Powershell Simplified Part 4: Registry and Processes

Powershell ships with some built-in ‘providers’. A ‘provider’ simply provides easy access to data stores. To get a list of the available providers use: Get-PSProvider

Using the cmd above you’ll see that there’s a ‘Registry’ provider included in Powershell. This registry provider exposes the Windows registry as two drives: HKLM and HKCU. Thus the registry items can be accessed just like you would a typical disk drive.

cd HKCU:  # go to the registry (represented as a drive)
dir       # view contents of the current drive (displays top level keys under HKCU)
Get-ChildItem -Path HKCU:                # also to view contents of the HKCU drive
Get-ChildItem -Path HKCU: –recurse       # list all registry keys in the HKCU drive

# we can create a new drive for the HKEY_USERS hive
new-psdrive -name HKURS -psprovider Registry -root HKEY_USERS 

# read some registry values
$getItem = Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName, EditionID
write-host $getItem.ProductName       # write the registry value

New-Item HKCU:\Software\TestKey -Value 'Default Text' -Type String      # create a new registry key
Set-ItemProperty HKCU:\Software\TestKey -Name ID -Value 12 -Type DWORD  # add a key-value pair to the registry key
Remove-Item -Path HKCU:\Software\TestKey                                # delete a registry key

Working with process is also simple in Powershell.

get-process                     # get all processes on local machine
get-process -name exp*, power*  # regex match on name of the process
get-process -computername server01 | format-table -property ProcessName, MachineName  # view processes on a different machine

start-process "C:\test\test.msi"              # start a process
start-process notepad -windowstyle maximized  # change windowstyle
start-process notepad –wait                   # wait for the process to complete before accepting more input
write-host (get-process notepad).Count        # count the number of notepad instances open

stop-process -name notepad                    # close all notepad instances
get-process | where-object -filterscript {$_.Responding -eq $false} | stop-process   # stop all unresponsive processes

About soumya chattopadhyay
I live and work in Seattle, WA. I work with Microsoft technologies, and I'm especially interested in C#.

One Response to Powershell Simplified Part 4: Registry and Processes

  1. Pingback: Powershell Simplified Series « I.Net

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: