Compartir a través de


Using PowerShell to access the Registry

Anyone who has ever worked with the registry is very familiar with RegEdit. It’s been around since Windows 95. Over the years, it has gotten better whenever Windows is upgraded.

One of the things I that not many are aware of is that you can also use PowerShell to access the registry, however, you are currently only access the HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER hive.

You can walk through the registry by using Get-ChildItem cmdlet or dir alias and specifying a registry path.

If you want to enumerate the root of the HKEY_CURRENT_USER, you can easily do this by typing:

   1: dir HKCU:
  2: 

You will get an error, however, when you try to access any section of the registry that you do not have permission against even if you are running as an Administrator. The reason is because some parts of the registry is only accessible by the system. The error occurs because you need permission to count the number of subkeys. The subkey count are listed under the SKC column. In the example below, I didn’t have access to the SAM container.

 PS C:\WINDOWS\system32> dir HKLM:
 
 
    Hive: HKEY_LOCAL_MACHINE
 
 
 
SKC  VC Name                           Property

---  -- ----                           --------
  2   0 BCD00000000                    {}
  4   0 HARDWARE                       {}
  1   0 SAM                            {}
Get-ChildItem : Requested registry access is not allowed.

At line:1 char:4

+ dir <<<<  hklm:
    + CategoryInfo          : PermissionDenied: (HKEY_LOCAL_MACHINE\SECURITY:String) [Get-ChildItem], SecurityExceptio
   n
    + FullyQualifiedErrorId : System.Security.SecurityException,Microsoft.PowerShell.Commands.GetChildItemCommand
 
 28   1 SOFTWARE                       {(default)}
  9   1 SYSTEM                         {(default)}

You can go to a specific location by using the Set-Location cmdlet or cd alias. If you want to go to the Software\Microsoft\Windows subkey in the HKEY_LOCAL_MACHINE hive, you can do this by typing:

   1: cd HKLM:\Software\Microsoft\Windows
  2: 

By just using the cd and dir, you can easily navigate through the registry as easy as navigating through file directories. On my next blog, I will show how you can create keys or manipulate some of the data in the registry.

Comments

  • Anonymous
    October 14, 2013
    "On my next blog, I will show how you can create keys or manipulate some of the data in the registry." That statement is false...

  • Anonymous
    September 24, 2014
    How do you grant Powershell access to that SAM container?