Remove this item from the windows registry

Introduction

In Windows system administration, one of the more advanced yet important tasks that can be accomplished using PowerShell is deleting registry keys and values. This operation requires careful handling to avoid unintended consequences. Registry keys and values in Windows are critical components that store configuration settings for the operating system and installed applications. Modifying the registry can lead to system instability or even failure if not done correctly.

Importance of managing and deleting Windows Registry keys

The Windows Registry plays a significant role in the functioning of the Windows OS, affecting everything from system performance to user preferences and installed software behavior. However, as much as the Registry is essential, it can also become cluttered with obsolete, redundant, or even malicious entries over time. This clutter can slow down the system, cause erratic behavior, or, in worst cases, compromise system security. Sometimes, the software may not run correctly due to conflicting or erroneous Registry entries. Managing these entries can resolve conflicts and ensure that applications run smoothly. Malicious software often creates Registry entries to enable persistence on the system or hijack certain functionalities. Identifying and removing these entries is important in the process of malware removal and system recovery. When uninstalling software, remnants may remain in the registry, causing conflicts or errors. Deleting these orphaned keys can resolve issues and free up system resources.

Benefits of using PowerShell for registry key deletion

Using PowerShell for registry key deletion offers several benefits that make it an attractive option for system administrators and advanced users.

• PowerShell allows for the automation of registry key deletion. This means that repetitive or complex operations can be scripted, saving time and reducing human error.
• PowerShell scripts can manage batch operations, enabling the deletion of multiple registry keys or values in a single operation. This feature is particularly useful when cleaning up after software uninstallations or system configurations.
• PowerShell includes safety features such as the ability to simulate changes (what-if scenarios) and confirmations before executing potentially disruptive commands. These features provide an additional layer of security, helping to prevent accidental deletions that could impact system stability.
• PowerShell can provide search capabilities to locate registry keys and values based on several criteria. This is especially helpful when dealing with unknown or hidden entries, such as those left by malware.
• PowerShell is tightly integrated with the Windows environment as a native tool. This ensures that commands and scripts run efficiently and with full compatibility.
• PowerShell includes error handling options, helping users manage and respond to issues effectively during execution.
• PowerShell allows for remote registry management, facilitating administration across multiple machines in a networked environment.

Understanding the Windows Registry

Structure of the Windows Registry

The Windows Registry is a centralized database that stores configuration settings and options. Understanding its structure is important for anyone looking to modify or maintain their system through registry edits. The registry is organized into keys and subkeys, like the structure of folders and files on a file system.

Root Keys or Hives

At the top of the hierarchy are the root keys also known as hives. These root keys are the main branches from which subkeys, and values branch off. There are several root keys, each serving a specific purpose.

• HKEY_LOCAL_MACHINE (HKLM): Contains settings for the local machine, affecting all users.
• HKEY_CURRENT_USER (HKCU): Contains settings specific to the currently logged-in user.
• HKEY_CLASSES_ROOT (HKCR): Stores information about registered applications and file associations.
• HKEY_USERS (HKU): Contains subkeys for each user profile on the system.
• HKEY_CURRENT_CONFIG (HKCC): Contains information about the current hardware configuration.

Картинка с сайта: blog.netwrix.com

Beneath these root keys are keys and subkeys, which can be thought of as folders and subfolders. Keys can contain values or further subkeys.

Keys

Keys are the primary components of the registry, acting like folders that can contain subkeys and values. Each key has a unique name within its parent hive and can represent several settings, configurations, or options.

Subkeys

Subkeys are keys nested within other keys. They allow for a more organized and structured way to categorize settings. For example, under HKLM\Software, you might find subkeys for individual applications or system components.

Values

Each key or subkey can contain one or more values. Values are the actual data entries that store configuration settings. Each value has a name, a type, and data. The type defines the kind of data stored in the value, below are some common value types.

• String Value (REG_SZ): Stores text strings.
• DWORD Value (REG_DWORD): Stores 32-bit integers.
• QWORD Value (REG_QWORD): Stores 64-bit integers.
• Binary Value (REG_BINARY): Stores binary data.
• Multi-String Value (REG_MULTI_SZ): Stores multiple strings.
• Expandables String Value (REG_EXPAND_SZ): Stores strings that can contain environment variables.

