Good day and welcome to the first of hopefully many blog posts whereby I mention some of the issues I run into while trying to gather experience regarding the world of IT and share solutions or workarounds I find as I go. One of the earlier things I ran against (Mostly while performing remote background tasks) is changing current user registry's. The problem is that either the specific user/customer accounts on the servers/workstations don't have enough rights to change a registry or that remote software uses an administrator or SYSTEM account on which it has no use to change the current user registry. Therefor this Powershell script ended up saving me a few times. This can be used from either an Administrator account on the device itself or remotely using any RMM/MSP software. To explain what happens. In the registry all the current user registries are available, but they are stored under the SID's. The script itself loads in all the SID's one by one and makes the change/addition we want on every single SID it loads it. For better understanding.. it loops through loading SID's one by one, executes the registry change/addition command and then does it again and again until it has done that for all SID's. (So keep in mind, it changes the registry for ALL users that use that specific device) For each SID it loads in, it uses a simple normal Set-ItemProperty command. As it's a very common command, it is the most stable option. Just to make it slightly easier to be able to execute it multiple times in a row if needed, I threw it all into a custom function which in this case I named Set-RegAllUser. (You can either let the RMM/MSP software fill in the variable or simply copy/past the variable and the scriptexecution line multiple times (changing the variable for each change) to change multiple registries in 1 script/run) The script itself looks a lot more daunting than it actually is. The tough part was the loading in of the SID's, to be specific, the loading in of only users which ended up being the interesting part that matches the name with a very specific string of numbers and alphabetic letters just to make sure that it does not load in anything except the users which ended up looking like where { $_.Name -match 'S-\\d-\\d+-(\\d+-){1,14}\\d+$'. It looks like alien math but the moment you realize \\d means any decimal you can see that it is simply trying to create one of the SID's as seen in the registry. The looping through them and changing the registries were the easier part after that. Now onto the part where the fun starts. The variable. $Above = "Yes" This is a dangerous one but I had to add it. Basically you sometimes have a value you want to put in, however the key above it does not exist yet. By setting this to No, it takes the path you put in, takes the key name you mentioned at the end of the path and tries to create that. The danger is that when the key already exists, it deletes the existing key and replaces it with a new one (aka, fully empty) before placing in a value. While useful, this has to be used carefully. $Valuename1 = "XXXX" $RegistryType1 = "XXXX" $Value1 = "XXXX" $Path1 = "XXXX" Above values are straightforward but to make it fully clear, hereby an example. For example.. The current user registry has a value (reg_dword to be precise) called usage stats which has data "0" and is located under \\HKEY_CURRENT_USER\\Software\\Chromium Now it is time to fill in the variables: $Valuename1 = "usagestats" <- Simple, just the valuename $RegistryType1 = "Dword" <- The type (choices here are: Dword, String, Binary, Expandstring, Multistring) $Value1 = "0" <- Simply the value $Path1 = "\\Software\\Chromium" <- Path minus the current user part So far it has worked fine on all versions of Windows 10 I have used it on so far (up to 1903 as of writing this article). Both locally used as well as using RMM software. See below for the full code! Hopefully it can help some people further their usage of powershell and save them some time! Be sure to mention any issues or successes! - Powershellder Categories: Script, Powershell, Windows, Registry, Current User, User
0 Comments
Leave a Reply. |
AuthorPatrick Berger AKA Powershellder. Categories
All
Archives
December 2020
|
[ i ] Parallax section below. Click on the section below to upload image. Don't worry if it looks weird in the Weebly editor. It'll look normal on your published site.
To edit or delete your image, press the "toggle" button below. Then, hover over your image until a popup appears with the "edit" and "delete" options. If you don't want a white content section, leave it blank. It will disappear on your live website.
