Use PowerShell to Find and Remove Remote Registry Entries

Doctor Scripto

Summary: Microsoft Scripting Guy, Ed Wilson, shows how to use Windows PowerShell to find and remove registry entries from remote systems.

Microsoft Scripting Guy, Ed Wilson, is here. It seems that weekends go faster and faster these days. For one thing, spring has definitely sprung down here in Charlotte, North Carolina in the southern portion of the United States. In fact, this past week we had to mow the grass in our yard. But we have not yet turned on our solar collector (that will happen in about another week or so).

Anyway, I am mellowing out around the house this morning—the Scripting Wife plans to meet up with a few friends later in the day. Tomorrow is International PowerShell User Group Day, and I am reviewing the presentation I will make for that important event. On Friday, I make two presentations at the Charlotte IT Pro Appreciation Day conference in Charlotte, North Carolina. That conference is expected to attract nearly a thousand people from all over the area, and it should be an excellent educational opportunity. I am looking forward to attending some great sessions, in addition to the two sessions that I present.

One question I received during the past week of Live Meetings was about finding and removing registry entries—not only from a local session, but also from remote computers. To do this, I like to use the Windows PowerShell registry provider, and incorporate it with Windows PowerShell remoting.

In Use PowerShell to Edit the Registry on Remote Computers, I talked about one way to use Windows PowerShell remoting to create new entries on a remote computer. In Edit the Registry on Multiple Computers with PowerShell, I talked about running one command and editing the registry on multiple computers.

Note    Today I will continue that discussion as I discuss finding and removing registry entries from multiple computers. For a good introduction to using Windows PowerShell to work with the registry, see The Scripting Wife, Windows PowerShell, and the Registry.
For more advanced topics, check out some of the other blog posts about the registry in the Hey, Scripting Guy! Blog archives. There you will find blogs such as:

In the image that follows, there is an HSG registry key that contains a ForScripting property. Both of these need to be detected, and if they exist, they need to be deleted.

Image of file

The steps involved in detecting and removing the HSG registry key are as follows:

  1. Use Push-Location to store the current location (pushd is an alias).
  2. Use Set-Location to change the working location to the registry drive (sl is an alias).
  3. Use Test-Path to determine if the HSG registry key exists.
  4. Use Remove-Item to remove the registry key.
  5. Return to the original location by using Pop-Location (popd is an alias).

The actual commands are shown here.


sl HKCU:\Software

Test-Path hsg

Remove-Item hsg


The commands and the output associated with the commands are shown in the image that follows.

Image of command output

When I know I can successfully test for the presence of a specific registry key, and I know I can remove that registry key, I can put the commands together in a single command. This will facilitate using them with the Invoke-Command cmdlet to run against multiple remote computers.

I recreate the registry key on my local computer by using the commands that are shown here.


sl HKCU:\Software

New-Item -Name hsg

New-ItemProperty -Name forscripting -PropertyType string -Path hsg –Value “PowerShell Rocks”


Now, I create a single command to test for the registry key and to remove it if it exists. To do this, I use a semicolon to separate the logical commands. In addition, I added the if statement to determine if the registry key exists before I attempt to delete it. In the else condition, I display a message that the registry key does not exist. The command is shown here.

pushd;sl HKCU:\Software; if(test-path hsg){remove-item hsg}ELSE{“hsg does not exist”};popd

After I know the single line command works properly, I can easily add it to the Invoke-Command cmdlet to find and delete the registry key on all remote servers that are listed in the servers.txt file. The content of the servers.txt file is shown in the image that follows.

The revised command is a single-line logical command that spans multiple lines in the console. This command is shown here.

invoke-command -cn (cat c:\fso\servers.txt) -credential iammred\administrator {pushd;sl HKCU:\Software; if(test-path hsg){remove-item hsg}ELSE{“hsg does not exist”};popd}

Well, that is about all there is to testing remote machines to see if they contain a specific registry key. I invite you to follow me on Twitter and Facebook. If you have any questions, send email to me at, or post your questions on the Official Scripting Guys Forum. See you tomorrow. Until then, peace.

Ed Wilson, Microsoft Scripting Guy 


Discussion is closed.

Feedback usabilla icon