Картинка с сайта: blog.netwrix.com

Safety Precautions

Risks involved in deleting registry keys

Deleting registry keys in Windows is a powerful action that can have significant effects on your system’s operation and stability. While registry editing can be used for troubleshooting, customizing, and improving system performance, it comes with substantial risks that should not be underestimated. Below are some key considerations regarding the risks involved in deleting registry keys.

• Deleting keys or values without fully understanding their purpose can lead to system instability, causing crashes, freezes, or a variety of unpredictable behavior.
• Certain registry keys are responsible for specific features and functionalities within the operating system and installed applications. Removing these keys can result in the loss of functionality, rendering some applications or system features inoperable.
• Deleting critical registry keys can prevent Windows from booting entirely. This type of system failure requires advanced troubleshooting to resolve, such as booting from external media to access system recovery tools.
• Some applications store configuration data and user preferences in the registry. Deleting these keys can lead to loss of custom settings and data, potentially affecting the usability of the application and necessitating reconfiguration.
• The registry also holds security settings and policies for the operating system. Incorrectly modifying or deleting security-related keys can weaken the system’s security, exposing it to vulnerabilities or circumventing established security policies.
• Unlike deleting files from the file system, where the Recycle Bin offers a safety by allowing files to be restored, changes made to the registry are immediate and permanent.

Backing up the registry before making changes

Backing up the Windows Registry is a major step before making any changes to it. Since the registry contains vital configuration data for your operating system and installed applications, modifying it without having a backup can lead to system instability or even prevent Windows from booting. Below are guidelines to safely back up the registry.

Using the Registry Editor

1. Press “Win + R”, type “regedit”, and press Enter to open the Registry Editor.
2. If you are planning to modify a specific key or subkey, navigate to it within the Registry Editor.
3. Right-click on the registry and select “Export” from the context menu. This action opens a dialog box asking where you want to save the backup file.
4. Select a location to save the backup file. Click “Save” to export the contents of the key to the “.reg” file.

Картинка с сайта: blog.netwrix.com

Using PowerShell

You can also create a backup using PowerShell, use the below command, provide the exact location of the key. Below example cmdlets backups the whole registry hives.

Export the entire registry

reg export HKLM C:\Backup\HKLM_Backup.reg

reg export HKCU C:\Backup\HKCU_Backup.reg

Restore the registry

In case of unexpected changes, system failure or any other behavior caused by managing the registry, you can simply restore the whole registry or the specific section and key to its original state.

Using Registry Editor

1. Open the Registry Editor.
2. Click on File > Import.
3. Select the backup file you created and click Open to restore it.
4. A dialog box will appear to let you know that the information was successfully added to the registry.
5. To ensure that all changes take effect, restart your computer.

Using PowerShell

You can use below cmdlets to import the registry back.

reg import HKLM C:\Backup\HKLM_Backup.reg

reg import HKCU C:\Backup\HKCU_Backup.reg

PowerShell Basics for Registry Management

Basic PowerShell commands for registry management

With its cmdlets tailored for registry access, PowerShell offers a precise and programmable approach to navigating and altering the Windows Registry. Below are some basic PowerShell commands relevant to registry management.

Navigating the Registry

Get-ChildItem cmdlet is used to list the keys and subkeys in a registry path.

Get-ChildItem -Path HKCU:\Software

Картинка с сайта: blog.netwrix.com

Reading Registry Values

Get-ItemProperty cmdlet can be used to read the values and data stored in a specific registry key. It allows you to see what configurations are set within a key.

Get-ItemProperty -Path HKCU:\SOFTWARE\elasticvue\elasticvue

Картинка с сайта: blog.netwrix.com

Creating Keys and Values

New-Item cmdlet can be used to create a new registry key. You specify the path where the new key should be created.

New-Item -Path HKCU:\Software\NewApplicationKey

Картинка с сайта: blog.netwrix.com

New-ItemProperty cmdlet can be used to add a new value to a registry key, use this cmdlet. You can specify the name, type, and data for the new registry value.

New-ItemProperty -Path HKCU:\Software\NewApplicationKey -Name "Data" -Value "TestData" -PropertyType String

Картинка с сайта: blog.netwrix.com

Modifying Values

Set-ItemProperty cmdlet can be used to change the data of an existing registry value. It modifies the value data without altering the value name or type.

Set-ItemProperty -Path HKCU:\Software\NewApplicationKey -Name "Data" -Value "NewData"

Set-ItemProperty does not provide an output, you can use below cmdlet with exact registry location to see the changes.

