I want to automate logon process for multiple devices (managed by Intune, Azure Active Directory only) that use different username/password combinations.
Is there a way somehow via Powershell script to get the user's password? I would then use those user's credentials to store registry keys:
$RegKeyPathWinLogon = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
Set-ItemProperty -Path $RegKeyPathWinLogon -Name "AutoAdminLogon" -Value "1"
Set-ItemProperty -Path $RegKeyPathWinLogon -Name "DefaultUserName" -Value "$Username"
Set-ItemProperty -Path $RegKeyPathWinLogon -Name "DefaultPassword" -Value "$Password"
Related
I trying to run a command that opens up Software Center on my machine. It works just fine if I run it in Command Prompt but not when I call it from my custom protocol handler in the registry. The main problem is that when called from the protocol handler, via a Toast button, Windows tells me I need a new app to open this.
Here is the command.
"C:\WINDOWS\CCM\ClientUX\SCClient.exe" softwarecenter:Page=Applications FilterType=0 SortType=6 View=Upcoming
Here is how I am setting up the protocol handler in registry
New-item 'HKLM:\SOFTWARE\ToastSoftwareCenter' -force
Set-itemproperty 'HKLM:\SOFTWARE\ToastSoftwareCenter' -name '(DEFAULT)' -value 'url:ToastSoftwareCenter' -force
Set-itemproperty 'HKLM:\SOFTWARE\ToastSoftwareCenter' -name 'URL Protocol' -value '' -force
New-itemproperty -path 'HKLM:\SOFTWARE\ToastSoftwareCenter' -propertytype dword -name 'EditFlags' -value 2162688
New-item 'HKLM:\SOFTWARE\ToastSoftwareCenter\Shell\Open\command' -force
Set-itemproperty 'HKLM:\SOFTWARE\ToastSoftwareCenter\Shell\Open\command' -name '(DEFAULT)' -value '"C:\WINDOWS\CCM\ClientUX\SCClient.exe" softwarecenter:Page=InstallationStatus FilterType=0 SortType=6 View=Upcoming' -force
I have tried appending these other commands on the end of the command to associate it as an exe so it wont ask anymore, but to no avail.
ftype exefile="%1" %*
assoc .exe=exefile\
The commands work when running them from a command prompt but not from the protocol handler. Am I setting it up wrong?
Thank You.
You're creating the protocol in the wrong location. It needs to be created under HKEY_CLASSES_ROOT
You also need to create the PSDrive in order to easily access that location within PowerShell.
New-PSDrive -PSProvider Registry -Root HKEY_CLASSES_ROOT -Name HKCR
New-Item 'HKCR:\ToastSoftwareCenter' -Force
Registering the Application Handling the Custom URI Scheme
Windows 10 allows you to configure Settings > Start > Use Start full screen, I'm trying to find a way to configure this through powershell/dsc scripting/automation. I was able to find the MDM and GPO documentation (https://learn.microsoft.com/en-us/windows/configuration/windows-10-start-layout-options-and-policies) but this does not appear to apply to desktop Windows 10 Pro - powershell has no commands/cmdlets with GP* nouns.
The scripts below, inspired by the .bat-files in this article adjust the local policies and should probably work. I have tested on 10.0.16299.431 (Enterprise).
Based on the article (Created by Shawn Brink, January 24th 2015):
To force fullscreen:
$forceStartSizePath = "\Software\Policies\Microsoft\Windows\Explorer"
New-ItemProperty -Path "HKCU:$forceStartSizePath" -Name "ForceStartSize" -Value 2 -Force
New-ItemProperty -Path "HKLM:$forceStartSizePath" -Name "ForceStartSize" -Value 2 -Force
Stop-Process -name explorer
To force normal mode:
$forceStartSizePath = "\Software\Policies\Microsoft\Windows\Explorer"
New-ItemProperty -Path "HKCU:$forceStartSizePath" -Name "ForceStartSize" -Value 1 -Force
New-ItemProperty -Path "HKLM:$forceStartSizePath" -Name "ForceStartSize" -Value 1 -Force
Stop-Process -name explorer
To reset to default:
$forceStartSizePath = "\Software\Policies\Microsoft\Windows\Explorer"
Remove-ItemProperty -Path "HKCU:$forceStartSizePath" -Name "ForceStartSize"
Remove-ItemProperty -Path "HKLM:$forceStartSizePath" -Name "ForceStartSize"
Stop-Process -name explorer
Note: The last line (making explorer restart) may not desirable, but it will make sure the settings are picked up instantly. Your screen will flicker (if running local) as explorer is restarted.
Also; if parts of the registry-path is missing, you will get an error message. Use Test-Pathand New-Item to check for and create the missing part of the path.
I'd like to overwrite an existing registry key in HKCU for all users on this device with Desired State Configuration.
I already found, that I could use the users credentials(Configuring HKEY_CURRENT_USER with DSC Resource actually updates HKEY_USERS\.DEFAULT), but I do not have them.
Any ideas?
Technically if your administrator on the Box you can still do this,
Load their Registery Hive and Change a Key.
$Username = "TestUser"
reg load hku\$Username C:\Users\$Username\NTUSER.DAT
New-PSDrive -Name $Username -PSProvider Registry -Root HKU\$Username
Set-Location "$($Username):\Control Panel\desktop\colors"
Get-ItemProperty -Path. -Name ActiveBorder
Set-ItemProperty -Path. -Name ActiveBorder -Value "218 208 200"
Get-ItemProperty -Path. -Name ActiveBorder
Remove-PSDrive -Name $Username -Force
I am currently using the below PowerShell script to update an autologon value in the registry, it also checks that if the value isn't there that it is created.
Rather than opening up the script, changing the defaultpassword value in there and then running the script I'd like to be able to run the script in PowerShell and for it to prompt for the user to enter the value that is going to update.
I am new to parameters within PowerShell and can't say I'm 100% sure that is the solution.
Can anyone help? it's the 'passwordvalue' I'm looking to have inputed from a prompt and to be subsequently replaced in the script before the script runs. Let me know if I'm not being clear!
$RegKey = “HKLM:\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON”
if (-Not(Test-Path “$RegKey”)) {
New-Item -Path “$($RegKey.TrimEnd($RegKey.Split(‘\’)[-1]))” -Name “$($RegKey.Split(‘\’)[-1])” -Force | Out-Null
}
Set-ItemProperty -Path “$RegKey” -Name “DefaultPassword” -Type String -Value “passwordvalue”
Just use the Read-Host cmdlet:
# ....
Set-ItemProperty -Path "$RegKey" -Name "DefaultPassword" -Type String -Value (Read-Host -Prompt 'Enter the password')
We are currently leveraging a VNet at Azure that is configured to force all traffic over our site-to-site connection to on-premise networks and then out through our corporate firewall. All HTTP/HTTPS traffic is proxied.
This is causing significant issue in that newly-provisioned VMs can not see the outside world to access necessary configuration items like Azure Extensions or even no-proxied internal IPs.
To date, I've created a perverse work-around via PowerShell where I provision the VM, bootstrap it with Chef which overrides the proxy settings in order to get to the Chef server which then configures the proxies.
But, until the user fires up Internet Explorer, it does not set the proxies so that they can be used in PowerShell. Specifically, before IE is fired up, [System.Net.GlobalProxySelection]::Select is empty. Once IE has been started, it is populated.
I also tried preconfiguring an image and sysprep'ing it, but sysprep wipes the proxy settings.
As a final step, I created a PowerShell script which I thought would set the proxies. I was going to use this script via Azure Script Extension (assuming it is on the VM by default), but I can't get it to give me the desired results.
So, my question is, how do I make a Windows 2012 R2 (and Windows 2008 R2) newly provisioned VM proxy aware so that other processes in the provisioning sequence will work (i.e., extensions like the Chef extension)?
Here is the script I created (that doesn't perform as expected):
# See: http://www.geoffchappell.com/notes/windows/ie/firstrun.htm
$regKey = 'HKCU:\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings'
$proxyServerToDefine = 'http://<PROXY URI>:<PORT>'
Set-ItemProperty -path $regKey ProxyEnable -value 1
Set-ItemProperty -path $regKey ProxyServer -value $proxyServerToDefine
Set-ItemProperty -path $regKey ProxyOverride -value '137.185.235.196;137.185.235.199'
New-Item -Path 'HKLM:\\Software\\Policies\\Microsoft\\Internet Explorer' -Name 'Main' -Force # Does not exist by default
Set-ItemProperty -Path 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Main' -Name DisableFirstRunCustomize -Value 1
(New-Object System.Net.WebClient).Proxy.Credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials
The trick here was assigning both the HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings AND system account's Internet Settings.
Suggestion: Set your proxy and overrides up once, confirm that it works and then grab the registry values to use in your script.
Here's the list of values I set to make the Users and the System accounts proxy aware:
$userReg = 'HKCU:\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings'
Set-ItemProperty -path $userKey ProxyEnable -value 1
Set-ItemProperty -path $userKey ProxyServer -value ''
Set-ItemProperty -path $userKey ProxyOverride -value ''
$sysReg = 'HKU:\\S-1-5-18\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings'
Set-ItemProperty -path $sysReg ProxyEnable -value 1
Set-ItemProperty -path $sysReg ProxyServer -value ''
Set-ItemProperty -path $sysReg ProxyOverride -value ''
$sysRegCon = 'HKU:\\S-1-5-18\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\Connections'
$DefaultConnectionSettings = ([byte[](0x46,0x00,...))
$SavedLegacySettings = ([byte[](0x46,0x00,...))
Set-ItemProperty -path $sysRegCon DefaultConnectionSettings -value $DefaultConnectionSettings
Set-ItemProperty -path $sysRegCon SavedLegacySettings -value $SavedLegacySettings
Hope this helps someone else more rapidly down the path...