Are you writing a PowerShell script that requires reading registry values? In this Itechguide, you’ll learn how to use PowerShell to read registry values.
How to Format Registry Paths for PowerShell
Before I teach you how to use PowerShell to read registry value, I want to teach you how to format registry paths to work with PowerShell.
Windows registry has 5 top-level keys (Root keys):
- HKEY_LOCAL_MACHINE
- HKEY_CURRENT_CONFIG
- HKEY_CLASSES_ROOT
- HKEY_USERS
- HKEY_CURRENT_USER
To read a registry value, you specify the key as a path in the Get-ItemProperty or Get-Item Cmdlets. There are 2 ways to format the registry path:
Method 1: Format with the Full Registry Key Path
Enter Registry:: followed by the full path to the registry. For example, to specify “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion“, I will use “Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion“
Method 2: Format with the Abbreviated Registry Key Path
You could also enter the abbreviation of the top level registry key (root key), followed by a colon (:), then the full path to the registry key (without the root name).
As a reminder, here are the abbreviations for the root keys:
HKEY_LOCAL_MACHINE – HKLM
HKEY_CURRENT_CONFIG – HKCC
HKEY_CLASSES_ROOT – HKCR
HKEY_USERS – HKU
HKEY_CURRENT_USER – HKCU
Therefore, to specify the registry path, “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion” with this second method, it will written – “HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion“
How to Copy Registry Key Name
One more thing before I move on – it is better to copy the path to the registry key you want to read with PowerShell – instead of typing it manually.
To copy a registry key, right-click the key and select Copy Key Name. Here is an example.
Example 1: Return All Values in a Registry Key
To return all the values of a registry key, enter the command below and press enter.
Get-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion
The command will return all the values in the specified path. The second screenshot below is the actual registry entry.
If you compare the PowerShell result and the registry values (second pane), they are exactly the same.
Example 2: Return a Specific Registry Key
Following on from the last section, the command in that section returned all values in the specified registry path. However, you can also use PowerShell to read registry value but return a specific value.
There are multiple ways to do this.
The last command (the Get-ItemProperty command) returned the values shown in the screenshot below.
To return the value CommonFilesDir, use one of the commands below:
(Get-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion).CommonFilesDir
Get-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion | Select-Object -ExpandProperty CommonFilesDir
The two commands return the the registry data, without the property name, CommonFilesDir. See the screenshot below:
Finally, for this sub-section, you can use PowerShell to read registry value and save the value in a variable. For example, we can save the registry data in the last command in a variable called $RegData.
Here is the modified command:
$RegData = Get-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion | Select-Object -ExpandProperty CommonFilesDir
Now, when you run the command, it will not return any result on the console because the result is saved in the variable…
However, to display the result saved in the variable, run the variable…
$RegData
Here is the result in PowerShell…
Example 3: Return Registry Subkey Name
The last command in the last last sub-section returned both the names of the registry keys and their Data.
However, sometimes you may want to display the Names without the Data. You can use the Get-Item Cmdlet to do this. See the command below…
Get-Item -Path Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion | Select-Object -ExpandProperty Property
The command will return the Names of the registry keys without the accompanying Data column.
Example 4: Return Binary Data Registry Values
In this example, I want to display the binary value in the registry key, CaptionFont. This key is found in this registry path HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics.
The first step is to return the property of the CaptionFont key. However, before I do that, lets list all the properties in HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics.
$key = Get-Item "Registry::HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics"
The command returns a set of properties, including CaptionFont.
To return just the properties, pipe the above command to the Select-Object…
Get-Item "Registry::HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics" | Select-Object -ExpandProperty Property
This command displays all the properties in the list.
To display the CaptionFont (the 4th value in the array), update the command as shown below and save it in a variable…
$name = (Get-Item "Registry::HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics" | Select-Object -ExpandProperty Property)[3]
Then, to display the type of registry value (in this instance, REG_BINARY), call the GetValueKind Method in the original command saved in the $key variable. Then, use CaptionFont (saved in the $name) as the value in the Method.