Get-ItemProperty -Path HKCU:\SOFTWARE\NewApplicationKey

Картинка с сайта: blog.netwrix.com

Deleting Keys and Values

Remove-Item command removes an entire registry key and all its values and subkeys using PowerShell. Use with caution, as this can have significant effects on system behavior.

Remove-Item -Path HKCU:\Software\NewApplicationKey -Recurse

Remove-ItemProperty cmdlet can be used to delete a specific value within a registry key, leaving the key and other values intact.

Remove-ItemProperty -Path HKCU:\Software\NewApplicationKey -Name "Data"

Access the registry using PowerShell providers and drives (HKLM, HKCU)

In PowerShell, the terms “PS Drive” and “PowerShell provider” are closely related but refer to different concepts. A PS Drive is a virtual drive that provides a way to access different data stores in PowerShell, like how you access file systems. It allows you to navigate and manage resources that may not be part of the file system, such as the registry, certificates. You can use “Get-PSDrive” to list the drives available.

Картинка с сайта: blog.netwrix.com

A PowerShell provider is a component that enables access to different data stores in a consistent manner. It defines how data is accessed and manipulated within a PS Drive. Providers implement the logic for how to interact with the underlying data, including cmdlets for listing, getting, setting, and removing items. There are several built-in providers in PowerShell, such as the Filesystem provider, Registry provider, and Environment provider.

Accessing the Registry with PowerShell Provider

When you start a PowerShell session, it automatically creates PS Drives for several data stores, including the registry. The two primary registry hives that you can access directly as drives in PowerShell are “HKLM” (HKEY_LOCAL_MACHINE) and “HKCU” (HKEY_CURRENT_USER).

You can use the “Set-Location” cmdlet to change your current location to the registry hive or key you want to access.

Example of accessing HKLM

Set-Location HKLM:\Software

You can list the subkeys within it using “Get-ChildItem”.

Get-ChildItem

Картинка с сайта: blog.netwrix.com

Example of accessing HKCU

Set-Location HKCU:\Software

You would use the same “Get-ChildItem” cmdlet.

Get-ChildItem

Картинка с сайта: blog.netwrix.com

Deleting Registry Keys with PowerShell

Delete registry keys using Remove-Item

Follow the steps below to safely delete registry keys using the “Remove-Item” cmdlet in PowerShell.

1. Open PowerShell with Administrative Privileges
2. Back up the Registry Key either by using Registry Editor or PowerShell
3. Verify the Registry Key Exists.

Test-Path HKCU:\Software\MyNewApplication

If it returns True, the key exists. If it returns False, the key does not exist.

• Once you have identified the key, backed it up, and verified that it exists, delete the registry key using PowerShell’s “Remove-Item” cmdlet.

Remove-Item -Path HKCU:\Software\MyNewApplication

Script example of the entire process

if (Test-Path HKCU:\Software\MyNewApplication) {

    Remove-Item -Path "HKCU:\Software\MyNewApplication " -Recurse -Force

    Write-Host "Registry key 'HKCU:\Software\MyNewApplication' has been deleted."

} else {

    Write-Host "Registry key 'HKCU:\Software\MyNewApplication' does not exist."

}

This script checks for the key’s existence before attempting to delete it, providing a safer approach to registry management.

Картинка с сайта: blog.netwrix.com

If you re-run the same script, and because the key has already been deleted, the “else” condition will be true, and script will show that registry key does not exist. As shown below in screenshot.

Картинка с сайта: blog.netwrix.com

-Force and -Verbose Parameters

In PowerShell, cmdlets come with a variety of parameters that modify their behavior. Two commonly used parameters across many cmdlets are “-Force” and “-Verbose”. Understanding these parameters can significantly enhance your PowerShell scripting and command-line work.

-Force

In the context of file and item management cmdlets like “Remove-Item”, which is used for deleting files, folders, or registry keys, -Force can enable the cmdlet to delete read-only items or perform the action without asking for confirmation.

Remove-Item -Path HKCU:\Software\MyApplicationKey -Force

-Verbose

The “-Verbose” parameter provides detailed information about the operations a cmdlet is performing. When used, PowerShell emits additional output that describes each step of the cmdlet’s execution. This can be very useful for debugging scripts or for understanding how a particular cmdlet works under the hood.

