Menu

Virtual Geek

Tales from real IT system administrators world and non-production environment

Microsoft Powershell: Delete registry key or values on remote computer

Part 1: Powershell: Get registry value data from remote computer
Part 1.1: Microsoft Powershell: Export remote registry information to excel
Part 2: Microsoft Powershell: remotely write, edit, modify new registry key and data value
Part 3: Microsoft Powershell: Delete registry key or values on remote computer

Method 1

Just like my another blog articles on registry I have 3 different methods to delete registry key and values remotely. First method is I created script using.net registry class. To use this script copy paste below given script under $profile file and relaunch the powershell console. No special requirement or configuration required except, remote registry service should be running and you must have appropriate permissions to perform this delete operations on remote server.

Below first script removes/deletes registry key, You can specify multiple ComputerNames and Childkeys. If there are again values and subkeys under childkey they all will be removed. 
Remove-RegistryKeyValue -ComputerName server01, member01 -RegistryHive LocalMachine -RegistryKeyPath SYSTEM\DemoKey -ChildKey test1, test2

Next step is for deleting registry value names. If there are keys or values not exist on remote computer it shows message in red.
Remove-RegistryKeyValue -ComputerName server01, member01 -RegistryHive LocalMachine -RegistryKeyPath SYSTEM\DemoKey -ValueName start, exp

Microsoft powershell, remove-registrykeyvalue, .net registry openkey, remote registry

Compare before and after registry in the editor. 

Different ways to bypass Powershell execution policy :.ps1 cannot be loaded because running scripts is disabled
Installing, importing and using any module in powershell

Microsoft Powershell, registry editor, delete remove values, key, dword, qword, multi_sz, binary, powershell

Download this script here, It is also available on Github.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
function Remove-RegistryKeyValue {
[CmdletBinding(SupportsShouldProcess=$True,
    ConfirmImpact='Medium',
    HelpURI='http://vcloud-lab.com',
    DefaultParameterSetName='DelValue')]
    Param ( 
        [parameter(ParameterSetName = 'DelValue', Position=0, ValueFromPipeline=$True, ValueFromPipelineByPropertyName=$True)]
        [parameter(ParameterSetName = 'DelKey', Position=0, ValueFromPipeline=$True, ValueFromPipelineByPropertyName=$True)]
        [alias('C')]
        [String[]]$ComputerName = '.',

        [Parameter(ParameterSetName = 'DelValue', Position=1, Mandatory=$True, ValueFromPipelineByPropertyName=$True)]
        [parameter(ParameterSetName = 'DelKey', Position=1, ValueFromPipelineByPropertyName=$True)]
        [alias('Hive')]
        [ValidateSet('ClassesRoot', 'CurrentUser', 'LocalMachine', 'Users', 'CurrentConfig')]
        [String]$RegistryHive = 'LocalMachine',

        [Parameter(ParameterSetName = 'DelValue', Position=2, Mandatory=$True, ValueFromPipelineByPropertyName=$True)]
        [parameter(ParameterSetName = 'DelKey', Position=2, ValueFromPipelineByPropertyName=$True)]
        [alias('ParentKeypath')]
        [String]$RegistryKeyPath,

        [parameter(ParameterSetName = 'DelKey',Position=3, Mandatory=$True, ValueFromPipelineByPropertyName=$true)]
        [String[]]$ChildKey,
    
