PowerShell Script: Use PowerShell to Query for Registry Keys

Understand Windows registry

Before we go into the query section, let us first understand the structure of Windows registry. Windows registry has five root keys:

1. HKEY_LOCAL_MACHINE (HKLM)
2. HKEY_CURRENT_CONFIG (HKCC)
3. HKEY_CLASSES_ROOT (HKCR)
4. HKEY_USERS (HKU)
5. HKEY_CURRENT_USER (HKCU)

PowerShell queries

• To read registry names and values:

Get-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion