I have created a powershell script that enables basic authentication, I needed this to allow the winrm to work when running some of our older powershell scripts.
What I need to do now is be able to call this script as a function with either a true false argument. e.g. disable or enable basic authentication.
How can I wrap this code into a function so that I can call it from other powershell scripts?
SO if I send a command to this script e.g.
basicauth($true) - it will run the script as is
basicauth($false - would disable basic authentication
I can create the alternate if else statement for when the true of false is sent to this, but not sure how I can wrap the whole script into a function.
Apologies for the novice status with powershell, it took me awhile to get this script working the way it is.
param([switch]$Elevated)
# Get variables
$registryPath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client"
$key1 = "AllowDigest"
$key2 = "AllowUnencryptedTraffic"
$key3 = "AllowBasic"
$off = "00000000"
$on = "00000001"
# enables admin privileges
function Test-Admin {
$currentUser = New-Object Security.Principal.WindowsPrincipal $([Security.Principal.WindowsIdentity]::GetCurrent())
$currentUser.IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator)
}
if ((Test-Admin) -eq $false) {
if ($elevated)
{
'tried to elevate, did not work, aborting...'
}
else {
Start-Process powershell.exe -Verb RunAs -ArgumentList ('-noprofile -file "{0}" -elevated' -f ($myinvocation.MyCommand.Definition))
}
exit
}
# checks if the registry path is available, before adding the registry key values
If (!(Test-Path $registryPath))
{
New-Item -Path $registryPath -Force | out-Null
New-ItemProperty -Path $registryPath -Name $key1 -Value $off -PropertyType DWORD -Force | Out-Null
New-ItemProperty -Path $registryPath -Name $key2 -Value $off -PropertyType DWORD -Force | Out-Null
New-ItemProperty -Path $registryPath -Name $key3 -Value $on -PropertyType DWORD -Force | Out-Null
#'registry key did not exist'
exit
}
Else
{
New-ItemProperty -Path $registryPath -Name $key1 -Value $off -PropertyType DWORD -Force | Out-Null
New-ItemProperty -Path $registryPath -Name $key2 -Value $off -PropertyType DWORD -Force | Out-Null
New-ItemProperty -Path $registryPath -Name $key3 -Value $on -PropertyType DWORD -Force | Out-Null
#'registry key exists'
exit
}
NOTE: Now I know that the Else statement should have the values as: Set-ItemProperty although if I change the code to have Set-ItemProperty the script no longer works, only way I have this working is to have it as: New-ItemProperty. Doesn't really make sense but it works.
Ideally it would be better to just update the current powershell scripts to use modern authentication, but there is 100's of them so not really a viable option for me.
Any assistance would be greatly appreciated.
If you wrap the entire function in an if statement like:
param([switch]$Elevated)
if($elevated) {
...script code here
}
Then you can call the function with that parameter like . "scriptname.ps1" -Elevated to execute what is inside the scriptblock. Instead just calling . "scriptname.ps1" without the -Elevated parameter will not do anything because you'll hit your if statement:
if ($elevated) {
and elevated doesn't exist which means nothing inside the scriptblock executes.
I don't see the purpose of doing this in your case because if you already have logic to decide whether or not to pass in true or false, why not just use that logic to decide whether or not to call the script at all? My guess is that you don't actually mean that you only want to execute the entire script if a user is 'elevated' but rather check if they can be elevated in the script and then do something else.
In that case you should take a look at Advanced PowerShell Functions. You could do something like this:
# Get variables
$registryPath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client"
$key1 = "AllowDigest"
$key2 = "AllowUnencryptedTraffic"
$key3 = "AllowBasic"
$off = "00000000"
$on = "00000001"
# enables admin privileges
function Test-Admin {
$currentUser = New-Object Security.Principal.WindowsPrincipal $([Security.Principal.WindowsIdentity]::GetCurrent())
$isAdmin = $currentUser.IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator)
return $isAdmin
}
function Do-TheRestOfTheThings {
[CmdletBinding()]
param()
Get-Process powershell.exe -Verb RunAs -ArgumentList ('-noprofile -file "{0}" -elevated' -f ($myinvocation.MyCommand.Definition))
If (!(Test-Path $registryPath)) {
New-Item -Path $registryPath -Force | out-Null
New-ItemProperty -Path $registryPath -Name $key1 -Value $off -PropertyType DWORD -Force | Out-Null
New-ItemProperty -Path $registryPath -Name $key2 -Value $off -PropertyType DWORD -Force | Out-Null
New-ItemProperty -Path $registryPath -Name $key3 -Value $on -PropertyType DWORD -Force | Out-Null
#'registry key did not exist'
exit
}
Else {
New-ItemProperty -Path $registryPath -Name $key1 -Value $off -PropertyType DWORD -Force | Out-Null
New-ItemProperty -Path $registryPath -Name $key2 -Value $off -PropertyType DWORD -Force | Out-Null
New-ItemProperty -Path $registryPath -Name $key3 -Value $on -PropertyType DWORD -Force | Out-Null
#'registry key exists'
}
}
if(Test-Admin) {
Do-TheRestOfTheThings
}
else {
'tried to elevate, did not work, aborting...'
