You can navigate through the Windows registry by using the same techniques that you use to navigate in the file system drive. In Windows PowerShell, the HKEY_LOCAL_MACHINE hive maps to the Windows PowerShell HKLM: drive and the HKEY_CURRENT_USER hive maps to the Windows PowerShell HKCU: drive.

For example:

PS C:\> cd hklm:
PS HKLM:\> dir
PS HKLM:\> dir
   Hive: Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE
SKC  VC Name                           Property
---  -- ----                           --------
  4   0 HARDWARE                       {}
  1   0 SAM                            {}
Get-ChildItem : Requested registry access is not allowed.
At line:1 char:3
+ dir <<<<
 39   2 SOFTWARE                       {flash, (default)}
  8   0 SYSTEM                         {}
PS HKLM:\> cd system\currentcontrolset\control
PS HKLM:\system\currentcontrolset\control> dir

As you navigate, you will notice that the output of dir (Get-Childitem) is different in the registry drives than it is in the file system. Because the registry has different drives, Windows PowerShell displays a different view of the data. In this case, it is important to know how many subkeys and entries are present, so the output includes a subkey count (SKC) and a value entry count (VC), in addition to the names of the subkeys and the entries.

PS> cd "CurrentControlSet\Control\Session Manager"
PS> dir
    Hive: Registry::HKEY_LOCAL_MACHINE\system\CurrentControlSet\Control\Session
Manager

SKC  VC ChildName                      Property
---  -- ---------                      --------
  0   1 AppCompatibility               {AppCompatCache}
 15   0 AppPatches                     {}
  0   7 DOS Devices                    {AUX, MAILSLOT, NUL, PIPE, PRN, UNC, f...

You won't encounter very many differences in navigation until you get to the registry entries. The entries in a registry key are considered to be properties of the key in which they are located. As such, you use the Get-ItemProperty cmdlet to retrieve them.

For example, if you want to see the value of the Windows PowerShell execution policy, you can use the Get-ExecutionPolicy cmdlet or navigate to the ExecutionPolicy registry entry that stores the value in HKLM:\Software\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell.

PS C:\> cd hklm:
PS HKLM:\> cd software\microsoft\powershell\1\ShellIds\Microsoft.PowerShell
PS HKLM:\software\microsoft\powershell\1\ShellIds\Microsoft.PowerShell> dir
PS HKLM:\software\microsoft\powershell\1\ShellIds\Microsoft.PowerShell> get-itemproperty -path . -name executionpolicy

PSPath          : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\software\microsoft\powershell\1\ShellIds\Micro
                  soft.PowerShell
PSParentPath    : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\software\microsoft\powershell\1\ShellIds
PSChildName     : Microsoft.PowerShell
PSDrive         : HKLM
PSProvider      : Microsoft.PowerShell.Core\Registry
ExecutionPolicy : RemoteSigned



Table Of Contents