Delete multiple registry entries

Hi guys,

Powershell is not my strong and I am trying to delete(clean) some entries from the registry for a failed update, I am using the command:

Get-ChildItem -path HKLM:\ -Recurse | where { $_.Name -match 'KB5001342'} | Remove-Item -Force

But I am getting an error:

Get-ChildItem : Requested registry access is not allowed.
At line:1 char:1
+ Get-ChildItem -path HKLM:\ -Recurse | where { $_.Name -match 'KB50013 ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (HKEY_LOCAL_MACH...stReauthContext:String) [Get-ChildItem], SecurityEx
    + FullyQualifiedErrorId : System.Security.SecurityException,Microsoft.PowerShell.Commands.GetChildItemCommand

Get-ChildItem : Requested registry access is not allowed.
At line:1 char:1
+ Get-ChildItem -path HKLM:\ -Recurse | where { $_.Name -match 'KB50013 ...

Can anyone help me get throw this?

Welcome to the forum. :wave:t4:

To make changes to the HKLM:\ hive you have to have administrative rights and you have to run the commands for it in an elevated PowerShell session.

Regardless of that: I wouldn’t recommend to to make extensive changes to the registry until you know exactly what you’re doing. Especially when you’re not familiar with the technology you’re about to use. If you really want to delete these keys do it with the GUI / Regedit.exe.

And BTW: When you post code or sample data or console output please format it as code using the preformatted text button ( </> ). Simply place your cursor on an empty line, click the button and paste your code.
Thanks in advance

If you have the permission you could even use Regedit on a remote Computer to access the registry on another remote computer or server … not for 4000 keys or 4000 servers but maybe to evaluate on one server or one key. :wink:

Now I’m even more concerned if you do the right thing. :smirk:

Psexec shouldn’t be necessary as PowerShell remoting offers everything you need. And AFAIR is it activated by default on server core.

I don’t know what you mean with that. You have to have administrative rights on the computer you want to do administrative tasks.

So you may ask for professional help before you do something what’d be hard to reverse or fix. :wink:

I didn’t get that … obviously you did use Remove-Item in the code snippet you posted.

Some general tipps:
You may use Invoke-Command instead of psexec to run commands on remote computers/serrvers.
You may narrow down the path in the registry you search for the KB number. The root (HKLM.\) seems a little risky to me.
And you may search for examples for tasks like this. Most of the time you’re not the very first one with a given task. For simple tasks like deleting a registry key there are probably thousands of examples out there.
And just in case it might enough to rename the keys instead of deleting them. This way it would be fairly easy to roll this action back if needed.

And BTW: Thanks for fixing the code formatting. :+1:t4: :love_you_gesture:t4: :slightly_smiling_face:

I have to side with Olaf on this one. Recursing through the entire root HKLM hive on 4000 servers(??) and removing every instance of an item found is in my opinion a bad idea. I would find and log the entries first to see what damage you might inflict. At the very least, you need to log what is removed so you can “attempt” to fix what you broke.

Do you know the registry location where you can find all the KB numbers? I can help you with that. The registry has a vast hierarchical structure and knowing what you are trying to remove can cause significant consequences.