}
Related
I made a simple PowerShell script to change the taskbar settings (Hiding the Search and Task View buttons, as well as alignment). I was able to get them to push out properly, however on first run the scripts would only partially work, the Task View button would be removed however the other ones wouldn't.
The script would work however when you would manually change the taskbar settings through the GUI, for example switching the alignment to left and then back to center, the script would then work and adjust the alignment back to the left side. I just need to find what's causing it not to run properly the first time when units are deployed.
This short script goes as follows:
Set-ExecutionPolicy bypass -Scope CurrentUser
$registryPath1 = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Search"
$registryPath2 = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced"
$registryPath3 = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced"
$name1 = "SearchboxTaskbarMode"
$name2 = "ShowTaskViewButton"
$name3 = "TaskbarAl"
$value1 = "0"
$value2 = "0"
$value3 = "0"
IF(!(Test-Path $registrypath1))
{
New-Item -Path $registryPath1 -Force | Out-Null
Set-ItemProperty -Path $registryPath1 -Name $name1 -Value $value1 `
}
ELSE {
Set-ItemProperty -Path $registryPath1 -Name $name1 -Value $value1 `
}
IF(!(Test-Path $registryPath2))
{
New-Item -Path $registryPath2 -Force | Out-Null
Set-ItemProperty -Path $registryPath2 -Name $name2 -Value $value2 `
}
ELSE {
Set-ItemProperty -Path $registryPath2 -Name $name2 -Value $value2 `
}
IF(!(Test-Path $registryPath3))
{
New-Item -Path $registryPath3 -Force | Out-Null
Set-ItemProperty -Path $registryPath3 -Name $name3 -Value $value3 `
}
ELSE {
Set-ItemProperty -Path $registryPath3 -Name $name3 -Value $value3 `
}
I have this one liner which works in PowerShell.
If (Get-ItemProperty -Path 'HKLM:\SOFTWARE\SCCM' -ErrorAction SilentlyContinue) {} Else {$RegistryPath = "HKLM:\SOFTWARE\"; $NewRegKey = "SCCM"; New-Item -Path $RegistryPath -Name $NewRegKey -Force; $NewRegKeyPath = "HKLM:\SOFTWARE\SCCM"; $KeyName = "W10_IPU_Attempts"; $Value = "0"; New-ItemProperty -Path $NewRegKeyPath -Name $KeyName -Value $Value -PropertyType DWORD -Force | Out-Null}; $i= $Value =(Get-Itemproperty 'HKLM:\SOFTWARE\SCCM').W10_IPU_Attempts; If ($i -eq $value){ $i++; Set-ItemProperty -Path 'HKLM:\SOFTWARE\SCCM' -Name W10_IPU_Attempts -Value $i } else { $i++; Set-ItemProperty -Path 'HKLM:\SOFTWARE\SCCM' -Name W10_IPU_Attempts -Value $i }
Now when I add the following and testing it I get errors in smsts.log that it's incorrect function. When running via CMD I get "The string is missing the terminator" C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -ExecutionPolicy ByPass -Command " & If (Get-ItemProperty -Path 'HKLM:\SOFTWARE\SCCM' -ErrorAction SilentlyContinue) {} Else {$RegistryPath = "HKLM:\SOFTWARE\"; $NewRegKey = "SCCM"; New-Item -Path $RegistryPath -Name $NewRegKey -Force; $NewRegKeyPath = "HKLM:\SOFTWARE\SCCM"; $KeyName = "W10_IPU_Attempts"; $Value = "0"; New-ItemProperty -Path $NewRegKeyPath -Name $KeyName -Value $Value -PropertyType DWORD -Force | Out-Null}; $i= $Value =(Get-Itemproperty 'HKLM:\SOFTWARE\SCCM').W10_IPU_Attempts; If ($i -eq $value){ $i++; Set-ItemProperty -Path 'HKLM:\SOFTWARE\SCCM' -Name W10_IPU_Attempts -Value $i } else { $i++; Set-ItemProperty -Path 'HKLM:\SOFTWARE\SCCM' -Name W10_IPU_Attempts -Value $i }"
I can't find where I am missing to complete this. Thank you in advance.
