RAI4501_0001: Remove Windows registry key with Powershell
Summary
| ID | RAI4501_0001 |
|---|---|
| Brief Description | Removing a hive, key or value from windows registry through the Powershell |
| Author | Alex@Cyberok |
| Creation Date | 2023/03/22 |
| Modification Date | 2023/03/22 |
| Requirements |
|
| Tags |
|
| Means of action |
|
| Targets of action |
|
| Linked Response Actions |
Description
To delete the registry key using PowerShell, we can use the Remove-Item command. Remove-Item command removes the registry key from the path specified. For example, we have the registry key name NodeSoftware stored at the path HKLM, under the Software key.
To delete the key use the below command.
The Remove-ItemProperty cmdlet deletes a property and its value from an item. You can use it to delete registry values and the data that they store.These commands delete the "Options" registry value, and its data, from the "MyApp" subkey of "HKEY_CURRENT_USER\Software\MyCompany".
PS C:\> Set-Location HKCU:\Software\MyCompany\MyApp
PS HKCU:\Software\MyCompany\MyApp> Remove-ItemProperty -Path . -Name "Options" -Confirm
The second command uses Remove-ItemProperty to remove the "Options" registry value, and its data, from the "MyApp" subkey. Because Path is required, the command uses a dot (.) to indicate the current location. The Confirm parameter requests a user prompt before deleting the value.
This command deletes the "NoOfEmployees" registry value, and its data, from the HKLM\Software\MyCompany registry key.
The command uses the Get-Item cmdlet to get an item that represents the registry key. It uses a pipeline operator (|) to send the object to Remove-ItemProperty. Then, it uses the Name parameter of Remove-ItemProperty to specify the name of the registry value.