删除registry项中的所有子项

有没有一种简单(自动)的方式来删除Windowsregistry中的一个键中的所有子键而不删除键本身?

谢谢

你知道哪些子键是提前? 如果是这样,你可以使用这样的事情.reg文件来做到这一点删除testing的所有子键:

Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\Software\Test\Key1] [-HKEY_LOCAL_MACHINE\Software\Test\Key2] [-HKEY_LOCAL_MACHINE\Software\Test\Key3] [-HKEY_LOCAL_MACHINE\Software\Test\Key4] 

在行首的减号指示它删除该键,完整的语法在这里: http : //support.microsoft.com/kb/310516

如果没有,那么你正在寻找一个脚本,将枚举所有的子键,然后通过一个接一个地删除它们。 我有一个会在工作中这样做,但我在家里,无法实现它!

在Windows7或Vista中,可以使用像这样的Powershell命令,引用registrypath的方式与引用文件系统path的方法相同:

 Remove-Item -Path HKLM:\Software\Test\Key1 -Recurse Remove-Item -Path HKLM:\Software\Test\Key2 -Recurse Remove-Item -Path HKLM:\Software\Test\Key3 -Recurse Remove-Item -Path HKLM:\Software\Test\Key4 -Recurse 

这里是删除registry项的所有子项的PowerShell的方法:

 $path = "Any valid Path ..." (gci $path).PsPath | foreach { if($_){Remove-Item $_ -Force} } 

例如 :

 $path = "HKLM:\Software\Policies\Microsoft\Windows\RemovableStorageDevices" (gci $path).PsPath | foreach { if($_){Remove-Item $_ -Force} } 

原来的海报通过指出他们想要删除树而不是树的实际根密钥来澄清问题。 因此,这不是一个完全的答案,因为它会删除整个树,包括根。 不过,因为在search问题标题的答案的时候,这个在search结果中显示的很高,我觉得这个答案很有帮助。