Here is the command…
$Type = $key.GetValueKind($name)
The result, as expected is Binary.
Next, we read the values in the Binary registry type with the PowerShell command below…
$Value = $key.GetValue($name)
As you can see from the command, the value is retried by calling the GetValue Method in the original key saved in the $key variable. Then, using the name of the Property, CaptionFont in the Method.
The result is a bunch of numbers. To see this value in the registry, see the screenshot below.
Finally, to make it easy to list registry values, I created a PowerShell function called Get-RegistryData. To download the function, click download Get-RegistryData.zip
Once downloaded, unzip the file. Then, run the commands below:
Unblock-File C:\Users\VictorA\Downloads\Get-RegistryData\Get-RegistryData\Get-RegistryData.ps1 Import-Module C:\Users\VictorA\Downloads\Get-RegistryData\Get-RegistryData\Get-RegistryData.ps1
To get the values or data in the keys on a registry path, run the command below.
Get-RegistryData -RegistryPath "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer"
The command displays the names of the keys, the registry path and type of the key.
Alternatively, if you don’t want to display certain headers, you can pipe Get-RegistryData to Select-Object.
Get-RegistryData -RegistryPath "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" | Select-Object name, type, data
With the command above, Get-RegistryData displays the Name, Type, and Data of each key in the specified registry path…
Example 5: Read Registry Value and Return an Array
To read registry key with PowerShell and return the value in an array, use the Get-ChildItem command.
This registry key, HKEY_CURRENT_USER\Control Panel\Desktop has 3 subkeys. The command below returns all the sub-keys, their properties, and values:
$subkeys = Get-ChildItem "registry::HKEY_CURRENT_USER\Control Panel\Desktop"
These values are returned in an array. To confirm, run the command below…
$subkeys.GetType()
This command confirms that the data type in the last command, saved in the $subkeys variable is an array.
Example 6: Get Registry Value if it Exists
The example in this sub-section is similar to all other examples in this guide with a minor exception. The slight modification here is to use Test-Path to check if the path exist.
Then, if the path exists, get its values with PowerShell. This simple script will check if the registry path, HKEY_CURRENT_USER\Control Panel\Desktop exists.
Then, if it exists, it will read its values with the Get-ItemProperty command.
If (Test-Path "Registry::HKEY_CURRENT_USER\Control Panel\Desktop")
{
Get-ItemProperty "Registry::HKEY_CURRENT_USER\Control Panel\Desktop"
}
Else {
write-host "The specified registry value does not exist."
}
The registry key, “Registry::HKEY_CURRENT_USER\Control Panel\Desktop” exists. So, the last command returned its values.
Let’s see if we specify a registry key that does not exist…
If (Test-Path "Registry::HKEY_CURRENT_USER\Control Panel\Desk")
{
Get-ItemProperty "Registry::HKEY_CURRENT_USER\Control Panel\Desk"
}
Else {
write-host "The specified registry value does not exist."
}
This time, the script executes the script in the Else block of the IF statement.
Example 7: Get and Compare Registry Values
As you may have figured, the Get-Item and Get-ItemProperty commands do not display the registry key types and data. So if you want to compare the data in a key, you have to find another way to do it.
In the “How To Use PowerShell To Read Registry Value And Return Binary Data” sub-section, I mentioned that I created a function called Get-RegistryData.
You can use this function to return the names, types and data of the sub-keys in a specified registry path.
For example, to return the names, types and data of all entries in HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer, run the command below…
Get-RegistryData -RegistryPath "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer"
If we take it further, say I want to compare the value of the IconUnderline key with another value, I will proceed as outlined below.
- Pipe the output of the Get-RegistryData command into a Where-Object command and filter by Name equals IconUnderline.
Get-RegistryData -RegistryPath "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" | Where-Object {$_.Name -eq "IconUnderline"}
The last command shows that the current value in “IconUnderline” is 3.
- If I want to compare this value to another value, say 2, I will use the commands below. The first command saves the command in step 1 above to a variable.
$RegValue = Get-RegistryData -RegistryPath "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" | Where-Object {$_.Name -eq "IconUnderline"}
If ($RegValue.Value -ne 1) {Set-ItemProperty -Path $RegValue.Path -Name $RegValue.Name -Value 1}
The IF statement compares the current value in the registry key with 1. Then, if it is not equal to 1, it uses the Set-ItemProperty command to update the value to what you specify in the Value parameter.
Example 8: Get Registry Keys and Subkeys
There are two commands you can use to get registry keys and subkeys. You can use the Get-ItemProperty or the Get-ChildItem command.
The difference between the two commands is how you specify the registry path.
To use the Get-ItemProperty to get registry key and subkeys, add a back slash at the end of the registry path. Then, add the asterisk wildcard behind the backslash.
For example to the Get-ItemProperty to read keys and subkeys in HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer, run the command below:
Get-ItemProperty "Registry::HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\*"
On the other hand, using the Get-ChildItem does not require adding any backslash and a wildcard. Here is an example with the Get-ChildItem command:
Get-ChildItem "Registry::HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer"
Both commands return the keys and subkeys in the specified registry path.
Example 9: Get a Registry Key’s LastWriteTime
While I was researching this article I found out that a lot of users are searching for how to use PowerShell to get the last time a registry key was updated.
However, during my research I also found out that there are no existing Cmdlets for this task. Additionally, it appears that the only solution is to create a custom PowerShell Function.
Fortunately, I found a function in superuser.com. So, I didn’t need to create mine!
To make it easy for www.itechguides.com readers, I have downloaded the Add-RegKeyLastWriteTime superuser.com function.
To download the function from www.itechguides.com, click download Add-RegKeyLastWriteTime.zip. Then, Unzip the downloaded zip file.
Finally, open PowerShell and run the commands below:
Unblock-File C:\Users\VictorA\Downloads\Add-RegKeyLastWriteTime\Add-RegKeyLastWriteTime\Add-RegKeyLastWriteTime.ps1 Import-Module C:\Users\VictorA\Downloads\Add-RegKeyLastWriteTime\Add-RegKeyLastWriteTime\Add-RegKeyLastWriteTime.ps1
Finally, to get the last write time of a registry key, run the command below:
Get-ChildItem HKCU:\ | Add-RegKeyLastWriteTime | Select Name, LastWriteTime
The command returns the last write time for all the subkeys in the HKEY_CURRENT_USER base registry key…
Example 10: Get Windows Registry Database Size
If you want to see the size of registry in Windows 10, run the command below:
Get-WmiObject -Class Win32_Registry
The command returns the Current and Max size of the registry database.
However, you can display additional results with an improved version of the command. I found a code that can do this in superuser.com.
The code by Markus (a superuser.com community contributor) displays additional information. Here is the code.
$data=Get-WmiObject -Class Win32_Registry -ErrorAction Stop
Format the results and write an object to the pipeline
$data | Select-Object -Property @{Name="Computername";Expression={$_._SERVER}}, Status, @{Name="Current Size (Mb)";Expression={$.CurrentSize}},
@{Name="Max Size (Mb)";Expression={$_.MaximumSize}},
@{Name="Free Size (Mb)";Expression={$_.MaximumSize - $_.CurrentSize}},
@{Name="Percent Free (%)";Expression={ (1 - ($_.CurrentSize/$_.MaximumSize))*100 }},
@{Name="Created";Expression={$_.ConvertToDateTime($_.InstallDate)}},
@{Name="Age";Expression={(Get-Date) - ( $_.ConvertToDateTime($_.InstallDate)) }}
And the result in PowerShell…
Conclusion
Reading registry values is an essential part of PowerShell coding and in this guide, I have explained various ways to do this.
Let me know your thoughts about this guide by responding to the “Was this page helpful?” question below.
Finally, for more PowerShell Itechguides, visit our Windows PowerShell how-to page.
