Powershell Core 6.2 Cookbook
上QQ阅读APP看书,第一时间看更新

How to do it...

Install and start PowerShell Core on Windows and execute the following steps:

  1. Execute the following code to list items in the local machine registry hive:
# Like the filesystem, the local registry hives can be browsed.
# ACLs apply, so AccessDenied errors aren't uncommon
Get-ChildItem HKLM:\SOFTWARE
  1. Since there're no additional filters, you don't have much control over Get-ChildItem, which only returns registry keys and displays their values. Trying to enumerate values this way fails:
# Get-ChildItem returns Keys and their values by default
Get-ChildItem -Recurse -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
  1. To enumerate registry values, the Get-ItemProperty cmdlet is used. Try the following code sample:
# To retrieve only properties, Get-ItemProperty is used instead
# Without a name, Get-ItemProperty returns all values in a given path
Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion'

# If only the property value is used
Get-ItemPropertyValue -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName

# While this is used predominantly for Registry access, it can be used for the file
# system as well. However, this approach is very cumbersome
Get-ItemProperty -Path $(Get-Command -Name pwsh).Source -Name LastWriteTime

  1. Creating new items works similarly to the filesystem. Notice that registry keys are created, not values:
# In order to create new keys, you can use New-Item
New-Item -Path HKCU:\Software -Name MyProduct
  1. In order to work with values, the ItemProperty cmdlets are used. Try the next code sample to see how new values are created and existing values are changed:
<#
To create new values, use New-ItemProperty. Values for PropertyType include:
String (REG_SZ): Standard string
ExpandString (REG_EXPAND_SZ): String with automatic environment variable expansion
Binary (REG_BINARY): Binary data
DWord (REG_DWORD): 32bit binary number
MultiString (REG_MULTI_SZ): String array
QWord (REG_QWORD): 64bit binary number
#>
New-ItemProperty -Path HKCU:\Software\MyProduct -Name Version -Value '0.9.9-rc1' -PropertyType String
New-ItemProperty -Path HKCU:\Software\MyProduct -Name SourceCode -Value $([Text.Encoding]::Unicode.GetBytes('Write-Host "Cool, isnt it?"')) -PropertyType Binary

# Test it ;)
[scriptblock]::Create($([Text.Encoding]::Unicode.GetString($(Get-ItemPropertyValue -Path HKCU:\Software\MyProduct -Name SourceCode)))).Invoke()

# Change an item
Set-ItemProperty -Path HKCU:\Software\MyProduct -Name SourceCode -Value $([Text.Encoding]::Unicode.GetBytes('Stop-Computer -WhatIf'))
[Text.Encoding]::Unicode.GetString($(Get-ItemPropertyValue -Path HKCU:\Software\MyProduct -Name SourceCode))
  1. Removing items is straightforward. Try the next code sample to remove your key again:
# The default removal cmdlet works just as well
Remove-Item -Path HKCU:\Software\MyProduct -Verbose

  1. Note that the registry provider is unable to map remote registries—you need to use .NET to be able to do that.
# Not capable of using credentials
Get-PSProvider -PSProvider Registry

# Mapping local hives is fine
New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT
Get-ChildItem -Path HKCR:
Remove-PSDrive -Name HKCR