 <# .SYNOPSIS Give ownership of a file, folder, or registry key to the specified user. .DESCRIPTION Give the current process the SeTakeOwnershipPrivilege" and "SeRestorePrivilege" rights which allows it to reset ownership of an object. The script will then set the owner to be the specified user. .PARAMETER Path (Required) The path to the object on which you wish to change ownership. It can be a file, folder, or registry key .PARAMETER User (Required) The user whom you want to be the owner of the specified object. The user should be in the format <domain>\<username>. Other user formats will not work. For system accounts, such as System, the user should be specified as "NT AUTHORITY\System". If the domain is missing, the local machine will be assumed. .PARAMETER Recurse (switch) Causes the function to parse through the Path recursively. .INPUTS None. You cannot pipe objects to Take-Ownership .OUTPUTS None .NOTES Name: Take-Ownership.ps1 Author: Jason Eberhardt Date: 2017-07-20 #> function Take-Ownership { [CmdletBinding(SupportsShouldProcess=$false)] Param([Parameter(Mandatory=$true, ValueFromPipeline=$false)] [ValidateNotNullOrEmpty()] [string]$Path, [Parameter(Mandatory=$true, ValueFromPipeline=$false)] [ValidateNotNullOrEmpty()] [string]$User, [Parameter(Mandatory=$false, ValueFromPipeline=$false)] [switch]$Recurse) Begin { $AdjustTokenPrivileges=@" using System; using System.Runtime.InteropServices; public class TokenManipulator { [DllImport("kernel32.dll", ExactSpelling = true)] internal static extern IntPtr GetCurrentProcess(); [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)] internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall, ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen); [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)] internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid); [StructLayout(LayoutKind.Sequential, Pack = 1)] internal struct TokPriv1Luid { public int Count; public long Luid; public int Attr; } internal const int SE_PRIVILEGE_DISABLED = 0x00000000; internal const int SE_PRIVILEGE_ENABLED = 0x00000002; internal const int TOKEN_QUERY = 0x00000008; internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020; public static bool AddPrivilege(string privilege) { bool retVal; TokPriv1Luid tp; IntPtr hproc = GetCurrentProcess(); IntPtr htok = IntPtr.Zero; retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok); tp.Count = 1; tp.Luid = 0; tp.Attr = SE_PRIVILEGE_ENABLED; retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid); retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero); return retVal; } public static bool RemovePrivilege(string privilege) { bool retVal; TokPriv1Luid tp; IntPtr hproc = GetCurrentProcess(); IntPtr htok = IntPtr.Zero; retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok); tp.Count = 1; tp.Luid = 0; tp.Attr = SE_PRIVILEGE_DISABLED; retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid); retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero); return retVal; } } "@ } Process { $Item=Get-Item $Path Write-Verbose "Giving current process token ownership rights" Add-Type $AdjustTokenPrivileges -PassThru > $null [void][TokenManipulator]::AddPrivilege("SeTakeOwnershipPrivilege") [void][TokenManipulator]::AddPrivilege("SeRestorePrivilege") # Change ownership $Account=$User.Split("\") if ($Account.Count -eq 1) { $Account+=$Account[0]; $Account[0]=$env:COMPUTERNAME } $Owner=New-Object System.Security.Principal.NTAccount($Account[0],$Account[1]) Write-Verbose "Change ownership to '$($Account[0])\$($Account[1])'" $Provider=$Item.PSProvider.Name if ($Item.PSIsContainer) { switch ($Provider) { "FileSystem" { $ACL=[System.Security.AccessControl.DirectorySecurity]::new() } "Registry" { $ACL=[System.Security.AccessControl.RegistrySecurity]::new() # Get-Item doesn't open the registry in a way that we can write to it. switch ($Item.Name.Split("\")[0]) { "HKEY_CLASSES_ROOT" { $rootKey=[Microsoft.Win32.Registry]::ClassesRoot; break } "HKEY_LOCAL_MACHINE" { $rootKey=[Microsoft.Win32.Registry]::LocalMachine; break } "HKEY_CURRENT_USER" { $rootKey=[Microsoft.Win32.Registry]::CurrentUser; break } "HKEY_USERS" { $rootKey=[Microsoft.Win32.Registry]::Users; break } "HKEY_CURRENT_CONFIG" { $rootKey=[Microsoft.Win32.Registry]::CurrentConfig; break } } $Key=$Item.Name.Replace(($Item.Name.Split("\")[0]+"\"),"") $Item=$rootKey.OpenSubKey($Key,[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::TakeOwnership) } default { throw "Unknown provider: $($Item.PSProvider.Name)" } } $ACL.SetOwner($Owner) Write-Verbose "Setting owner on $Path" $Item.SetAccessControl($ACL) if ($Provider -eq "Registry") { $Item.Close() } if ($Recurse.IsPresent) { # You can't set ownership on Registry Values if ($Provider -eq "Registry") { $Items=Get-ChildItem -Path $Path -Recurse -Force | Where-Object { $_.PSIsContainer } } else { $Items=Get-ChildItem -Path $Path -Recurse -Force } $Items=@($Items) for ($i=0; $i -lt $Items.Count; $i++) { switch ($Provider) { "FileSystem" { $Item=Get-Item $Items[$i].FullName if ($Item.PSIsContainer) { $ACL=[System.Security.AccessControl.DirectorySecurity]::new() } else { $ACL=[System.Security.AccessControl.FileSecurity]::new() } } "Registry" { $Item=Get-Item $Items[$i].PSPath $ACL=[System.Security.AccessControl.RegistrySecurity]::new() # Get-Item doesn't open the registry in a way that we can write to it. switch ($Item.Name.Split("\")[0]) { "HKEY_CLASSES_ROOT" { $rootKey=[Microsoft.Win32.Registry]::ClassesRoot; break } "HKEY_LOCAL_MACHINE" { $rootKey=[Microsoft.Win32.Registry]::LocalMachine; break } "HKEY_CURRENT_USER" { $rootKey=[Microsoft.Win32.Registry]::CurrentUser; break } "HKEY_USERS" { $rootKey=[Microsoft.Win32.Registry]::Users; break } "HKEY_CURRENT_CONFIG" { $rootKey=[Microsoft.Win32.Registry]::CurrentConfig; break } } $Key=$Item.Name.Replace(($Item.Name.Split("\")[0]+"\"),"") $Item=$rootKey.OpenSubKey($Key,[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::TakeOwnership) } default { throw "Unknown provider: $($Item.PSProvider.Name)" } } $ACL.SetOwner($Owner) Write-Verbose "Setting owner on $($Item.Name)" $Item.SetAccessControl($ACL) if ($Provider -eq "Registry") { $Item.Close() } } } # Recursion } else { if ($Recurse.IsPresent) { Write-Warning "Object specified is neither a folder nor a registry key. Recursion is not possible." } switch ($Provider) { "FileSystem" { $ACL=[System.Security.AccessControl.FileSecurity]::new() } "Registry" { throw "You cannot set ownership on a registry value" } default { throw "Unknown provider: $($Item.PSProvider.Name)" } } $ACL.SetOwner($Owner) Write-Verbose "Setting owner on $Path" $Item.SetAccessControl($ACL) } } } <# .SYNOPSIS Deletes a registry key recursively .DESCRIPTION This function will delete the specified registry key and all its values and subkeys .INPUTS None. You cannot pipe objects to Delete-RegistryKeyTree. .EXAMPLE Delete-RegistryKeyTree -Hive HKCR -Key "CLSID\squid" -User $env:USERNAME .OUTPUTS System.String .NOTES Name: Delete-RegistryKeyTree Author: Jason Eberhardt Date: 2017-07-20 #> function Delete-RegistryKeyTree { [CmdletBinding(SupportsShouldProcess=$false)] Param([Parameter(Mandatory=$true, ValueFromPipeline=$false)] [ValidateSet("HKCR","HKLM","HKCU","HKU","HKCC")] [string]$Hive, [Parameter(Mandatory=$true, ValueFromPipeline=$false)] [ValidateNotNullOrEmpty()] [string]$Key, [Parameter(Mandatory=$true, ValueFromPipeline=$false)] [ValidateNotNullOrEmpty()] [string]$User) Process { switch ($Hive) { "HKCR" { $rootKey=[Microsoft.Win32.RegistryHive]::ClassesRoot; break } "HKLM" { $rootKey=[Microsoft.Win32.RegistryHive]::LocalMachine; break } "HKCU" { $rootKey=[Microsoft.Win32.RegistryHive]::CurrentUser; break } "HKU" { $rootKey=[Microsoft.Win32.RegistryHive]::Users; break } "HKCC" { $rootKey=[Microsoft.Win32.RegistryHive]::CurrentConfig; break } } $Reg=[Microsoft.Win32.RegistryKey]::OpenBaseKey($rootKey,[Microsoft.Win32.RegistryView]::Default) $RegKey=$Reg.OpenSubKey($Key,[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::FullControl) if ($RegKey -eq $null) { Write-Warning "Registry key is already deleted." } else { Write-Verbose "Deleting key $Key" Take-Ownership -Path "Registry::$Hive\$Key" -User $User -Recurse Write-Verbose "Resetting permissions on $KeyName" $ACL=New-Object System.Security.AccessControl.RegistrySecurity $ACL.SetAccessRuleProtection($false,$false) $FSR=New-Object System.Security.AccessControl.RegistryAccessRule($User, [System.Security.AccessControl.RegistryRights]::FullControl, ([System.Security.AccessControl.InheritanceFlags]::ContainerInherit -bor [System.Security.AccessControl.InheritanceFlags]::ObjectInherit), [System.Security.AccessControl.PropagationFlags]::None, [System.Security.AccessControl.AccessControlType]::Allow) $ACL.ResetAccessRule($FSR) $RegKey.Close() $RegKey=$Reg.OpenSubKey($KeyName,[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::ChangePermissions) $RegKey.SetAccessControl($ACL) $RegKey.Close() $Reg.Close() Write-Verbose "Deleting $Key" $result=& cmd /c "reg delete $Hive\$Key /f" Write-Verbose $result[0] } } } 
 New-Item $path -Force 

-Force论点是做这个工作的。

 reg delete RegistryKey /va 

 reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /va 

删除Run \