I am trying to clean out old Firefox registry entries that are causing our vulnerability scanner to freak out.
The script I am using is:
New-PSDrive HKU Registry HKEY_USERS
Get-ItemProperty -Path "HKU:\*\Software\Mozilla\Mozilla Firefox*" |
Select-Object -ExpandProperty PSPath |
ForEach-Object {Remove-PsPath -Path $_ -WhatIf}
but it fails. I know my issue is in the last section: ForEach-Object {Remove-PsPath -Path $_ -WhatIf} as I can run the other part of the script and get my expected data returns.
The Keys in the registry I want to remove are located in the HKU\%%%randoms SID%%%\Software\Mozilla path. They are:
HKU\%%%randoms SID%%%\Software\Mozilla\Mozilla Firefox
HKU\%%%randoms SID%%%\Software\Mozilla\Mozilla Firefox ESR
I want the script to remove the entire key and all the subkeys. What am I doing wrong in my script?
Remove-PsPath doesn't exist, as far as I can tell. But it all can be reduced to this:
New-PSDrive HKU Registry HKEY_USERS
Remove-Item "HKU:\*\Software\Mozilla\*Firefox*" -Recurse -WhatIf
And of course, remove -WhatIf once you're sure you want to run it.
Also note that I've added an extra wildcard before Firefox because I noticed on my test machine that registry key was simply called Firefox and not Mozilla Firefox. This'll still target your original registry keys.
Related
Good morning,
Hopefully this will be a quick and easy one to answer.
I am trying to run a PS script and have it export to csv based on a list of IP addresses from a text file. At the moment, it will run but only produce one csv.
Code Revision 1
$computers = get-content "pathway.txt"
$source = "\\$computer\c$"
foreach ($computer in $computers) {
Get-ChildItem -Path "\\$Source\c$" -Recurse -Force -ErrorAction SilentlyContinue |
Select-Object Name,Extension,FullName,CreationTime,LastAccessTime,LastWriteTime,Length |
Export-CSV -Path "C:\path\$computer.csv" -NoTypeInformation
}
Edit
The script is now creating the individual server files as needed and I did change the source .txt file to list the servers by HostName rather than IP. The issue now is that no data is populating in the .csv files. It will create them but nothing populates. I have tried different source file paths to see if maybe its due to folder permissions or just empty but nothing seems to populate in the files.
The $computer file lists a number of server IP addresses so the script should run against each IP and then write out to a separate csv file with the results, naming the csv file the individual IP address accordingly.
Does anyone see any errors in the script that I provided, that would prevent it from writing out to a separate csv with each run? I feel like it has something to do with the foreach loop but I cannot seem to isolate where I am going wrong.
Also, I cannot use any third-party software as this is a closed network with very strict FW rules so I am left with powershell (which is okay). And yes this will be a very long run for each of the servers but I am okay with that.
Edit
I did forget to mention that when I run the script, I get an error indicating that the export-csv path is too long which doesn't make any sense unless it is trying to write all of the IP addresses to a single name.
"Export-CSV : The specified path, file name, or both are too long. The fully qualified file name must be less than 260 characters, and the directory name must be less than 248 characters.
At line:14 char:1
TIA
Running the script against C: Drive of each computer is strongly not advisable that too with Recurse option. But for your understanding, this is how you should pass the values to the variables. I haven't tested this code.
$computer = get-content "pathway.txt"
foreach ($Source in $computer) {
Get-ChildItem -Path "\\$Source\c$" -Recurse -Force -ErrorAction SilentlyContinue |
Select-Object Name,Extension,FullName,CreationTime,LastAccessTime,LastWriteTime,Length | Export-Csv -Path "C:\Path\$source.csv" -NoTypeInformation
}
$computer will hold the whole content and foreach will loop the content and $source will get one IP at a time. I also suggest instead of IP's you can have hostname so that your output file have servername.csv for each server.
In hopes that this helps someone else. I have finally got the script to run and create the individual .csv files for each server hostname.
$servers = Get-Content "path"
Foreach ($server in $servers)
{
Get-ChildItem -Path "\\$server\c$" -Recurse -Force -ErrorAction SilentlyContinue |
Select-Object Name,Extension,FullName,CreationTime,LastAccessTime,LastWriteTime,Length |
Export-CSV -Path "path\$server.csv" -NoTypeInformation
}
We recently started using PDQ inventory and Deploy. We have some user endpoints that have corrupted agents from a different program. The fix for this corruption includes finding and deleting a registry key pertaining to that file. I am able to use both CMD and PowerShell in PDQ as steps to automate this process. I'm kind of at a loss since the registry value is different per asset.
How can I automate the function of finding the registry key and then deleting the registry key it finds?
