In this article, I will show you how to create and modify different registry key types using PowerShell.
In my previous post, I described how to retrieve registry entries from local or remote computer(s). As I mentioned there, reading the registry is easy; however, writing to the registry is a bit more complex because the registry has different value types. We first need to identify the registry key type and then attempt the write operations. This ensures the consistency of the registry.
As you know, the registry has DWORD, string, expand string, multi string, binary, and Qword value types. Let us take one by one. In all the examples I provide below, I will create/modify values under the HKLM\Software\Techibee key for the sake of demonstration. You can replace key with a real registry key path of your choice.
Connecting to a remote registry
Let’s start with establishing a connection to a local/remote computer. I am using the same [Microsoft.Win32.RegistryKey] base class that I used for reading the registry in my previous article.
$BaseKey = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey(“LocalMachine”,”TestComputer1″)
$SubKey = $BaseKey.OpenSubKey(“Software\Techibee.com”,$true)
The above two lines establish a connection to a remote computer—that is, TestComputer1—and navigate to the HKLM\Software\Techibee.com sub key where I want to create/modify different registry types. If you look closely, you will find a $true statement that is passed to the OpenSubKey() method. You will not notice this in my earlier article about reading the remote registry. By passing the $true argument to this method, I am actually asking the registry to operate in read/write mode. If I don’t provide this, or if I set it to $false, the registry will open in read-only mode. This is protection, of sorts, given in this class for securing the registry from unwanted changes.
Create/Modify DWORD registry key type
Let us move on to creating or modifying a DWORD registry value. One thing I want to note here is, absolutely no code difference exists between creating a new registry DWORD type value and modifying an existing value. The registry provider will create a new value if no such key value with that name is found in the given location. Though this eases the task to some extent, you should be really careful here while passing the registry key value names. Passing incorrect names will result in the creation of unnecessary values in the registry, which is not a good thing. This very much applies to other registry types, such as REG_SZ, as well.
$ValueName = “MyDwordValue1″
$ValueData = 123
$SubKey.SetValue($ValueName, $ValueData, [Microsoft.Win32.RegistryValueKind]::DWORD)
The SetValue() method takes three values. The first is the name of the value that you want to create/modify: ValueName. The second is data for ValueName: ValueData. The third and most important one is RegistryValueKind Type: DWORD, in this example. It is important to note that if you provide a ValueName that already exists in this location with a different registry value type, the old value type will be overwritten with the new value type. You therefore need to be careful and test your code multiple times in a lab environment before pushing it to production.
We have now seen how to create or modify DWORD type registry key values. For other registry value types like String, ExpandString, Binary, MultiString, and Qword, the procedure is almost the same. Only the third parameter in the SetValue() method changes. Below are the examples.
Create/Modify REG_SZ registry key type
$ValueName = “MyStringValue1″
$ValueData = “techibee.com”
$SubKey.SetValue($ValueName, $ValueData, [Microsoft.Win32.RegistryValueKind]::String)
Create/Modify REG_EXPAND_SZ registry key type
$ValueName = “MyExpandStringValue1″
$ValueData = “%appdata%”
$SubKey.SetValue($ValueName, $ValueData, [Microsoft.Win32.RegistryValueKind]::ExpandString)
Create/Modify REG_MULTI_SZ registry key type
$ValueName = “MyMultiStringValue1″
[string]$ValueData = (“test1″,”test2″)
$SubKey.SetValue($ValueName, $ValueData, [Microsoft.Win32.RegistryValueKind]::MultiString)
Similarly, use [Microsoft.Win32.RegistryValueKind]::Binary and [Microsoft.Win32.RegistryValueKind]::Qword for REG_BINARY and REG_QWORD, respectively.
I hope this article helps you understand how to modify different types of registry values. Please feel free to post any questions you may have.