Deleting Registry Keys RRS feed

  • Question

  • I have a server running Windows Server 2016, where I have folks who RDP into the server.  Over time the following key will get bloated with invalid keys, which are easy to identify because the key "Port Description" will have the value of "Inactive TS Port".

    I'm looking for help in writing a PowerShell script I can run daily\weekly or as needed to delete these entries.  They Registry key is:


    The script would need to delete any key (i.e. #TS402) where the subkey (Device Parameters\Port Description) has a value of "Inactive TS Port"

    Here's an example of the bloated registry:

    • Edited by bakerkr94 Friday, September 27, 2019 12:38 PM typo
    Friday, September 27, 2019 12:27 PM

All replies

  • do you already have something we can look at?

    just saying:

    Please remember to mark the replies as answers if they helped.

    Friday, September 27, 2019 12:55 PM
  • I have little experience with Powershell, but this is as far as I've got with my research on the web:

    $RegKey = 'HKLM:\SYSTEM\CurrentControlSet\Control\DeviceClasses\{28d78fad-5a12-11d1-ae5b-0000f803a8c2}\##?#ROOT#RDPBUS#0000#{28d78fad-5a12-11d1-ae5b-0000f803a8c2}\*\Device Parameters\' 
    $val  = Get-ItemPropertyValue -Path $RegKey -Name 'Port Description'

    Friday, September 27, 2019 1:19 PM
  • This will get al keys that match the criteria:

    $RegKey = 'HKLM:\SYSTEM\CurrentControlSet\Control\DeviceClasses\{28d78fad-5a12-11d1-ae5b-0000f803a8c2}'
    Get-ChildItem "$RegKey\#ts*" -Recurse | 
    	Where{$_.GetValue('Port Description') -eq 'Inactive TS Port'}


    Friday, September 27, 2019 1:48 PM
  • jrv -

    I changed your code to put into a var called $val, but the $val is empty when I run it.  Here's what I did:

    $RegKey = 'HKLM:\SYSTEM\CurrentControlSet\Control\DeviceClasses\{28d78fad-5a12-11d1-ae5b-0000f803a8c2}'
    $val = Get-ChildItem "$RegKey\#ts*" -Recurse | Where{$_.GetValue('Port Description') -eq 'Inactive TS Port'}

    The below code does give me the items, but not quite sure how to delete them vice just showing them:

    $RegKey = 'HKLM:\SYSTEM\CurrentControlSet\Control\DeviceClasses\{28d78fad-5a12-11d1-ae5b-0000f803a8c2}\##?#ROOT#RDPBUS#0000#{28d78fad-5a12-11d1-ae5b-0000f803a8c2}\*\Device Parameters\' 
    $val = Get-ItemPropertyValue -Path $RegKey -Name 'Port Description' | Where-Object {$_ -eq 'Inactive TS Port'}
    The value of $val is just "Inactive TS Port" x the number of matches.  So this is doing what I need, except I need to delete the entire #TSXXX key

    Friday, September 27, 2019 2:39 PM
  • Works fine for me.


    Friday, September 27, 2019 3:04 PM
  • Is there a place where I can pay someone to develop this script for me?  I've got parts and pieces here just not sure how to bring it all together.  It seems Powershell could do what I need, but again I have limited knowledge with powershell.



    Friday, September 27, 2019 4:43 PM
  • In most areas there are consultants. Look in your local newspapers and do a web search. Ask other businesses like yours if they know of consultants. It won't be cheap.

    I will say that I can do the exact code I posted and return 60+ keys and then remove them with one line. If you cannot retrieve those keys then be sure you are running elevated on the RDS server and that the original code actually returns keys that have that property value.

    I tested on an old 2008r2 box that is being decommissioned,  @012/16 might have more security resrtictions or might have a different key layout. Be sure you can directly address a key by path.

    $key = $regkey + '\#TS002'
    Get-ItemChildItem $key -Recurse

    Be sure to choose a key that has the needed value.


    Friday, September 27, 2019 5:01 PM