Reputation: 3185
Searching and deleting registry entries using wildcards
Is it possible to search for a wildcard - example *WAAgent* or *WAHost* and delete every registry key that references that wildcard statement above?
Upvotes: 6
Views: 30970
Answers (4)
Reputation: 1
I had the problem that there was a Session ID in the path of the registry. To solve this is got the first part of the registry, stored it in a variable and used this for my foreach loop where the keys for drive mappings were stored.
The above was too rigorous in my case.
The below shows an example to remove (local) drive mappings in a session (the problem i had).
Start-Sleep -Seconds 20
# This stores the Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\<SESSIONID>"
$SessionInfo = Get-Item "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\*"
cd "HKCU:\"
Start-Sleep -Seconds 1
$Items = Get-ChildItem "$SessionInfo\MyComputer\Namespace"
foreach($Item in $Items){
Remove-Item $Item -Force -Recurse -Verbose
}
Upvotes: 0
Reputation: 60976
If you are searching for a property value instead of a key value (and delete the relative key) you can use something like this:
gci HKLM: -rec -ea SilentlyContinue | % { if((get-itemproperty -Path $_.PsPath)
-match "WAAGent") { $_.PsPath} } | Remove-Item
Like for the @Graimer's answer, BE CAREFULL!!!
Upvotes: 3
Reputation: 126932
As all have already suggested, use this with extremely caution!! The following will go through all registry hives. Keep in mind that a matching key found can have a deep structure underneath it and you're deleting it all. Remove the WhatIf switch to actually delete the keys.
Get-ChildItem Microsoft.PowerShell.Core\Registry:: -Include *WAAgent*,*WAHost* -Recurse |
Remove-Item -Recurse -Force -WhatIf
Upvotes: 2
Reputation: 54981
You may try something like:
Get-ChildItem -Path HKLM:\ -Recurse -Include *WAAgent* -ErrorAction SilentlyContinue | Remove-Item
Get-ChildItem -Path HKLM:\ -Recurse -Include *WAHost* -ErrorAction SilentlyContinue | Remove-Item
You have to specify in -Path if they are location in HKLM(local machine) or HKCU(current user), as they are two different drives. This has to be run as admin, and will give lots of errors(that's why I used -ErrorAction SilentlyContinue to hide them).
CAUTION: Personally I don't think it's smart to be using wildcards in registry though since it may delete something you didn't know about that could crash the system. My recommendation would be to compile a list of paths to the keys you want to remove and loop through it with foreach to delete one by one. Again, wildcards are DANGEROUS in registry.
Upvotes: 8
Related Questions
- Delete a registry entry based on the value using powershell
- PowerShell - How can I use regex in the middle of registry file path to perform remove-item operation?
- Powershell, registry and wildcards, oh my
- Powershell: delete all the registry keys containing a string
- Find registry key by value and delete it
- Registry wildcard use
- Remotely delete multiple registry keys in a wildcard folder using powershell?
- Powershell, registry & wildcards
- PowerShell Script to Remove Registry Item
- Filter and delete Registry values with Where-Object