Came to realized how important it is to be consistent. I am able to fix the problem because I fixed all of my quotations. For anyone interested, this is the final script.
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -ExecutionPolicy ByPass -Command "If (Get-ItemProperty -Path 'HKLM:\SOFTWARE\SCCM' -ErrorAction SilentlyContinue) {} Else {$RegistryPath = 'HKLM:\SOFTWARE\'; $NewRegKey = 'SCCM'; New-Item -Path $RegistryPath -Name $NewRegKey -Force; $NewRegKeyPath = 'HKLM:\SOFTWARE\SCCM'; $KeyName = 'W10_IPU_Attempts'; $Value = '0'; New-ItemProperty -Path $NewRegKeyPath -Name $KeyName -Value $Value -PropertyType DWORD -Force | Out-Null}; $i= $Value =(Get-Itemproperty 'HKLM:\SOFTWARE\SCCM').W10_IPU_Attempts; If ($i -eq $value){ $i++; Set-ItemProperty -Path 'HKLM:\SOFTWARE\SCCM' -Name W10_IPU_Attempts -Value $i } else { $i++; Set-ItemProperty -Path 'HKLM:\SOFTWARE\SCCM' -Name W10_IPU_Attempts -Value $i }"
What you have is full script, not a one-liner. Why not deliver it as a well formatted script, so that these sort of things can be easily / visually caught. The moment I put you post in an editor, all the mistakes were obvious.
Example refactor:
If (Get-ItemProperty -Path 'HKLM:\SOFTWARE\SCCM' -ErrorAction SilentlyContinue)
{
# Do nothing
}
Else
{
$RegistryPath = 'HKLM:\SOFTWARE\'
$NewRegKey = 'SCCM'
New-Item -Path $RegistryPath -Name $NewRegKey -Force
$NewRegKeyPath = 'HKLM:\SOFTWARE\SCCM'
$KeyName = 'W10_IPU_Attempts'
$Value = '0'
$newItemPropertySplat = #{
Path = $NewRegKeyPath
PropertyType = 'DWORD'
Name = $KeyName
Force = $true
Value = $Value
}
New-ItemProperty #newItemPropertySplat |
Out-Null
}
$i = $Value = (Get-Itemproperty 'HKLM:\SOFTWARE\SCCM').W10_IPU_Attempts
If ($i -eq $value)
{
$i++
Set-ItemProperty -Path 'HKLM:\SOFTWARE\SCCM' -Name W10_IPU_Attempts -Value $i
}
else
{
$i++
Set-ItemProperty -Path 'HKLM:\SOFTWARE\SCCM' -Name W10_IPU_Attempts -Value $i
}
I started creating this script and I got stuck at one thing that I want to accomplish. This script runs fine. But what I really want to do is when this script is run more than once, I want to change the value to the number of times this script was use. How do I accomplish this?
$RegistryPath = "HKLM:\SOFTWARE\"
$NewRegKey = "SCCM"
$NewRegKeyPath = "HKLM:\SOFTWARE\SCCM"
$KeyName = "Attempts"
$Value = "1"
New-Item -Path $RegistryPath -Name $NewRegKey -Force
New-ItemProperty -Path $NewRegKeyPath -Name $KeyName -Value $Value -PropertyType DWORD -Force -ErrorAction SilentlyContinue | Out-Null
NEW script:
(Working)
#This is creating the SCCM Hive and add the key W10_IPU_Attempts
If (Get-ItemProperty -Path 'HKLM:\SOFTWARE\SCCM' -ErrorAction SilentlyContinue) {
} Else {
$RegistryPath = "HKLM:\SOFTWARE\"
$NewRegKey = "SCCM"
New-Item -Path $RegistryPath -Name $NewRegKey -Force
$NewRegKeyPath = "HKLM:\SOFTWARE\SCCM"
$KeyName = "W10_IPU_Attempts"
$Value = "0"
New-ItemProperty -Path $NewRegKeyPath -Name $KeyName -Value $Value -PropertyType DWORD -Force | Out-Null
}
#Set value in increment of 1 each time this script is ran!