Remove-Item -Path HKCU:\Software\MyNewApplication -Verbose

Картинка с сайта: blog.netwrix.com

Using Get-Item and Remove-Item Together

Retrieving and subsequently deleting a registry key using PowerShell involves two cmdlets, “Get-Item” to retrieve or identify the key, and “Remove-Item” to delete it.

Get-Item -Path "HKCU:\Software\MyNewApplication" | Remove-Item -Recurse

The “-Recurse” parameter is used to ensure that the key and all its subkeys and values are deleted. Be extremely cautious with this parameter, especially with keys that might contain subkeys.

Below is an example script for getting the registry key with “Get-Item”, handling the errors and then deleting the key using “Remove-Item” cmdlet.

# Define the registry path

$registryPath = "HKCU:\Software\MyNewApplication"

# Use Get-Item to retrieve the key and then remove it if it exists

try {

    # Attempt to get the registry key

    $key = Get-Item -Path $registryPath -ErrorAction Stop

    # If the key is found, remove it

    Remove-Item -Path $registryPath -Recurse -Force

    Write-Host "Registry key '$registryPath' has been successfully deleted."

} catch {

    # Handle the case where the key does not exist

    Write-Host "Registry key '$registryPath' does not exist."

}

Картинка с сайта: blog.netwrix.com

Deleting Registry Key Values

Difference between deleting a registry key and a registry value

Deleting a registry key and deleting a registry value are two different operations in the Windows Registry, and understanding their differences is important for effective registry management.

Deleting a Registry Key

When you delete a registry key, you remove the key itself along with all the subkeys and values contained within it. It is like deleting a folder in a file system, which also removes all the files and subfolders inside it. Deleting a key is a significant action because it can eliminate a complete set of configurations or settings at once. This action could potentially impact system or application functionality if the key contains critical settings or information.

Deleting a Registry Value

Deleting a registry value, involves removing a single piece of information such as a specific setting within a key, without affecting other values or subkeys in the same key. This action is more granular and precise compared to deleting an entire key. It is like deleting a single file within a folder, where other files and subfolders remain untouched.

Deleting a registry key value using Remove-ItemProperty.

Deleting a specific value within a registry key is a precise operation that can be necessary for troubleshooting, system configuration, or software setup. To perform this action, you can use the “Remove-ItemProperty” cmdlet in PowerShell.

Remove-ItemProperty -Path "HKCU:\Software\MyNewApplication" -Name "Data"

Above cmdlet delete registry key value if exists.

Handling Errors and Ensuring Safety

Common errors that might occur during the deletion process

During the process of deleting registry keys or values using PowerShell, several types of errors or issues may arise. These can range from permissions issues to typos in the command itself. Understanding these common errors can help you troubleshoot and resolve issues more efficiently.

Permission Errors

One of the most common issues encountered when trying to delete registry keys or values is permissions related, many keys are protected to prevent accidental or malicious modifications. If you attempt to delete a key or value without the necessary permissions, the operation will fail. Make sure you are running PowerShell as an administrator.

Key or Value Not Found

If you specify a path to a registry key or value that does not exist, you will encounter an error stating that the path could not be found. This error often results from typographical errors in the path or incorrect use of the registry hive abbreviations. Double-check the path for typos and ensure you are using the correct hive abbreviation, e.g., “HKLM” for HKEY_LOCAL_MACHINE.

Path Too Long

While not as common, you might encounter errors related to the maximum path length. PowerShell and the Windows API have limits on the length of the paths they can process. This issue is more likely to occur in deeply nested registry structures. Try shortening the path by renaming keys to shorter names, if possible.

Syntax Errors in the Command

Errors in how the command is written, such as incorrect parameter names or missing required parameters, can lead to syntax errors that prevent the command from executing. Review the command for typos and consult the PowerShell documentation to ensure you are using the correct syntax for the “Remove-Item” or “Remove-ItemProperty” cmdlets.

Locked by Another Process

Some registry keys or values may be in use by the system or an application, making them locked and preventing deletion. Attempting to delete such keys or values can result in an error. Close any applications that might be using the key or value. If the issue persists, you may need to boot into Safe Mode to perform the deletion, as fewer processes will be running that could lock the registry.

PowerShell Execution Policy Issues

You may get the error “Script execution is disabled on this system.” The PowerShell execution policy prevents scripts from running. Change the execution policy using Set-ExecutionPolicy, but ensure you understand the implications of changing this setting.

Tips for troubleshooting and ensuring safe deletion

When dealing with the deletion of registry keys or values, ensuring that the process is both safe and successful is important. Below are some tips for troubleshooting and ensuring safe deletion of registry keys or values.

Double-Check the Target Path

Typographical errors in the registry path are a common mistake. Verify the path to the key or value you intend to delete, ensuring it is correct. Use tab completion in PowerShell to help avoid typos when typing paths.

Use -WhatIf and -Confirm Parameters for Safety

The “-WhatIf” parameter simulates the command without executing it, showing you what would happen. This is useful for double-checking the command’s impact. The “-Confirm” parameter prompts you for confirmation before executing the command, adding an extra layer of user verification.

Use Try-Catch for Error Handling

Wrap your commands in a “try-catch” block to catch any exceptions or errors that occur. This allows for more graceful handling of unexpected issues.

Minimize Use of -Force and -Recurse

The “-Force” parameter can override some safety checks, and “-Recurse” can lead to broader changes than initially intended. Use these parameters with caution, fully understanding their impact.

Test in a Controlled Environment

If possible, evaluate your registry changes on a non-production system or virtual machine first. This allows you to identify potential issues without risking your primary system.

Incremental Changes and Testing

Make changes incrementally, evaluating the system’s response with each modification. This approach helps isolate any issues to the most recent change, simplifying troubleshooting.

Example command to check if a key exists before deletion

To safely manage registry modifications, it is important to check if a registry key exists before attempting to delete it. The “Test-Path” cmdlet in PowerShell is ideally suited for this task. It checks for the existence of a path and returns “True” if the path exists, and “False” otherwise. Below is an example command that checks for a registry key if it exists.

Test-Path -Path "HKCU:\Software\MyNewApplication"

Automating Registry Key Deletion

Automating the deletion of registry keys for multiple systems

Automating the deletion of registry keys across multiple systems requires a careful approach to ensure that the operation is both safe and effective. This kind of task is common in enterprise environments where systems need to be kept in a consistent state or where unwanted software configurations need to be removed.

Consider the following points before running the script.

• Before deploying the script widely, test it on a single system to ensure it works as expected without causing adverse effects.
• Ensure you have administrative access on the target systems and permissions to execute scripts remotely.
• Enable PowerShell remoting on target systems. This can be done manually on each system by running “Enable-PSRemoting” in an elevated PowerShell session, or via Group Policy for domain-joined computers.

Use the below PowerShell script that checks for the existence of the target registry key on remote computers and deletes it if found. “Invoke-Command” cmdlet is used within the script to run the script on the remote systems. You can specify individual computer names in $computers variable string array, add more if you want to run it on more than 3 computers.

$keyPath = 'HKCU:\Software\MyNewApplication' 

$computers = @('GroupID11', 'Windows10', 'Windows11')

Invoke-Command -ComputerName $computers -ScriptBlock {

    param ($regPath)

    if (Test-Path -Path $regPath) {

        Remove-Item -Path $regPath -Recurse -Force

        Write-Output "Registry key deleted."

    } else {

        Write-Output "Key does not exist."

    }

} -ArgumentList $keyPath

Картинка с сайта: blog.netwrix.com

Using loops and conditional statements in PowerShell scripts

Using loops and conditional statements in PowerShell scripts allows you to control the flow of your script, making it more dynamic and capable of handling different scenarios.

Conditional Statements

Conditional statements check whether a condition is true or false and then execute a block of code based on the result. The most common conditional statement in PowerShell is the “if” statement, but “switch” statements are also useful for multiple conditions.

Loops

Loops allow you to repeat a block of code multiple times. PowerShell supports several types of loops: for, foreach, while, and do-while.

Practical Example

Using the below script, you can use loops and conditions in PowerShell for automating registry deletion.

$keysToDelete = @(

    "HKCU:\Software\MyNewApplication",

    "HKLM:\Software\MyNewApplication2"

)

foreach ($keyPath in $keysToDelete) {

    if (Test-Path $keyPath) {

        Write-Host "Deleting key: $keyPath"

        Remove-Item -Path $keyPath -Recurse -Force

        Write-Host "Successfully deleted $keyPath."

    } else {

        Write-Host "Key does not exist: $keyPath"

    }

}

Картинка с сайта: blog.netwrix.com

Best Practices for Registry Key Deletion

Dealing with the Windows Registry requires caution due to its critical role in the functioning of the operating system and installed applications. Below are some best practices to follow when deleting registry keys to minimize risks.

