QuickTip: Additional PowerShell Registry drives

May 16, 2010

Windows PowerShell provides access to the system registry via two PowerShell drives: HKLM and HKCU, which maps to the HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER registry hives respectively.

PS > Get-PSDrive -PSProvider Registry

Name Used (GB) Free (GB) Provider Root CurrentLocation
---- --------- --------- -------- ---- ---------------
HKCU Registry HKEY_CURRENT_USER
HKLM Registry HKEY_LOCAL_MACHINE

 

To add registry drives for other hives like HKEY_USERS,HKEY_CLASSES_ROOT etc, we can use the New-PSDrive cmdlet with the provider path of each hive (the $null assignment is used to suppress the output of each New-PSDrive command).

$null = New-PSDrive -Name HKU   -PSProvider Registry -Root Registry::HKEY_USERS

$null = New-PSDrive -Name HKCR -PSProvider Registry -Root Registry::HKEY_CLASSES_ROOT

$null = New-PSDrive -Name HKCC -PSProvider Registry -Root Registry::HKEY_CURRENT_CONFIG

 

PS > Get-PSDrive -PSProvider Registry

Name Used (GB) Free (GB) Provider Root CurrentLocation
---- --------- --------- -------- ---- ---------------
HKCC Registry HKEY_CURRENT_CONFIG
HKCR Registry HKEY_CLASSES_ROOT
HKCU Registry HKEY_CURRENT_USER
HKLM Registry HKEY_LOCAL_MACHINE
HKU Registry HKEY_USERS

 

You won’t be able to access the new registry drives after you exit a current PowerShell session. To make them persistent add the commands to your PowerShell profile.

 

Add comment
facebook linkedin twitter email

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

*

2 comments

  1. Paul DigbyAugust 31, 2012 ב 18:54

    Shay,

    Sorry to bother you directly, hope you will find the time to assists.

    Something is driving me nuts! I am trying to read a value from registry on a Windows 7 computer using Powershell. Up to the line in the code below (retrieving the correct SID), works perfectly. However, from there when I try to read the value of ProxyEnable, it either returns nothing or @{ProxyEnable=1}. I want it to read correctly and result in the value 1

    $usrName = (gwmi -class win32_computerSystem).username #Win7,
    $u2 = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name #2003, XP

    if($usrName -eq $Null) {$usrName = $u2}
    else {$usrName = $usrName}

    $usrName = Split-Path $usrName -leaf

    $Dom = [Environment]::UserDomainName
    $objUser = New-Object System.Security.Principal.NTAccount($($Dom), $($usrName))

    $SID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])
    $sid

    $PE = Get-ItemProperty “HKU:\$SID\Software\Microsoft\Windows\CurrentVersion\Internet Settings” -Name ProxyEnable
    $PE

    Regards

    Paul Digby

    Reply
  2. Paul DigbyAugust 31, 2012 ב 19:19

    Some while later and have managed to ‘crack it’!!!

    The code below first of all gets the logged on user, regardless of OS, gets the SID and then gets the correct value from HKU for logged on user.

    $usrName = (gwmi -class win32_computerSystem).username #Win7,
    $u2 = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name #2003, XP

    if($usrName -eq $Null) {$usrName = $u2}
    else {$usrName = $usrName}

    $usrName = Split-Path $usrName -leaf

    $Dom = [Environment]::UserDomainName
    $objUser = New-Object System.Security.Principal.NTAccount($($Dom), $($usrName))

    $SID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])
    $sid = $sid.value
    $sid

    New-PSDrive -name HKU -psProvider Registry HKEY_USERS | out-null
    Set-Location HKU:
    #Set-ItemProperty “HKU:\$sid\Software\Microsoft\Windows\CurrentVersion\Internet Settings” -Name ProxyEnable -Value 1
    #sleep -Milliseconds 500

    $PE = Get-ItemProperty -Path “HKU:\$SID\Software\Microsoft\Windows\CurrentVersion\Internet Settings”
    $PE.ProxyEnable

    Reply