Registry


PowerShell에서 레지스트리에 접근하고자 하는 경우 Get-Item, Get-ChildItem, Get-ItemProperty를 사용할 수 있습니다.

Get-Item

PS C:\Users\k3y6reak> Get-Item 'HKLM:\Software\Microsoft\Windows NT\CurrentVersion'


    Hive: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT


Name                           Property
----                           --------
CurrentVersion                 SystemRoot                : C:\WINDOWS
                               BuildBranch               : rs2_release
                               BuildGUID                 : ffffffff-ffff-ffff-ffff-ffffffffffff
                               BuildLab                  : 15063.rs2_release.170317-1834
                               BuildLabEx                : 15063.0.amd64fre.rs2_release.170317-1834
                               CompositionEditionID      : Education
                               CurrentBuild              : 15063
                               CurrentBuildNumber        : 15063
                               CurrentMajorVersionNumber : 10
                               CurrentMinorVersionNumber : 0
                               CurrentType               : Multiprocessor Free
                               CurrentVersion            : 6.3
                               EditionID                 : Education
                               EditionSubstring          :
                               InstallationType          : Client
                               InstallDate               : 1502094253
                               ProductName               : Windows 10 Education
                               ReleaseId                 : 1703
                               SoftwareType              : System
                               UBR                       : 540
                               PathName                  : C:\WINDOWS
                               ProductId                 : 
                               DigitalProductId          : 
                               DigitalProductId4         : 
                               RegisteredOrganization    :
                               RegisteredOwner           : k3y6reak
                               InstallTime               : 131465678534059230

Get-ItemProperty

PS C:\Users\k3y6reak> Get-ItemProperty 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion'


SystemRoot                : C:\WINDOWS
BuildBranch               : rs2_release
BuildGUID                 : ffffffff-ffff-ffff-ffff-ffffffffffff
BuildLab                  : 15063.rs2_release.170317-1834
BuildLabEx                : 15063.0.amd64fre.rs2_release.170317-1834
CompositionEditionID      : Education
CurrentBuild              : 15063
CurrentBuildNumber        : 15063
CurrentMajorVersionNumber : 10
CurrentMinorVersionNumber : 0
CurrentType               : Multiprocessor Free
CurrentVersion            : 6.3
EditionID                 : Education
EditionSubstring          :
InstallationType          : Client
InstallDate               : 1502094253
ProductName               : Windows 10 Education
ReleaseId                 : 1703
SoftwareType              : System
UBR                       : 540
PathName                  : C:\WINDOWS
ProductId                 : 
DigitalProductId          : 
DigitalProductId4         : 
RegisteredOrganization    :
RegisteredOwner           : k3y6reak
InstallTime               : 131465678534059230
PSPath                    : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
PSParentPath              : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT
PSChildName               : CurrentVersion
PSDrive                   : HKLM
PSProvider                : Microsoft.PowerShell.Core\Registry

Get-ChildItem

PS C:\Users\k3y6reak> Get-ChildItem 'HKLM:\software\microsoft\windows nt\CurrentVersion' -Recurse | more
Get-ChildItem : 요청한 레지스트리에 액세스할  없습니다.
위치 :1 문자:1
+ Get-ChildItem 'HKLM:\software\microsoft\windows nt\CurrentVersion' -R ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (HKEY_LOCAL_MACH...lags\CIT\System:String) [Get-ChildItem], SecurityException
    + FullyQualifiedErrorId : System.Security.SecurityException,Microsoft.PowerShell.Commands.GetChildItemCommand


...(중략)


    Hive: HKEY_LOCAL_MACHINE\software\microsoft\windows nt\CurrentVersion


Name                           Property
----                           --------
Accessibility


    Hive: HKEY_LOCAL_MACHINE\software\microsoft\windows nt\CurrentVersion\Accessibility


Name                           Property
----                           --------
ATs


    Hive: HKEY_LOCAL_MACHINE\software\microsoft\windows nt\CurrentVersion\Accessibility\ATs


Name                           Property
----                           --------
animations                     Description   :
                               Profile       : <HCIModel><Accommodation type="mild cognitive" /><Accommodation type="severe cognitive" /><Accommodation type="severe vision" /><Accommodation type="mild vision"
                               /></HCIModel>
                               SimpleProfile : SystemSetting
                               StartExe      : 13
...(생략)

추가적으로 Set-Location을 이용하여 레지스트리에 직접 접근할 수 있습니다.

PS C:\Users\k3y6reak> Set-Location Registry::
PS Microsoft.PowerShell.Core\Registry::> ls


    Hive:


Name                           Property
----                           --------
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
HKEY_CURRENT_CONFIG
HKEY_USERS
HKEY_PERFORMANCE_DATA          Global : {80, 0, 69, 0...}
                               Costly : {80, 0, 69, 0...}

이번에는 레지스트리를 수정하고 생성하는 방법을 알아 봅시다.

New-Item, New-ItemProperty, Rename-Item, Rename-ItemProperty, Set-ItemProperty가 있습니다.

New-Item

PS C:\Users\k3y6reak> Get-PSProvider

Name                 Capabilities                                                                     Drives
----                 ------------                                                                     ------
Registry             ShouldProcess, Transactions                                                      {HKLM, HKCU}
Alias                ShouldProcess                                                                    {Alias}
Environment          ShouldProcess                                                                    {Env}
FileSystem           Filter, ShouldProcess, Credentials                                               {C, D, E, Y...}
Function             ShouldProcess                                                                    {Function}
Variable             ShouldProcess                                                                    {Variable}

PS C:\Users\k3y6reak> New-Item -Path HKCU:\k3y6reak


    Hive: HKEY_CURRENT_USER


Name                           Property
----                           --------
k3y6reak

위와 같이 스크립트를 실행하면 아래 그림 처럼 레지스트리를 등록할 수 있습니다.

powershell_create_registry

New-ItemProperty

PS C:\Users\k3y6reak> New-ItemProperty -Path HKCU:\k3y6reak\ -Name Reg1 -PropertyType String -Value 2


Reg1         : 2
PSPath       : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\k3y6reak\
PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER
PSChildName  : k3y6reak
PSDrive      : HKCU
PSProvider   : Microsoft.PowerShell.Core\Registry

위와 같이 해당 위치에 값 또한 설정할 수 있습니다.

Rename-Item

PS C:\Users\k3y6reak> Rename-Item HKCU:\k3y6reak -newname k3y6reak2

특정 레지스트리의 이름을 변경할 수 있습니다.

Rename-ItemProperty

PS C:\Users\k3y6reak> Rename-ItemProperty HKCU:\k3y6reak2 -Name Reg1 -NewName Reg2

마찬가지로 특정 레지스트리의 값 또한 변경할 수 있습니다.

Set-ItemProperty

PS C:\Users\k3y6reak> Set-ItemProperty -Path HKCU:\k3y6reak2 -Name Reg2 -Value 4855





© 2017. by k3y6reak

Powered by k3y6reak