Edit the registry using Powershell

If you use the Get-PSDrive cmdlet you'll notice that HKCU and HKLM appear as drives. This allows us to use item cmdlets to manage items in the HKLM: and HKCU: drives.

To change your location to the HKCU: drive use either Set-Location HKCU: or cd HKCU:

To navigate through the registry drive: you can use cd the same way you would use it to navigate through directories in the command prompt. You can also use Set-Location

Example to navigate to HKCU/Control Panel/Desktop
PS HKCU:\> Set-Location "HKCU:/control panel/desktop"

or

PS HKCU:\> cd "HKCU:/control panel/desktop"

To view subkeys: Use either dir or Get-ChildItem

To create a new registry key:
To create a new registry key within a subkey we can use the New-Item cmdlet
For example, to create a key named PUNKISNAIL under hkcu/control panel/desktop
PS HKCU:\control panel\desktop> New-Item PUNKISNAIL

To delete a registry key:
Here we can use the remove-item cmdlet.
For example to delete the key PUNKISNAIL which we created under hkcu/control panel/desktop use:
PS HKCU:\control panel\desktop> remove-item PUNKISNAIL

If you're in a different drive you can use the following to delete the key:
PS C:\>remove-item -path "hkcu:/control panel/desktop/punkisnail"

To get the registry entries in a key:
Here we can use the Get-ItemProperty cmdlet.

To get the properties for menushowdelay found in HKCU/Control Panel/Desktop use: Get-ItemProperty -path "hkcu:/control panel/desktop" -name menushowdelay

To create a registry entry use:
new-itemproperty -path somepath -name someEntryName -value AnyValue -propertyType SomeType Example: new-itemproperty -path "HKCU:/control panel/desktop/punkisnail" -name MyNameIs -value "Shane Lobo" -propertyType string

possible property types are: String, ExpandString, Binary, DWord, MultiString, QWord, Unknown

To clear the value of a registry entry use:
Clear-ItemProperty Clear-ItemProperty -path SomePath -name SomeEntryName

To delete a registry entry use:
remove-ItemProperty remove-ItemProperty -path SomePath -name SomeEntryName

Killing processes using the command prompt

To kill a process in the command prompt we need to know either its Image Name or Process ID. One way to find this is in the Windows Task Manager. The other way is to use the Tasklist command in the command prompt.

Command to kill a process in Windows XP Pro:

 taskkill [/pid processID | /im ImageName]} [/f] [/t]

/pid processID Specifies the process ID of the process to be terminated.

/im ImageName Specifies the image name of the process to be terminated.

Use the wildcard character (*) to specify all image names.

/f Specifies that processes be forcefully terminated.

/t Terminates the specified process and any child processes started by it.

Example: taskkill /im notepad.exe

Command to kill a process in Windows XP Home Edition: Windows XP Home Edition users can use the tskill command as follows: tskill {processID | processName}

Example: tskill notepad

Edit the registry using the command prompt

To know the contents of a particular registry key or a particular value:

REG QUERY KeyName [/v ValueName | /ve] [/s]

/v Specifies the registry value name that is to be queried.

/ve Runs a query for value names that are empty.

/s Specifies to query all subkeys and value names recursively. Example to query the value of menushowdelay at HKCU/control panel/desktop

reg query "hkcu/control panel/desktop" /v menushowdelay

To add new registry keys:

REG ADD KeyName [/v ValueName | /ve][/t Type][/d Data] [/f]

/t Specifies the type for the registry entry which must be one of the following: REG_SZ REG_MULTI_SZ REG_DWORD_BIG_ENDIAN REG_DWORD REG_BINARY REG_DWORD_LITTLE_ENDIAN REG_LINK REG_FULL_RESOURCE_DESCRIPTOR REG_EXPAND_SZ

/d Specifies the data for the new registry entry.

/f Adds the registry entry without prompting for confirmation.

Example to change the value of menushowdelay to 0:
reg add "hkcu/control panel/desktop" /v menushowdelay /t REG_SZ /d 0

To delete registry keys:

REG DELETE KeyName [/v ValueName | /ve | /va] [/f]

/va Deletes all entries under the specified subkey. Subkeys under the specified subkey are not deleted.

to export and import registry keys:

To export: REG EXPORT KeyName FileName

To import: REG IMPORT FileName

Manage services using windows powershell

To get a list of objects representing the services and their running status:
type: get-service
To get the status of a particular service, type: get-service -name servicename
where, servicename is the short name for the service.
To get the status for a service using its display name, type:
get-service -displayName "displayname"
example: get-service -name wuauserv
get-service -displayName "Automatic Updates"
both the examples will give the same result.

To start, stop, pause and resume services:
To start a service using short names , type: start-service -name servicename
To start a service using display names, type: start-service -displayName "displayname"

To stop a service using short names , type: stop-service -name servicename
To stop a service using display names, type: stop-service -displayName "displayname"

To pause a service using short names , type: suspend-service -name servicename
To pause a service using display names, type: suspend-service -displayName "displayname"

To resume a service using short names , type:resume-service -name servicename
To resume a service using display names, type: resume-service -displayName "displayname"

To restart a service using short names , type: restart-service -name servicename
To restart a service using display names, type: restart-service -displayName "displayname"

To set how a service starts up:
set-service -name servicename -startupType {<automatic>|<manual>|<disabled>}
or
set-service -displayName displayname -startupType {<automatic>|<manual>|<disabled>}
Example: set-service -name wuauserv -startupType manual

Change attributes of a file using the command prompt

The attrib command is used to Display, set, or remove attributes assigned to files or directories. using attrib without parameters displays attributes of all files in the current directory.

Syntax
attrib [{+|-}r] [{+|-}a] [{+|-}s] [{+|-}h] [{+|-}i] [drive:][path][fileName] [/s [/d] [/l]]
+ is for setting the attribute
- is for clearing an attribute
r is for the Read-only file attribute.
a is for the Archive file attribute.
s is for the System file attribute.
h is for the Hidden file attribute.
i is for the Not Content Indexed file attribute.

/s Applies attrib and any command-line options to matching files in the current directory and all of its subdirectories.

/d Applies attrib and any command-line options to directories.

/l Applies attrib and any command-line options to the Symbolic Link, rather than the target of the Symbolic Link.

If a file has the System (s) or Hidden (h) attribute set, you must clear the attribute before you can change any other attributes for that file.

Examples:
To assign the Read-only attribute to the file named Report.txt, type:
attrib +r report.txt
To remove the Read-only attribute from files in the Public directory and its subdirectories on a disk in drive B, type:
attrib -r b:\public\*.* /s

Managing Windows Services using the command prompt

To configure how a service starts: sc config servicename start= {auto|demand|disabled}

use auto for services that need to automatically start each time the computer is restarted.
use demand for services that need to be started manually.
use disabled for services that need to be disabled/prevented from starting..

To create a text list of running services use the command:
sc query > serviceslist.txt

To create a list of all services, use:
sc query type= service state= all > allserviceslist.txt

To start, stop, pause and resume services:

To start a service, type:
net start servicename

To stop a service, type:
net stop servicename

To pause a service, type:
net pause servicename

To resume a service, type:
net continue servicename

servicename Specifies the short name of the service.

 

To get the short name of the service from the descriptive name (Example for Remote Registry): sc getkeyname "Remote registry"

Download a list of short names for services: http://www.mediafire.com/?zfmyzd5yjzy