system. However, it is a really good tool to manage and configure the registry. I think this is a great way to make sure the registry is edited and managed without mistakes. Just keep in mind any scripts you run against the registry at scale needs to be tested first.
