Chapter 7. Registry administration

This chapter covers

  • Discovering the registry’s size
  • Manipulating registry keys and values
  • Discovering security settings on registry keys
  • Monitoring changes on keys and values

The registry is used to contain configuration information about your Windows systems. It’s entirely separate from the information maintained by the WMI providers we discussed in chapter 3, though some of the information may overlap.


This is the point where I issue the traditional warning about being careful with the registry. If you damage the registry, you may have to rebuild your system. I’m assuming that if you’re reading this, you aren’t going to deliberately wreck your system, but do be careful. Creating a system restore point before experimenting with the registry is highly recommended—use Checkpoint-Computer on a client system.

Working with the registry on your local computer is easy because you have the registry provider. This means you can use the standard cmdlets (*-Item, *-ItemProperty, and so on) to perform your administration tasks. If you have PowerShell v2 installed on all of your machines, you could use PowerShell remoting to access the registry provider on your servers. But many organizations aren’t in that position, so you’ll need to use WMI to work with remote registries. There’s similar .NET functionality, but I’m not going to cover it here.

7.1. Accessing the registry

7.2. Reading the registry

7.3. Creating and modifying registry keys and values

7.4. Deleting registry keys

7.5. Registry access rights

7.6. Registry events

7.7. Summary