Guidelines for safely deleting registry keys

• Before deleting any registry key, export it using the Registry Editor or PowerShell. This allows you to restore the key if needed. Consider creating a full registry backup to be on more safe side.
• Make sure that the registry key you plan to delete is indeed unnecessary or causing issues. Research and double-check the function of the key to avoid removing something critical to system operations or application functionality.
• Modifying the registry typically requires administrative privileges. Ensure your PowerShell session or Registry Editor is running with elevated privileges to avoid access denied errors.
• Make sure you specify the correct path to the registry key. A small typo can lead to modifying or deleting the wrong key.
• Before deletion, use conditional checks to ensure the key exists. In PowerShell, you can use “Test-Path” for this purpose.
• When using PowerShell, wrap your commands in try-catch blocks to gracefully handle potential errors.
• When using commands that support the “-Recurse” parameter, such as “Remove-Item”, use it cautiously. Recursively deleting keys can have unintended consequences.
• Keep a log of the registry keys you delete, including the date and reason for the deletion. This documentation can be invaluable for troubleshooting or understanding past actions.
• Whenever possible, test registry modifications in a non-production environment or virtual machine. This allows you to observe the effects and identify potential problems safely.
• If you are deploying registry changes across multiple systems, consider a phased approach. Start with a small group of systems, monitor for issues, and then proceed with wider implementation.
• Be familiar with the process of restoring backups of registry keys or using system restore points. Quick recovery from incorrect changes can minimize disruptions.

Importance of documenting changes and maintaining version control

Documenting who deleted specific registry keys and why helps assign responsibility. This accountability helps in identifying issues when they arise. If a system behaves unexpectedly after a registry deletion, documentation provides context to quickly diagnose the issue and identify which key was removed. Knowing what changes were made allows for quicker recovery strategies, helping to restore system functionality. When team members leave or change roles, documentation ensures that their knowledge about registry modifications is passed on, preventing knowledge silos.

Having a version-controlled history allows for quick restoration of previous configurations. In cases of critical failures, previous versions can be restored to bring systems back to a functional state. Version control enables tracking of all changes over time, allowing you to see how registry settings have evolved. You can analyze the effects of deletions by comparing configurations before and after changes. Version control systems can manage permissions, ensuring that only authorized personnel can delete or modify registry keys. They provide detailed logs of who made changes and when, improving traceability and security.

Conclusion

When it comes to making changes to your computer’s registry, practicing caution cannot be overstated. The registry is a critical database that Windows relies on to operate. Even a small error can lead to significant issues, including system instability, malfunction of software, or even a failure to boot your system correctly. Therefore, the importance of backing up the registry before making any changes is paramount. Identify the exact registry key you need to delete to avoid unintended system issues. Run PowerShell with administrative privileges to ensure your PowerShell session is launched as an Administrator. Always consider using the “-WhatIf” parameter to preview what will happen without actually performing the deletion. Before deleting a key, investigate if any applications or system components depend on it. If possible, test the deletion process in a non-production environment first. This helps ensure that removing the key will not have unintended consequences.

FAQs

How do I handle registry operations in PowerShell when dealing with both 32-bit and 64-bit registry views?

When dealing with registry operations in PowerShell, it is important to understand that Windows systems have separate registry views for 32-bit and 64-bit applications. By default, on a 64-bit system, 64-bit processes use the 64-bit view of the registry, and 32-bit processes use a subset of the registry called the Wow6432Node, which is the 32-bit view. This separation ensures compatibility with 32-bit applications on a 64-bit system. When you need to access or modify the 32-bit view of the registry on a 64-bit machine, you can direct your commands to that specific node. Below is an example command.

Get-ItemProperty “HKLM:\SOFTWARE\WOW6432Node\Notepad++”

How can I remove a registry property using PowerShell, similar to using reg delete in CMD?

To remove a registry property using PowerShell, you can use the “Remove-ItemProperty” cmdlet. Below is an example cmdlet.

Remove-ItemProperty -Path "HKCU:\Software\MyApplication" -Name "Settings"

Is there an equivalent PowerShell parameter for /reg:64 used in the CMD reg delete command?

