Learn about Windows PowerShell
This week we will be following the Scripting Wife as she pushes ahead with her preparations for the 2010 Scripting Games. You can catch up with her progress by reviewing the articles in the archive.
Microsoft Scripting Guy Ed Wilson here. I was working on a Windows PowerShell script for Microsoft PowerPoint Week when she walked into the room. Like a red rose swaying gently in the afternoon breeze, the Scripting Wife barely touched the floor as she glided into the room. Like opening the window of a room in an island tropical paradise, the room suddenly filled with a hint of jasmine.
“Of all the rooms in all the house, you walk into mine,” I said in my best Bogart voice.
“Your impressions are really lame. I need to know how to use Windows PowerShell to work with the registry. But probably, I need to know what a registry is first,” she said.
“Ah, the thorn on that fair rose, that pricks me deep; I thought it was destiny that brought you to my lair. A damsel in distress—I will rise to the challenge. I will don your colors and shepherd you on your quest,” sounding a bit like Peter O’Toole in Man of La Mancha.
“It’s a good thing I came in here, I think you are going stir-crazy,” she said with mock sympathy. “So, what do I need to do?”
“First of all, you want to create a System Restore point on your laptop, before you begin monkeying around in the registry. Use the Checkpoint-Computer cmdlet. For the Description parameter, use something like “before registry exercise” and for the RestorePointType parameter, use modify_settings. You can type those commands directly into the command pane of your Windows PowerShell ISE,” I said.
“It don’t work. It gives me a bogus error,” she said turning her laptop screen towards me. (See following image.)
Note: The Scripting Wife is going to create two keys in the registry. You should always be careful when making changes to the registry because changes to the registry can cause your computer to behave erratically. This is why the Scripting Wife first created a System Restore point. The Restore-Computer cmdlet can be used to restore a particular System Restore point, if needed.
“You call all errors bogus. Now how many times have I told you the errors are not bogus? You need to read them so you can figure out what is wrong. Uh, wait a minute. You are right this is bogus,” I said upon closer inspection of the error message. “Well, my dear, I apologize. More than likely, you need to run this cmdlet with administrative rights. Do you remember how to use Run as?” I quizzed.
“Of course. We just talked about it the other day. Are you gonna give me the administrator password?” she asked as she right clicked on the blue and white Windows PowerShell console icon.
“No, I am not going to give you the admin password. But I will type it into the dialog box for you, so you can create a System Restore point on your computer,” I said with mock exasperation.
“Okay. The Windows PowerShell console is up. So I type Checkpoint-Computer –Description “Before Registry Exercise” –RestorePointType modify_settings. Got it! Oh that is pretty cool,” she said as she started to turn her laptop monitor for me to view.
“I don’t need to see it my dear. I have seen it before, but you are right. It is cool. Now close the Windows PowerShell console, and go back to your Windows PowerShell ISE. Clear the errors from your output pane, by clicking the little squeegee icon that appears under the Help menu. After you have done that, in the command pane type Regedit and press ENTER,” I instructed.
“Done,” she said proudly, showing me what you see in the following image.
“Okay, now in the Registry Editor, on the left side of the screen you have what is called the Registry Tree. Each section name that begins with HKEY_ is a grouping of related information. The HKEY_CURRENT_USER section contains information about the way you like your programs to run, such as which search engine to use with Internet Explorer 8.0, whether or not you want Windows Media Player to stretch to fit when it launches, or which font you use in Notepad,” I explained.
“So what you are saying is that when I change things in an application, it gets written to the registry. Okay, that makes sense,” she stated.
“Because you are not an administrator, there are areas in the registry you are not allowed to make changes. But because HKEY_CURRENT_USER contains settings for the way you like to run your programs, you will generally have access to stuff in that area,” I said.
“Okay, fine. Show me how to work with the registry,” she said impatiently.
“In your Windows PowerShell ISE, type dir HKCU:\s and press the TAB key a couple of times until HKCU:\Software appears. HKCU, as you may have figured out, is a shortcut for HKEY_CURRENT_USER. The cool thing is that tab expansion works, and it can save you a lot of typing,” I said.
“Okay, done,” she said turning her monitor so I could check her work.
“Now, let’s create a registry key. To do this, use the New-Item cmdlet. Before you press ENTER, I want to look at it, okay?” I confirmed.
“Okay,” she said.
“The registry key will be directly under the software section we looked at earlier. Type New-Item –Path HKCU:\s and press TAB a couple times until HKCU:\Software appears. Use ScriptingWife as the name for the registry key, so you will type –name ScriptingWife. Got it?” I asked.
“Yes,” she said turning the monitor.
“Okay, the command looks good. Go ahead and press ENTER. When you are done, press the up arrow key to retrieve your command. Look at the command and the output that is displayed,” I said.
“That is pretty cool. Can we do another one?” she asked with sincerity.
“Sure. Use your up arrow to retrieve the New-Item cmdlet you used earlier. Type a p after New-Item, so you have New-Itemp and press TAB to complete the New-ItemProperty cmdlet. At the end of –path HKCU:\Software, type \Sc, and press TAB to complete the –path HKCU:\Software\ScriptingWife portion of the command. Change –name ScriptingWife to –name test and add –value “ok” to the end of the command. Your complete command should look like this: New-ItemProperty –path HKCU:\Software\ScriptingWife –name test –value “ok”. How does that look? Press ENTER when you think you have it right,” I added.
“Okay,” she said hesitantly. “How does this look?”
“Good. Now check it in the Registry Editor,” I added.
“That looks cool,” she enthused.
“Why don’t you go and play with that a little bit? If you get stuck, look for ‘registry’ in the Help files,” I added helpfully.
If you want to know exactly what we will be looking at tomorrow, follow us on Twitter or Facebook. If you have any questions, send e-mail to us at firstname.lastname@example.org or post your questions on the Official Scripting Guys Forum. See you tomorrow. Until then, peace.
Ed Wilson and Craig Liebendorfer, Scripting Guys
Thanks for this post.
Is there a command in PowerShell to delete a System Restore point?
If so, what is it?
I've performed the above and get the following error:
PS C:\Windows\system32> checkpoint-computer -Description "Before Registry Exercise" -RestorePointType modify_settings
Checkpoint-Computer : This command cannot be executed due to the following error: the service cannot be started because it is disabled
or does not have enabled devices associated with it.
At line:1 char:20
+ checkpoint-computer <<<< -Description "Before Registry Exercise" -RestorePointType modify_settings
+ CategoryInfo : InvalidOperation: (:) [Checkpoint-Computer], ArgumentException
+ FullyQualifiedErrorId : ServiceDisabled,Microsoft.PowerShell.Commands.CheckpointComputerCommand
I tried starting the remoteregistry service with
but get the same error message after running it.
When I look at my services for "Remote Registry" they are enabled. I'd like to run a powershell script on a list of computers to delete a registry key. The registry key is a software key that shows the software in "add/remove" programs on WinXP boxes. The software cannot be removed via SCCM 2012, and when trying to uninstall the software via the add/remove prog applet, it throws out an error that it can't find the source files. So, the only way to get the software removed at least from showing in add/remove programs is via the registry key. I'm a newby at powershell, but really need to learn it. Any help is greatly appreciated. Thanks :)