$i=
$Value =(Get-Itemproperty 'HKLM:\SOFTWARE\SCCM').W10_IPU_Attempts
If ($i -eq $value){
$i++
Set-ItemProperty -Path 'HKLM:\SOFTWARE\SCCM' -Name W10_IPU_Attempts -Value $i
}
else {
$i++
Set-ItemProperty -Path 'HKLM:\SOFTWARE\SCCM' -Name W10_IPU_Attempts -Value $i
}
I suggest to use splatting with your bunch of parameters.
Otherwise do as suggested, (check) read current value set incremented value,
if not present, create the key
## Q:\Test\2019\05\17\SO_56190969.ps1
$RegistryPath = "HKLM:\SOFTWARE\"
$NewRegKey = "SCCM"
$NewRegKeyPath = "HKLM:\SOFTWARE\SCCM"
$KeyName = "Attempts"
if ($Value=[Int](Get-ItemPropertyValue $NewRegKeyPath -Name $KeyName -EA 0)){
Set-ItemProperty -Path $NewRegKeyPath -Name $KeyName -Value (++$Value) -Type DWord
} else {
New-Item -Path $RegistryPath -Name $NewRegKey -Force | Out-Null
$params = #{
Path = $NewRegKeyPath
Name = $KeyName
Value = 1
PropertyType= 'DWORD'
Force = $True
ErrorAction = 'SilentlyContinue'
}
New-ItemProperty #params | Out-Null
}
"Key : {0}`nKeyname: {1}`nValue : {2}" -f $NewRegKeyPath,$KeyName,
(Get-ItemPropertyValue $NewRegKeyPath -Name $KeyName)
#
Two sample runs:
> Q:\Test\2019\05\17\SO_56190969.ps1
Key : HKLM:\SOFTWARE\SCCM
Keyname: Attempts
Value : 1
> Q:\Test\2019\05\17\SO_56190969.ps1
Key : HKLM:\SOFTWARE\SCCM
Keyname: Attempts
Value : 2
I am currently creating a powershell script in which the technicians can run to help apply various registry edits to create certain PCs which have automatic logins. However, whenever I run my script the powershell has no issue when changing values with pre-existing keys, yet it will not create keys when using the "new-item" command. I was wondering whether anyone would have any idea as to why this would not create the registry key given that I receive no errors when run.
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" –Name AutoAdminLogon -Value 1
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name DefaultUserName -Value domain\TEST
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name DefaultPassword -Value TEST123
Test-Path –Path "HKLM:\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\ForceAutoLogon"
if ( -Not (Test-Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"))
{
New-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name ForceAutoLogon -Value 1
}
Test-Path is not designed for registy values. What you can do it use a Try/Catch block. You also need to Get/Set the itemPropery.
$Path = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
Try {
Get-ItemProperty -Path $Path | Select-Object -ExpandProperty ForceAutoLogon -ErrorAction Stop | Out-Null
Set-ItemProperty -Path $Path -Name ForceAutoLogon -Value 1
} Catch {
New-ItemProperty -Path $Path -Name ForceAutoLogon -Value 1
}
If the Get-ItemProperty fails the the key must not exist. Then we can create it! If Get-ItemProperty succeeds then we can ensure the value is set properly. I might be using the registry keywords wrong but let the code speak for itself.
Can some one suggest How to turn on smart screen filter for IE using power shell script?
thanks.
Here's a link to a script to turn on Windows SmartScreen. Not sure if that's the same as IE
http://gallery.technet.microsoft.com/scriptcenter/Script-to-enable-9076d20e
This worked for me!!
Function EnableDisableSmartScreen($status) {
if($status -eq 1)
{
Write-Output "Enabling SmartScreen Filter..."
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\System" -Name "EnableSmartScreen"
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter" -Name "EnabledV9"
}
else
{
Write-Output "Disabling SmartScreen Filter..."
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\System" -Name "EnableSmartScreen" -Type DWord -Value 0
If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter")) {
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter" -Force | Out-Null
}
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter" -Name "EnabledV9" -Type DWord -Value 0
}
}