PowerShell does not use a direct parameter equivalent to “/reg:64” or “/reg:32” for its registry-related cmdlets. Instead, PowerShell automatically accesses the registry view that corresponds to the bitness (32 or 64) of the PowerShell process itself. If you are running 64-bit PowerShell on a 64-bit system, it will access the 64-bit view of the registry by default, and similarly for 32-bit. But if you want to access 32-bit registry keys using 64-bit PowerShell, you must direct the path to “Wow6432Node”.

Broken registry items can lead to system errors and hamper your system’s normal functioning. How to delete broken registry items on Windows 11/10? MiniTool System Booster and other 4 ways help you do that.

Windows registry items are essential for your system to run smoothly. However, after using a computer for some time, unused registry files or corrupted registry items may be left in the database.

These junk files are left behind after uninstalling an app or deleting files. This can cause various system errors such as poor performance, and program crashes. In severe cases, your computer will fail to boot and display a blue screen of death. Therefore, it is good for your system to regularly delete broken registry items.

If you don’t have any backup, you can continue to read. We will teach you how to delete broken registry items for more computer space.

How to delete broken registry items on Windows 10? You can try the PC cleanup tool – MiniTool System Booster. It can boost up the Internet, clear junk files, delete broken registry items, and release more memory on a Windows computer.

This tool can automatically scan and fix up to 30,000 issues on your PC in real-time to ensure you get peak performance while gaming, streaming, video editing, and downloading.

Now, download and install MiniTool System Booster Trial Edition and you can use it free for 15 days.

MiniTool System Booster TrialClick to Download100%Clean & Safe

1. Launch it to enter its main interface.

2. Under the Performance tab, click the drop-down menu to choose Performance Home.

3. Click RUN SCAN. After scanning, click FIX ISSUES to fix the found problems.

4. You can also click ISSUES FOUND to view the details and choose what to clean up. MiniTool System Booster will detect Internet junk files, Windows junk files, registry issues, and available memory for you. You need to click the CLEAN button directly.

Картинка с сайта: systembooster.minitool.com

You can also use the Deepclean feature to delete broken registry items.

1. Under the Performance page, choose Deepclean > START CLEAN.

Картинка с сайта: systembooster.minitool.com

2. It will start 7 cleanup tasks and you can do them one by one or skip some depending on your needs.

• NetBooster
• Internet Cleanup
• Windows Cleanup
• Registry Cleanup
• Security Optimizer
• Program Accelerator
• Memory Mechanic

Since you want to delete broken registry items, you need to choose CLEAN SELECTED in the Registry Cleanup part.

Картинка с сайта: systembooster.minitool.com

Method 2: Run Windows Automatic Repair

Windows 11/10 comes with a variety of tools that aid in maintaining and fixing your system. One such tool is Windows Recovery Environment. Using this solution, you can remove corrupt files, including registry entries. 

1. Press the Windows + I keys together to open the Settings application.

2. Navigate to Update & Security > Recovery.

3. Click the Restart now option under the Advanced startup section. Now Windows will reboot to the Choose an option blue interface.

4. You need to click Troubleshoot in the popup window to continue.

5. Click Advanced options to go to the next page.

6. Choose the Startup Repair in the Advanced options screen and wait for the process to be completed.

The cleanup feature makes it easy to delete unnecessary files on your computer and save space. You can use it to delete broken registry items.

1. Type Disk Cleanup in the Search box and select the first option.

2. Disk Cleanup tool will launch. Select the C drive and click on the OK button.

3. Find and click the Clean up system files button

4. The Disk Cleanup tool will launch again. Keep the Drive selection as C disk and click the OK button.

5. Wait for the utility to scan the system. Then, click the OK button.

6. Disk Cleanup will reconfirm your decision. Click the Delete files button.

Method 4: Run an SFC Scan

SFC (System File Checker) is a Windows built-in tool used for replacing damaged, lost, or changed system files with good system files. Running this tool can delete broken registry items. To do that, type cmd in the Search box and choose Run as administrator. Then, type sfc/scannow and press the Enter key. 

Method 5: Try a DISM Scan

Windows 10/11 has a command-line utility called DISM (Deployment Image Servicing and Management). DISM command can delete broken registry items and repair Windows images.

1. Launch Command Prompt as administrator.

2. Type the following commands and press Enter after each one.

• Dism /Online /Cleanup-Image /CheckHealth
• Dism /Online /Cleanup-Image /ScanHealth
• Dism /Online /Cleanup-Image /RestoreHealth

Final Words

That is all the information on methods to delete broken registry items on Windows. If you want to do that, you can try the above methods one by one. I believe that one of them can help you fix the issue.