So far I've tied the following command to a variable:
$RegKey = Get-ChildItem -Path HKLM:\SOFTWARE\Classes\Installer\Products -Recurse |
ForEach-Object { Get-ItemProperty $_.PSPath } |
Where-Object { $_ -like "*Rapid7 Insight Agent*" } |
Select-Object PSPath
Similarly, in CMD the manual commands are:
reg query HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\ /f "Rapid7 Insight Agent" /s
Reg Delete (with the value the previous reg query posts back)
Every provider that supports the Get-ChildItem cmdlet, also supports the Remove-Item cmdlet:
Get-ChildItem "HKLM:\SOFTWARE\Classes\Installer\Products" -Recurse |
Where-Object { $_.PSChildName -like "*Rapid7 Insight Agent*" } |
Remove-Item -Recurse
i need some help, i want to create a powershell script that searches the registry for just the key RebootRequired, no value or data search is needed.
with a IF find create a txt file named RebootRequired.txt in folder C:\Candi\
is that even possible?
been trying out some scripting, but i can barley make the script to find the key if it present within the registry.
You could retrieve all keys with Get-ChildItem -Recurse and then filter on key names with Where-Object.
The Registry provider is a little different from the FileSystem provider, in that the Name property of each item is the entire key path (ie. HKEY_LOCAL_MACHINE\Software\Microsoft instead of just Microsoft). You can use PSChildName to refer to the leaf name:
if(#(Get-ChildItem HKLM: -Recurse |Where-Object {$_.PSChildName -eq 'RebootRequired'}))
{
# Something was returned! Create the file
New-Item C:\Candi\RebootRequired.txt -ItemType File
}
You can suppress error messages from inaccessible keys with the -ErrorAction SilentlyContinue parameter argument with Get-ChildItem
I've searched numerous MSDN/Technet and StackOverflow articles regarding this but I can't find a solution to my problem.
SO references below.
I am trying to run a script on my server that simply counts the files in a folder on a network location.
I can get it working if it's a local folder, and I can get it working when I map the network drive. However I can't use a network drive because I'll be running this script from a web interface that doesn't have a user account (local drives work fine).
My script is:
$Files = Get-ChildItem \\storage\folder -File
$Files.count
I get the error:
Get-ChildItem : Cannot find path '\\storage\folder' because it does not exist.
[0]open folder from Network with Powershell
[1]File counting with Powershell commands
[2]Count items in a folder with PowerShell
[3]Powershell - remote folder availability while counting files
Two things that I can think of,
One would be to add -path to your get-childitem call. I tested this on my Powershell and it works fine.
$files = get-childitem -path C:\temp
$files.count
This returns the number of files in that path.
However I am testing this on a local file. If you are sure it is the remote access part giving you trouble I would suggest trying to set credentials. Besides the get-credentials option, you could also try setting them yourself.
$Credentials = New-Object System.Management.Automation.PsCredential("Username", "password")
Then perhaps you can set the drive and still be able to access your files. Hope that helps.
Try this:
set-location \\\storage\folder\
dir -recurse | where-object{ $_.PSIsContainer } | ForEach{ Write-Host $_.FullName (dir $_.FullName | Measure-Object).Count }
This will count the number of files in each sub-folder (recurse) and display the full path and count in the output.
I am trying to use Powershell's Copy-Item commandlet with the -Recurse and -Force parameters to copy settings from one registry key and overwrite the same settings (if they exist) in another key. If I were using this same command on a file system, then any folders that exist in source and target would be overwritten in the target.
When using this command on the registry, however, if there are keys in the target that exist, the source key is copied as a subkey. Example:
Starting state:
HKCU:Software\OldVendor\Program
HKCU:Software\OldVendor\Program\Setting1
HKCU:Software\OldVendor\Program\Setting2
HKCU:Software\NewVendor\Program
HKCU:Software\NewVendor\Program\Setting1
HKCU:Software\NewVendor\Program\Setting2
Now if I run this command:
Copy-Item -Path "HKCU:Software\OldVendor\Program" -Destination "HKCU:Software\NewVendor" -Recuse -Force
I expect the same structure to be maintained. In fact, the structure under NewVendor looks like this:
HKCU:Software\NewVendor\Program
HKCU:Software\NewVendor\Program\Setting1
HKCU:Software\NewVendor\Program\Setting1\Setting1
HKCU:Software\NewVendor\Program\Setting2
HKCU:Software\NewVendor\Program\Setting2\Setting2
Can anyone tell me how to get Powershell to overwrite existing registry keys, instead of copying to subkeys?
It seems to me you want to copy items and their values, those are properties, not keys. You can list them as follows:
get-itemproperty "HKCU:Software\NewVendor\Program"
or u can use alias and omit quotes:
gp HKCU:Software\NewVendor\Program
Another, better way, which doesn't view powershell specific properties:
Get-Item HKLM:\SOFTWARE\NewVendor\Program | select -ExpandProperty Property
So, if u want to copy all the properties from one key to another:
Get-Item HKLM:\SOFTWARE\Program | select -ExpandProperty Property | % {Copy-ItemProperty -Path HKLM:\SOFTWARE\Program -Destination HKLM:\SOFTWARE\AnotherProgram -Name $_ -Verbose}
You have to use foreach loop, beacuse Copy-ItemProperty cmdlet can copy only one property been specified.