        [parameter(ParameterSetName = 'DelValue',Position=5, Mandatory=$True, ValueFromPipelineByPropertyName=$true)]
        [String[]]$ValueName
    )
    Begin {
        $RegistryRoot= "[{0}]::{1}" -f 'Microsoft.Win32.RegistryHive', $RegistryHive
        try {
            $RegistryHive = Invoke-Expression $RegistryRoot -ErrorAction Stop
        }
        catch {
            Write-Host "Incorrect Registry Hive mentioned, $RegistryHive does not exist" 
        }
    }
    Process {
        Foreach ($Computer in $ComputerName) {
            if (Test-Connection $Computer -Count 2 -Quiet) {
                try {
                    $reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey($RegistryHive, $Computer)
                    $key = $reg.OpenSubKey($RegistryKeyPath, $true)
                }
                catch {
                    Write-Host "Check permissions on computer name $Computer, cannot connect registry" -BackgroundColor DarkRed
                    Continue
                }
                switch ($PsCmdlet.ParameterSetName) {
                    'DelValue' {
                        foreach ($regvalue in $ValueName) {
                            if ($key.GetValueNames() -contains $regvalue) {
                                [void]$key.DeleteValue($regvalue)
                            }
                            else {
                                Write-Host "Registry value name $regvalue doesn't exist on Computer $Computer under path $RegistryKeyPath" -BackgroundColor DarkRed
                            }
                        }
                        break
                    }
                    'DelKey' {
                        foreach ($regkey in $ChildKey) {
                            if ($key.GetSubKeyNames() -contains $regkey) {
                                [void]$Key.DeleteSubKey("$regkey")
                            }
                            else {
                                Write-Host "Registry key $regKey doesn't exist on Computer $Computer under path $RegistryKeyPath" -BackgroundColor DarkRed
                            }
                        }
                        break
                    }
                }
            }
            else {
                Write-Host "Computer Name $Computer not reachable" -BackgroundColor DarkRed
            }
        }
    }
    End {
        #[Microsoft.Win32.RegistryHive]::ClassesRoot
        #[Microsoft.Win32.RegistryHive]::CurrentUser
        #[Microsoft.Win32.RegistryHive]::LocalMachine
        #[Microsoft.Win32.RegistryHive]::Users
        #[Microsoft.Win32.RegistryHive]::CurrentConfig
    }
}

#Remove-RegistryKeyValue -ComputerName server01, member01 -RegistryHive LocalMachine -RegistryKeyPath SYSTEM\DemoKey -ChildKey test1, test2
#Remove-RegistryKeyValue -ComputerName server01, member01 -RegistryHive LocalMachine -RegistryKeyPath SYSTEM\DemoKey -ValueName start, exp

 


Method 2

As usual like written in the other blogs, This requires again PSRemoting to be enabled. Once everything setup correctly using earlier blog POWERSHELL PS REMOTING BETWEEN STANDALONE WORKGROUP COMPUTERS, Use below one liners to delete registry configuration.

Using Invoke-command you can run Remote-Item cmdlet to remove keys remotely. Multiple hostnames can be provided in ComputerNames parameters.
Invoke-Command -ComputerName server01 -ScriptBlock {Remove-Item -Path hklm:\SYSTEM\DemoKey\TestKey100 -Confirm:$false}

Using Remote-ItemProperty cmdlet can remove values remotely.
Invoke-Command -ComputerName server01 -ScriptBlock {Remove-ItemProperty -Path hklm:\SYSTEM\DemoKey\ -Name myValuename -Confirm:$false}

Microsoft windows powershell, enable-psremoting, invoke-command, remove-item, remove-itemproperty, delete registry key and value remotely


Method 3

This is very easy and straight forward method using cmd prompt command Reg to get the task done.

This deletes the childkey and its subkey and values in it.
reg delete \\Server01\HKLM\SYSTEM\DemoKey\test4 /f

This removes single value from registry.
reg delete \\Server01\HKLM\SYSTEM\DemoKey /v Multi /f

reg delete remote registry, registry path, delete registry remotely powershell, command prompt, cmd, dos, regkey win32

Useful Articles
GUI - SETUP AND CONFIGURE POWERSHELL WEB ACCESS SERVER (GATEWAY)
USE POWERSHELL ON MOBILE - SETUP AND CONFIGURE POWERSHELL WEB ACCESS (PSWA)
Powershell Trick : Execute or run any file as a script file
Set Powershell execution policy with Group Policy
Powershell execution policy setting is overridden by a policy defined at a more specific scope

Go Back



Comment

Blog Search

Page Views

11240573

Follow me on Blogarama