Is this article up to date?

The following article is the third of series about registry and working on it through command line (CMD) and PowerShell.  We are going to explain how you can delete registry key with command line and PowerShell. You will be available to delete individually through CMD or over the network through batch file.

Check Also:

How to Edit Registry Key/value with CMD

How to Add Registry Key/value with CMD

How to delete registry key and value with CMD:

Below is the default commands line to delete registry key and “deleteTestKey” on path “HKEY_CURRENT_USER\Software\” – To run it:

1. Start
2. Search “CMD”
3. Run as Administrator
4. Execute Below Command

reg delete “HKEY_CURRENT_USER\Software\deleteTestKey” /f

Below is the default command to delete registry value entry “DeleteTestValue” of type “DWORD (32-bit)” on path “HKEY_CURRENT_USER\Software\DeleteTestKey:

1. Start
2. Search “CMD”
3. Run as Administrator
4. Execute Below Command

Customized:

reg delete  HKEY_CURRENT_USER\Software\DeleteTestKey\ /v  DeleteTestValue /f

Default Command:

Reg Delete Regkey /v RegValue /f

Command Description:

• Regkey – Path where the new value should be added.
• RegValue – Name of the value that should be added
• /v – Deletes a specific entry under the subkey. If no entry is specified, then all entries and subkeys under the subkey will be deleted.

How to Delete Registry key and value with PowerShell:

Below is the PowerShell default command to delete registry key “DeleteTestKey” on path “HKEY_CURRENT_USER\Software\” – To run it:

1. Start
2. Search PowerShell
3. Run as Administrator
4. Execute Below Command

# Set the location to the registry
Set-Location -Path 'HKCU:\Software\'
# Remove Key
Get-Item -Path 'HKCU:\Software\DeleteTestKey' -Recurse

Below is the PowerShell default command to delete registry value entry “DeleteValue” of type “DWORD (32-bit)” on the path “HKEY_CURRENT_USER\Software\DeleteTestKey\” To run it:

1. Start
2. Search PowerShell
3. Run as Administrator
4. Execute Below Command

# Create new items with values
Remove-ItemProperty -Path 'HKCU:\Software\DeleteTestKey' -Name ‘DeleteValue"
# Get out of the Registry
Pop-Location

Note! The –Recurse parameter delete all the subkeys without additional.

If you want to delete all subkeys inside the specified key without deleting the key itself, you should add the “*” symbol at the end of the path:

Remove-Item -Path " HKCU:\Software\DeleteTestKey\*" -Recurse

How to Delete Registry key and value on a remote computer:

Below is the command to remove registry key on a remote computer. To run it:

1. Start
2. Search “CMD”
3. Run as Administrator
4. Execute Below Command

REG Delete \\ComputerName\HKCU\Software\DeleteTestKey

Below is the command to remove registry value on a remote computer. To run it:

1. Start
2. Search “CMD”
3. Run as Administrator
4. Execute Below Command

REG delete \\ComputerName\HKCU\Software\DeleteTestKey /v DeleteValue

How to delete registry key and value with batch file:

The same commands used above to add the registry key from the command prompt can be integrated on the batch file. The commands can be used on the existing batch along with other commands or on the new batch file. To create a new batch file:

1. Open a notepad files
2. Write the below command
3. Save it as regedit.bat
4. Run it with DoubleClick and the command will be executed.

@echo off

reg delete “HKEY_CURRENT_USER\Software\DeleteTestKey” /f

The bat files used mostly when you want to spread it over the network using GPO or SCCM

How to delete registry key and value with regedit file (.reg)

You can delete registry key and value by using .reg file. This file structure can be found by exporting certain keys from the regedit interface by right-clicking on it and the export option. To create it from the screech:

1. Open a notepad file
2. Copy and paste the below command
3. Save it at addkey.reg

Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\DeleteTestKey2]

To delete a single value put a hyphen (-) after the equals sign in the .reg file.

Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\DeleteTestKey2]
"Deletevalue1"=-

The command with delete value “Deletevalue1”. To execute .reg files, double-click it and after typing to the confirmation yes the changes with be done.

Conclusion:

Those are the methods to delete registry key and values using command prompt, PowerShell, and batch files. Follow us for the next articles where we will explain the methods to edit and delete keys and values from the registry