Search code examples
windowspowershellregistrycredentials

Credentials while trying to add an Uninstall registry path in Windows 10 with Powershell

I'm trying to add a path into the Add/Remove section of the registry with PowerShell, but getting an error with authentication. If I use credentials, it tells me not to. If I don't, I get permission denied.

The account is local, not connected to an AD domain.

I have the following script:

$cred = Get-Credential
write-host "DEBUG: Without credentials"
New-Item HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Test_App -Force
write-host "DEBUG: With -Credential"
New-Item HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Test_App -Force -Credential $cred

It produces the following errors on Windows 10:

Supply values for the following parameters:
Credential
DEBUG: Without credentials
New-Item : Access to the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Test_App' is denied.
At Z:\test.ps1:4 char:1
+ New-Item HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Te ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : PermissionDenied: (HKEY_LOCAL_MACH...nstall\Test_App:String) [New-Item], UnauthorizedAccessException
+ FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.NewItemcommand

DEBUG: With -Credential
The provider does not support the use of credentials. Perform the operation again without specifying credentials.
At Z:\test.ps1:7 char:1
+ New-Item HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Te ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : NotImplemented: (:) [], PSNotSupportedException
+ FullyQualifiedErrorId : NotSupported

Suggestions which are portable across Windows Vista through Windows 10 most appreciated :)

Solution

  • The exception is happening because your powershell instance is not running with elevated privileges.

    Thus: run powershell as administrator or, if you're using a debugger such as Powershell ISE or PowerGui while writing your script; run that as administrator.

    If you simply want to run your existing script and have it elevate itself to administrative level you can modify your script as follows:

    #this line added to the beginning of the script.
if (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) { Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`"" -Verb RunAs; exit }

#your original command
write-host "DEBUG: Without credentials"
New-Item HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Test_App -Force

    A relevant SO question; discussing the topic of self elevating scripts can be found here.

    Note: the sample snippet tested on.

    Windows 10

    Powershell 5.0.10586.122