Understanding the Registry Provider

The registry provider provides a consistent and easy way to work with the registry from within Windows PowerShell. Using the registry provider, you can search the registry, create new registry keys, delete existing registry keys, and modify values and access control lists (ACLs) from within Windows PowerShell. The commands used in the procedure are in the  UnderstandingTheRegistryProvider.txt file. Two PSDrives are created by default. To identify the PSDrives that are supplied by the registry provider, you can use the Get-PSDrive cmdlet, pipeline the resulting objects into the Where-Object cmdlet, and filter on the provider property while supplying a value that is like the word registry. This command is shown here:

 get-psDrive | where {$_.Provider -like "*Registry*"}

The resulting list of PSDrives is shown here:

 Name       Provider      Root                                   CurrentLocation ----       --------      ----                                   --------------- HKCU       Registry      HKEY_CURRENT_USER HKLM       Registry      HKEY_LOCAL_MACHINE

Obtaining a listing of registry keys

1. Open Windows PowerShell.

2. Use the Get-ChildItem cmdlet and supply the HKLM:\ PSDrive as the value for the path argument. Specify the software key to retrieve a listing of software applications on the local machine. The resulting command is shown here:

    GCI -path HKLM:\software

3. A partial listing of similar output is shown here. The corresponding keys, as seen in Regedit.exe, are shown in Figure 3-6.

       Hive: Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\software SKC  VC Name                           Property ---  -- ----                           --------   2   0 781                            {}   1   0 8ec                            {}   4   0 Adobe                          {}  12   0 Ahead                          {}   2   1 Analog Devices                 {ProductDir}   2   0 Andrea Electronics             {}   1   0 Application Techniques         {}

   
   Figure 3-6: A Regedit.exe similar view of HKEY_LOCAL_MACHINE\SOFTWARE

4. This concludes this procedure. Do not close Windows PowerShell. Leave it open for the next procedure.

Searching for hotfixes

1. Use the Get-ChildItem cmdlet and supply a value for the path argument. Use the HKLM:\ PSDrive and supply a path of Software\Microsoft\Windows NT\CurrentVersion\Hotfix. Because there is a space in Windows NT, you will need to use a single quote (') to encase the command. You can use Tab completion to assist with the typing. The completed command is shown here:

    GCI -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix'

2. The resulting similar list of hotfixes is seen in the output here, in abbreviated fashion:

       Hive: Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Micros oft\Windows NT\CurrentVersion\HotFix SKC  VC Name                           Property ---  -- ----                           --------   1   8 KB873333                       {Installed, Comments, Backup Dir, Fix...   1   8 KB873339                       {Installed, Comments, Backup Dir, Fix...   1   8 KB883939                       {Installed, Comments, Backup Dir, Fix...   1   8 KB885250                       {Installed, Comments, Backup Dir, Fix...

3. To retrieve information on a single hotfix, you will need to add a Where-Object cmdlet. You can do this by using the up arrow to retrieve the previous gci -path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix' command and pipelining the resulting object into the Where-Object cmdlet. Supply a value for the name property, as seen in the code listed here. Alternatively, supply a “KB” number from the previous output.

    GCI -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix' | where {$_.Name -like "*KB928388"}

4. This concludes this procedure.