How to use PowerShell to Get a Registry Value (PS Drives and .NET)

Bill Kindle

Read more posts by this author.

In this article, learn how to use PowerShell to get a registry value and query entries in a registry using a variety of methods.

Let’s get going!

Prerequisites

All examples in this article will be demonstrated using PowerShell 7.1, which at the time this article was published, is the latest version. You can also use Windows PowerShell 5.1 if you choose. You should also have some basic understanding of PowerShell Drives.

Some examples may not work without Administrator privileges.

Getting Registry Keys and Values with Get-ChildItem

One of the easiest ways to find registry keys and values is using the Get-ChildItem cmdlet. This PowerShell cmdlet gets registry values and more by enumerating items in PowerShell drives. In this case, that PowerShell drive is the HKLM drive found by running Get-PSDrive.

Run the following command in a PowerShell console.

Get-ChildItem -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\'

In the screenshot below, you can see:

  1. The full key path for the WindowsUpdate registry key
  2. The key AU
  3. The list of registry entries in the AU key with corresponding values
Getting registry values for Windows Update
Getting registry values for Windows Update

One quick point regarding the above screenshot. You may notice that the output is a little misleading. Normally, PowerShell console output represents properties of an object. Get-ChildItem behaves differently in this case because this object technically has no properties. Extra commands are run in the background to produce display formatting that you see.

Related: How to Check for a Pending Reboot in the Windows Registry

Getting Registry Values with Get-ItemProperty

Continuing with the same registry key as before, let’s use the Get-ItemProperty cmdlet this time and make the output more readable.

Using Get-ItemProperty is best for getting an item property obtaining keys and their values within the registry. Run the command below:

Get-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU'

In the screenshot below, you see a list of the keys and values:

  1. For the registry container AU
  2. PowerShell related properties which all begin with PS
Using Get-ItemProperty to get registry values
Using Get-ItemProperty to get registry values

As an alternative, you can also specify the registry item path to get the same output only slightly faster by using .NET. The below command is using the .NET Registry Class to get a registry value:

Get-ItemProperty -Path Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

Getting Registry Values with Get-ItemPropertyValue

Now It’s time to look at key values. Using the Get-ItemPropertyValue cmdlet with the same registry container as before, lets look at the value for the key NoAutoUpdate. Run the following PowerShell command:

Get-ItemPropertyValue -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\' -Name NoAutoUpdate

Using Get-ItemPropertyValue, you will get a more succinct output only showing the value and not any of the other information you saw previously.

NoAutoUpdate key and the corresponding value
NoAutoUpdate key and the corresponding value

Querying the Registry without PS Drives

Throughout this tutorial, you’ve been using PowerShell drives to work with the registry. Doing it this way isn’t the only way; you can also leverage .NET and get registry information via .NET classes too!

For example, perhaps you need to use PowerShell to get a registry value of HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ : AutoUpate on a remote computer.

You can do so with .NET by:

  1. Opening the registry connection on the remote computer.
$Registry = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $Computername)

2. Opening the specific registry key you’re looking for.

$RegistryKey = $Registry.OpenSubKey("SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU", $true)

3. Using the GetValue() method to query the value of the registry value inside of the registry key.

$RegistryKey.GetValue('AU')

Using .NET rather than PowerShell drives is a bit faster and is an easy way to connect to and use PowerShell to query registry keys and values on remote computers.

Testing Registry Values with Test-Path

Sometimes you just need to validate if a registry value is present. The way you do that is with the Test-Path cmdlet.

Continuing with the WindowsUpdate container, test to see if the AU container is present by running the following PowerShell command:

Test-Path -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU'

If the result is True, the key or container exists. But what if you need to test a value or entry exists? Let’s build a custom function for this test:

Function Test-RegistryValue ($regkey, $name) {
     if (Get-ItemProperty -Path $regkey -Name $name -ErrorAction Ignore) {
         $true
     } else {
         $false
     }
 }

Using the custom function, you enter a path and name of the key or container, and the value you are looking for, and the custom function will return True or False (3) as shown in the screenshot below:

Enter a Path Name to Return True or False
Enter a key and value to test and return True or False

Next Steps

Know that you can use the Get-ChildItem, Get-ItemProperty, and Get-ItemPropertyValue to get registry keys and their values, what else can you do?

If you’d like to learn more about working with the registry with PowerShell, check out the article from Microsoft Docs titled, ‘Working with Registry Keys’. You can also find a great demonstration of setting registry values in the ATA blog post Using Active Setup: How to Set a Registry Value in All Users Hives.

Subscribe to Stay in Touch

Never miss out on your favorite ATA posts and our latest announcements!

Looks like you're offline!