Powershell Day 10

Day 10 Working with Directory and Registry

As you know, Powershell works with command prompt, and you know it works very well with all the Windows commands for cmd.exe. the commands may not be exact but with the help of “Alias” it works.

So command prompt structure is like a “TREE” structure, where directory may contains sub-directories and files.

To get list of directories cmd.exe is having command called “dir” which is also exists in Powershell ” get-childitem” means Powershell has command(cmdlet) as “get-childitem” with alias as –dir, ls and gci. which we can see with following command.

PS C:\> get-alias | Where {$_.Definition -eq “Get-ChildItem”}

CommandType     Name                            Definition

———–     —-                            ———-

Alias           gci                             Get-ChildItem

Alias           ls                              Get-ChildItem

Alias           dir                             Get-ChildItem

Now to see all the drives on the Powershell-Psdrives command. Which shows all the drives present on the system.

PS C:\> psdrive

Name       Provider      Root                                   CurrentLocation

—-       ——–      —-                                   —————

Alias      Alias

C          FileSystem    C:\

cert       Certificate   \

D          FileSystem    D:\

Env        Environment

Function   Function

HKCU       Registry      HKEY_CURRENT_USER

HKLM       Registry      HKEY_LOCAL_MACHINE

Variable   Variable

Now here you could see that I have drives “C:, D : “ on my system so when I open the “My Computer” at my system I could see C: and D:.

What about the remaining stuff. Here as Powershell treat everything like a directory so here “Alias” is also a directory where we can create our our alias. In the same way certificate, Environmental veriable , Functions , Variables are also Direcoty, this way it is easy and convenient to access the values of this….. that’s a vary powerful stuff about Powershell. Where information is vary handy. We have already discuss about all this drives in our earlier blog. Just want to add here one thing that we can create our own direcotory and our own alias, variable and so on… if require.

One more thing – To see the hidden files/directorys use -Force” option on gcm(get-Command) –cmdlet

Now If we want to go into the psdrives given above –

eg. if you want to move to “alias” drive from C:

PS C:\> cd Alias:

You are done

PS Alias:\>

You can work on that drive.

Now if you want to create your own drive new-PSDrive

PS C:\>help newPSDrive


    New-PSDrive [-name] <string> [-psProvider] <string> [-root] <string> [-desc

    ription <string>] [-scope <string>] [-credential <PSCredential>] [-whatIf]

    [-confirm] [<CommonParameters>]

Eg: new-psdrive -name “V” -PSProvider Filesystem -Root ( “c:\Myfolder\Powerhsell”)


Now you understand the concept of drives and how it goes. As you have seen the output of PSDrive also contains two folders

HKCU       Registry      HKEY_CURRENT_USER

HKLM       Registry      HKEY_LOCAL_MACHINE

Which is nothing but registry information. Ist it so COOOOOl…. Yeah. Its very nice and great feature. Generally you know how difficult it is to work with registry information and how time consuming. Now. If you want to work – recurring or programmatically read the registry information – the solution is Powershell…

Ok. How to work on registry… simple treat registry tree structure as tree structure of directory and sub-directory and go through it.

For eg. Suppose if you want to read the some information about Microsoft sql server on your registry

For that you have to go to regedit->HKLM\software\microsoft\microsoft sql server

Great now you can do same and programmatically and use it where ever you want in Powershell as

1.  Get the path into a variable

PS C:\ >$MyPath=get-item HKLM:\software\microsoft\”Microsoft sql server”

Now you variable is having all the data from that folder. You can see what all member from that variable using “Get-Member” (gm)

PS V:\> $MyPath |gm

   TypeName: Microsoft.Win32.RegistryKey

Name                      MemberType   Definition

—-                      ———-   ———-

Close                     Method       System.Void Close()

CreateObjRef              Method       System.Runtime.Remoting.ObjRef Create…

CreateSubKey              Method       Microsoft.Win32.RegistryKey CreateSub…

DeleteSubKey              Method       System.Void DeleteSubKey(String subke…

DeleteSubKeyTree          Method       System.Void DeleteSubKeyTree(String s…

DeleteValue               Method       System.Void DeleteValue(String name),…

Equals                    Method       System.Boolean Equals(Object obj)

Flush                     Method       System.Void Flush()

GetAccessControl          Method       System.Security.AccessControl.Registr…

GetHashCode               Method       System.Int32 GetHashCode()

GetLifetimeService        Method       System.Object GetLifetimeService()

GetSubKeyNames            Method       System.String[] GetSubKeyNames()

GetType                   Method       System.Type GetType()

GetValue                  Method       System.Object GetValue(String name), …

GetValueKind              Method       Microsoft.Win32.RegistryValueKind Get…

GetValueNames             Method       System.String[] GetValueNames()

get_Name                  Method       System.String get_Name()

get_SubKeyCount           Method       System.Int32 get_SubKeyCount()

get_ValueCount            Method       System.Int32 get_ValueCount()

InitializeLifetimeService Method       System.Object InitializeLifetimeServi…

OpenSubKey                Method       Microsoft.Win32.RegistryKey OpenSubKe…

SetAccessControl          Method       System.Void SetAccessControl(Registry…

SetValue                  Method       System.Void SetValue(String name, Obj…

ToString                  Method       System.String ToString()

Property                  NoteProperty System.String[] Property=System.String[]

PSChildName               NoteProperty System.String PSChildName=Microsoft s…

PSDrive                   NoteProperty System.Management.Automation.PSDriveI…

PSIsContainer             NoteProperty System.Boolean PSIsContainer=True

PSParentPath              NoteProperty System.String PSParentPath=Microsoft….

PSPath                    NoteProperty System.String PSPath=Microsoft.PowerS…

PSProvider                NoteProperty System.Management.Automation.Provider…

Name                      Property     System.String Name {get;}

SubKeyCount               Property     System.Int32 SubKeyCount {get;}

ValueCount                Property     System.Int32 ValueCount {get;}

2.  As you define the variable with the required path of the registry. Which has its properties. As above. Some fot the important properties are – name, pspath, valuecount and property which shows name of the path, pspath – complete info about the resistry (very imp), how many items are present on that path and contenats respectively.


#gives path location

Now to see the property by which we can get values of the path

PS C:\>$MyPath.valuecount


PS C:\>$MyPath.Property




Great now to access each value separately we can get that into another variable

PS C:\>$data1= get-itemproperty $MyPath.PSPath

Done now you can access value of each property.

PS C:\>$data1.InstalledInstances


In this way you can read the values from anywhere in the registry.

You can create your own key into registry with

New-Item command

*I stated in my “Security” blog -I would suggest for production system working on advance topics use Powershell to just reading the contents donot try to create, modify or delete the things” hence I am not focus more of changing stuff in this series.

Finally, if you want to get who is having access to your folder/files the command is

PS C:\>Get-acl

This entry was posted in Powershell and tagged . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.