Registry oddity

Looking at modifying the registry on a virtual machine while its offline. I mount the VHDX file and can run this  to load the registry

PS> reg load HKLM\VHDSYS h:\windows\system32\config\system
The operation completed successfully.

If I perform a reg unload at this point everything works but if I access the registry – for instance

PS> ls hklm:

and then try and unload I get an error!

PS> reg unload HKLM\VHDSYS
ERROR: Access is denied.

One thing I found is that there is as reference to the remote hive in the variable collection

PS> ls variable:

Name                           Value
—-                           —–
$                              HKLM\VHDSYS

Empirically I’ve found that running these commands

ls env:
ls variable:

changes the value of the $ variable

You can then unload the hive

PS> reg unload HKLM\VHDSYS
The operation completed successfully.

This entry was posted in Powershell, Registry. Bookmark the permalink.

One Response to Registry oddity

  1. cavallogolooso says:

    interesting. And what about this: on WinVista 32 (localized) with powershell 2 (elevated) , I’m trying simply to perform a “ls hklm:” and I get an access denied error on the 3d line (sorry for my halting english… I’m Italian)

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s