Changing Registry Data
The System Registry Provider class StdRegProv for WMI has methods that do the following:
Create or delete registry keys.
Create or delete named values, which are called entries when they are under keys.
Use the name of a new value and SetBinaryValue, SetDWORDValue, SetExpandedStringValue, SetMultiStringValue, or SetStringValue to create a named value. Use DeleteValue to delete a named value.
Change named values.
Use the name of a value and the Set methods (identified in the previous bulleted item) to change existing named values under a key. You must know the name of a value to change it. If you do not know the value names under a key, use the EnumValues method to obtain the names.
The following sections are discussed in this topic:
- Creating a Registry Key Using VBScript
- Creating a Named Registry Value Using PowerShell and VBScript
Creating a Registry Key Using VBScript
Because the registry is the central configuration database for the operating system, applications, and services, use caution when you write changes to registry values or delete keys.
Note
You cannot monitor the HKEY_CLASSES_ROOT subkey of HKEY_CURRENT_USER(HKCU). Monitoring HKEY_USERS is not recommended because the subkeys appear and disappear as hives are loaded.
The following code examples show how to create a new registry key and a subkey.
HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set ObjRegistry = GetObject("winmgmts:{impersonationLevel = impersonate}!\\" & strComputer & "\root\default:StdRegProv")
strPath = "SOFTWARE\MyKey\MySubKey"
Return = objRegistry.CreateKey(HKEY_LOCAL_MACHINE, strPath)
If Return <> 0 Then
WScript.Echo "The operation failed." & Err.Number
WScript.Quit
Else
wScript.Echo "New registry key created" & VBCRLF & "HKLM\SOFTWARE\MYKey\"
End If
$HKEY_LOCAL_MACHINE = 2147483650
$strComputer = "."
$strPath = "SOFTWARE\MyKey\MySubKey"
$reg = [wmiclass]"\\$strComputer\root\default:StdRegprov"
[void]$reg.CreateKey($HKEY_LOCAL_MACHINE, $strPath)
Creating a Named Registry Value Using PowerShell and VBScript
The following code example shows how to create a named value called MultiStringValue under the HKEY_LOCAL_MACHINE\SOFTWARE\MyKey\MySubKey key that the previous script creates. The script calls StdRegProv.SetMultiStringValue to write string values to a new named value.
const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set objRegistry = _
GetObject("winmgmts:{impersonationLevel=impersonate}!\\" _
& strComputer & "\root\default:StdRegProv")
strKeyPath = "SOFTWARE\MyKey\MySubKey"
strValueName = "MultiStringValue"
arrStringValues = Array("one", "two","three", "four")
objRegistry.SetMultiStringValue HKEY_LOCAL_MACHINE, strKeyPath,_
strValueName, arrStringValues
' Read the values that were just written
objRegistry.GetMultiStringValue HKEY_LOCAL_MACHINE, strKeyPath,_
strValueName, arrStringValues
For Each strValue in arrStringValues
WScript.Echo strValue
Next
$HKEY_LOCAL_MACHINE = 2147483650
$strComputer = "."
$strPath = "SOFTWARE\MyKey\MySubKey"
$strValueName = "MultiStringValue"
$arrStringValues = @("one", "two","three", "four")
$reg = [wmiclass]"\\$strComputer\root\default:StdRegprov"
[void]$reg.SetMultiStringValue($HKEY_LOCAL_MACHINE, $strKeyPath, $strValueName, $arrStringValues)
$multiValues = $reg.GetMultiStringValue($HKEY_LOCAL_MACHINE, $strKeyPath, $strValueName)
$multiValues.sValue
Using WMI, you cannot set access security on a registry key. However, the StdRegProv.CheckAccess method compares the security settings of the current user to the security descriptor on a registry key to determine if the user has a specific permission, such as KEY_SET_VALUE.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for