Use PowerShell to Find and Remove Remote Registry Entries

Use PowerShell to Find and Remove Remote Registry Entries

  • Comments 6
  • Likes

Summary: Microsoft Scripting Guy, Ed Wilson, shows how to use Windows PowerShell to find and remove registry entries from remote systems.

Microsoft Scripting Guy, Ed Wilson, is here. It seems that weekends go faster and faster these days. For one thing, spring has definitely sprung down here in Charlotte, North Carolina in the southern portion of the United States. In fact, this past week we had to mow the grass in our yard. But we have not yet turned on our solar collector (that will happen in about another week or so).

Anyway, I am mellowing out around the house this morning—the Scripting Wife plans to meet up with a few friends later in the day. Tomorrow is International PowerShell User Group Day, and I am reviewing the presentation I will make for that important event. On Friday, I make two presentations at the Charlotte IT Pro Appreciation Day conference in Charlotte, North Carolina. That conference is expected to attract nearly a thousand people from all over the area, and it should be an excellent educational opportunity. I am looking forward to attending some great sessions, in addition to the two sessions that I present.

One question I received during the past week of Live Meetings was about finding and removing registry entries—not only from a local session, but also from remote computers. To do this, I like to use the Windows PowerShell registry provider, and incorporate it with Windows PowerShell remoting.

In Use PowerShell to Edit the Registry on Remote Computers, I talked about one way to use Windows PowerShell remoting to create new entries on a remote computer. In Edit the Registry on Multiple Computers with PowerShell, I talked about running one command and editing the registry on multiple computers.

Note    Today I will continue that discussion as I discuss finding and removing registry entries from multiple computers. For a good introduction to using Windows PowerShell to work with the registry, see The Scripting Wife, Windows PowerShell, and the Registry.
For more advanced topics, check out some of the other blog posts about the registry in the Hey, Scripting Guy! Blog archives. There you will find blogs such as:

In the image that follows, there is an HSG registry key that contains a ForScripting property. Both of these need to be detected, and if they exist, they need to be deleted.

Image of file

The steps involved in detecting and removing the HSG registry key are as follows:

  1. Use Push-Location to store the current location (pushd is an alias).
  2. Use Set-Location to change the working location to the registry drive (sl is an alias).
  3. Use Test-Path to determine if the HSG registry key exists.
  4. Use Remove-Item to remove the registry key.
  5. Return to the original location by using Pop-Location (popd is an alias).

The actual commands are shown here.

Pushd

sl HKCU:\Software

Test-Path hsg

Remove-Item hsg

popd

The commands and the output associated with the commands are shown in the image that follows.

Image of command output

When I know I can successfully test for the presence of a specific registry key, and I know I can remove that registry key, I can put the commands together in a single command. This will facilitate using them with the Invoke-Command cmdlet to run against multiple remote computers.

I recreate the registry key on my local computer by using the commands that are shown here.

pushd

sl HKCU:\Software

New-Item -Name hsg

New-ItemProperty -Name forscripting -PropertyType string -Path hsg –Value “PowerShell Rocks”

popd

Now, I create a single command to test for the registry key and to remove it if it exists. To do this, I use a semicolon to separate the logical commands. In addition, I added the if statement to determine if the registry key exists before I attempt to delete it. In the else condition, I display a message that the registry key does not exist. The command is shown here.

pushd;sl HKCU:\Software; if(test-path hsg){remove-item hsg}ELSE{"hsg does not exist"};popd

After I know the single line command works properly, I can easily add it to the Invoke-Command cmdlet to find and delete the registry key on all remote servers that are listed in the servers.txt file. The content of the servers.txt file is shown in the image that follows.

The revised command is a single-line logical command that spans multiple lines in the console. This command is shown here.

invoke-command -cn (cat c:\fso\servers.txt) -credential iammred\administrator {pushd;sl HKCU:\Software; if(test-path hsg){remove-item hsg}ELSE{"hsg does not exist"};popd}

Well, that is about all there is to testing remote machines to see if they contain a specific registry key. I invite you to follow me on Twitter and Facebook. If you have any questions, send email to me at scripter@microsoft.com, or post your questions on the Official Scripting Guys Forum. See you tomorrow. Until then, peace.

Ed Wilson, Microsoft Scripting Guy 

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • Spring has finally sprung in North Carolina? I don't really recall Winter ever making it here. Oh wait, we did have snow that one day. Of course the following day it was 61F (16C), so I don't know how much that counted.

  • Ed,

    First, thanks for your many posts on scripting.  They’re a big help and greatly appreciated.

    I recently searched for a script to remove registry keys from multiple servers and found this post.

    This seems like an exact fit for the issue I have so I followed the logic, tested it locally and it worked.

    However, when I modified the multiline script to remove it from remote servers, I kept getting the error

    Invoke-Command : Cannot validate argument on parameter “ComputerName”.  The argument is null or empty.

    The actual script being run is

    invoke-command -cn (cat t:\scripts\servers.txt) -credential domain123\administrator {pushd;sl HKLM:\Software; if(test-path

    1234567890asdf){remove-item 1234567890asdf }ELSE{"1234567890asdf  does not exist"};popd}

    The file “servers.txt” contains the list of servers being referenced.

    What did I miss?  Any help would be greatly appreciated.

    Thanks,

  • Ed,

    This is great. However, it doesn't address the 'find' portion of the registry. What if don't know 'where' the reg key is?

    I want to find an obscure 'adobe' key in hklm and I have no idea if its under  hklm:\software or hklm:\system. How would I accomplish that?

  • Find a key in the registry for HKLM and HKCU hives:

    dir hklm:\*adobe*,hkcu:\*adobe* -rec -ea 0

  • Ed, Thanks as always for the post. I was under the impression that the Test-Path cmdlet does not work in the Registry when looking for Registry entries (See Example 5: http://technet.microsoft.com/en-us/library/hh849776.aspx) How would you do the above if you were looking for not a key, but a specific entry? Thanks

  • If you were doing this locally, Is there any reason you wouldn't just use

    if (test-path hkcu:\software\hsg) {
    remove-item hkcu:\software\hsg
    }

    Is there any advangtage to using push/pop-location?