Category filter
Scripts to manage registry keys on Windows devices
The registry is a vital component of the Windows operating system that stores essential system and application settings. Modifying registry keys can be a powerful way to customize and configure Windows devices, but it can also be a daunting task, especially when managing many devices. To simplify the process, administrators can use scripts to automate the management of registry keys on Windows devices. Using Hexnode’s Execute Custom Script feature you can deploy scripts on multiple devices from a single platform.
- Edit the registry only when there are no other alternatives. Altering the registry settings may have conflicts with the standard safeguards and damage the system.
- The sample scripts provided below are adapted from third-party open-source sites.
PowerShell commands to manage registry keys
List all subkeys in local machine registry
To list all the subkeys present in the local machine registry, use the following command:
|
1 |
Get-ChildItem -Path HKLM:\ | Select-Object Name |
Create a subkey inside the local machine registry
To add a subkey in the local machine registry, use the following syntax:
|
1 |
New-Item -Path HKLM:\<subkey>\<name_of_the_new_key> |
For example, to create a subkey named ‘newkey’ inside the SOFTWARE subkey of the local machine registry.
New-Item -Path HKLM:\SOFTWARE\newkey
To add a new key having spaces in its name, use the following code:
New-Item -Path ‘HKLM:\SOFTWARE\new key’
Delete a subkey from the local machine registry
To silently delete a subkey from the local machine registry, use the following syntax:
|
1 |
Remove-Item -Path HKLM:\<subkey>\<key_to_be_deleted> |
For example, to delete a subkey named ‘key_to_be_deleted’ inside the SOFTWARE subkey of the local machine registry.
Remove-Item -Path HKLM:\SOFTWARE\key_to_be_deleted
Delete all keys under a specific key
To remove all keys within a specified subkey but not the key itself, use the syntax:
|
1 |
Remove-Item -Path HKLM:\<subkey>\<keyname>\* -Recurse |
For example, to remove all keys under the key ‘key_name’ but itself, inside the HARDWARE subkey of the local machine registry.
Remove-Item -Path HKLM:\HARDWARE\key_name\* -Recurse
Batch commands to manage registry keys
Add a new subkey to the local machine registry
To add a new subkey or entry to the local machine registry, use this syntax:
|
1 |
reg add <keyname> [{/v value | /ve}] [/t datatype] [/s separator] [/d data] /f |
| Parameter | Description |
|---|---|
| <keyname> | States the full path of the subkey or entry to be added in the local machine. |
| /v <value> | States the name of the add registry entry. |
| /ve | States that the registry entry being added has no value. |
| /t <Type> | States the registry entry type. Type must be one of the following:
|
| /s <Separator> | States the character that will separate multiple instances of data in the case of the REG_MULTI_SZ data type where there is more than one entry listed. In the absence of a specified separator, the default separator used will be \0. |
| /d <Data> | States the data for the new registry entry. |
For example, to add a registry entry to HKLM\Software\keyname with a value named Value, the type REG_BINARY, and data of ge453ted, use the following command:
reg add HKLM\Software\keyname /v Value /t REG_BINARY /d ge453ted /f
Delete a subkey from the local machine registry
To delete a subkey from the local machine registry, use the following syntax:
|
1 |
reg delete <keyname> [{/v value | /ve | /va}] /f |
| Parameter | Description |
|---|---|
| <keyname> | States the complete path of the entry or subkey to be removed from the local machine. |
| /v <value> | Deletes a particular entry within a subkey. If no specific entry is identified, all entries and subkeys contained within the subkey will be deleted. |
| /ve | States that only entries that have no value will be removed. |
| /va | States that the specified key’s entries will be deleted, while any subkey entries contained within it will remain unaffected. |
For example, to delete the registry key child_subkey along with its parent keys and values inside the Software subkey.
reg delete HKLM\Software\keyname\parent_key\child_subkey /f
Export subkeys, entries & values of the local machine into a file
The subkeys, entries, and values of the local computer can be duplicated and saved in a file to facilitate transfer to other servers, using this syntax:
|
1 |
reg export <keyname> <file> [/y] |
| Parameter | Description |
|---|---|
| <keyname> | States the full path of the subkey in the local machine. |
| <file> | States the name and path of the file with .reg extension. |
| /y | Overwrites any file that already exists with the name file without requiring confirmation. |
For example, to export all the values and content of the subkey child_subkey to the file file_name.reg.
reg export HKLM\Software\child_subkey file_name.reg
Import file content to local machine registry
The registry subkeys, entries, and values from an exported file can be transferred and added to the registry of the local computer, using this syntax:
|
1 |
reg import <file> |
| Parameter | Description |
|---|---|
| <file> | States the name and path of the file with .reg extension which has content that needs to be copied to the local computer registry. It is necessary to first create the file using the “reg export” command. |
| /reg:32 | States that the 32-bit registry view should be used to access the specified key. |
| /reg:64 | States that the 64-bit registry view should be used to access the specified key. |
For example, to import registry subkeys, entries, and values to a file named file_name.reg:
reg import file_name.reg
Save a copy of registry subkeys, entries & values in a file
A specified file can be used to store a copy of specific subkeys, entries, and values from the registry, using the syntax:
|
1 |
reg save <keyname> <file> [/y] |
| Parameter | Description |
|---|---|
| <keyname> | States the full path of the subkey in the local machine. |
| <file> | States the name and path for the created file. If you fail to include a path, the current path will be considered. |
| /y | Overwrites any file that already exists with the name file without requiring confirmation. |
For example, to save the hive child_subkey as a file named Name_of_file.hiv in the current folder, you can use the following command.
reg save HKLM\Software\child_subkey Name_of_file.hiv
Restore subkeys & entries back to the local machine registry
This command writes the saved subkeys and entries back to the local machine registry.
|
1 |
reg restore <keyname> <file> |
| Parameter | Description |
|---|---|
| <keyname> | States the complete subkey path to be restored in the local machine. |
| <file> | States the file path and filename containing the data to be written to the registry. It’s mandatory to create this file beforehand using the “reg save” command and ensure that it has a .hiv extension. |
For example, if you want to restore the file named “Name_of_file.hiv” and overwrite the existing contents of the key HKLM\Software\child_subkey, you can use the following command.
reg restore HKLM\Software\child_key Name_of_file.hiv
- Before modifying any of the registry entries, it is advisable to use the reg save command to save the parent subkey. Thus, you can restore the original subkey with the reg restore command in case the modifications causes any undesired effects.
- It is recommended to manually validate the script execution on a system before executing the action in bulk.
- Hexnode will not be responsible for any damage/loss to the system on the behavior of the script.
