Powershell - Find hive with Specific Name and then add key - powershell

I'm currently trying to code a something in powershell that will look for a registry hive with the name "c02ebc5353d9cd11975200aa004ae40e" and then add a Binary key in for each instance that has a hive with that name.
I currently have the below code that will add in the code for one example I have manually found.
$path = "HKCU:\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Name Of Outlook Profile\c02ebc5353d9cd11975200aa004ae40e"
New-ItemProperty -Path $path -Name 00030354 -PropertyType Binary -Value ([byte[]](0x00,0x00,0x00,0x00)) -Force
and I have this bit of code that will search through the HKCU:
$listhkcu = get-childItem "HKCU:\" -recurse
Any ideas on how I would add this binary key in for each instance of a hive with this name?
Any ideas or help is greatly appreciated.


Try something like...
[byte[]]$stuff = $(0x30, 0x02, 0x08, 0xAF)
$path = 'HKCU:\Environment'
New-ItemProperty -Path $path -Name 'thing' -Value $stuff -PropertyType Binary
You want to see the value you just created?
Get-ItemProperty -Path $path -Name 'thing'
Now in RegEdit...
Check your search after the create.

Related

How to use New-Item with $Version to create a text file

I have pulled some information from the registry using Get-ItemPropertyValue and would like to use this to create a text file with that value.
$Version = (Get-ItemPropertyValue -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name 'DisplayVersion')
Example output - 21H1
Trying to use New-Item with $Version output to create a text file, 21H1.txt

Use your variable in an expandable string, and pass the resulting string value to New-Item's -Name parameter
New-Item -Name "${Version}.txt"

Set a value for a DWORD32 value in the registry only if it already exists | PowerShell

I want to set a value for DWORD32 value in the registry only if it already exists.
This is my code:
Set-ItemProperty -Path $mypath -Name $myname -Value 0
The problem with this code is in the Set-ItemProperty class; It creates the DWORD32 value even if it doesn't exist, and I want to change its value only if it exists.
Any solutions?

Check if Get-ItemPropertyValue returns any success output while ignoring any errors (in PSv4-, use Get-ItemProperty):
if ($null -ne (Get-ItemPropertyValue -ErrorAction Ignore -LiteralPath $mypath -Name $myname)) {
Set-ItemProperty -LiteralPath $mypath -Name $myname -Value 0
}
Note:
The above just tests whether the registry value exists - it doesn't check its data type. For the latter, you could use (the value returned by Microsoft.Win32.RegistryKey.GetValueKind() is of type Microsoft.Win32.RegistryValueKind):
(Get-Item -LiteralPath $path).GetValueKind($myName) -eq 'Dword'
Note that use of Test-Path is not an option in this case, because it can only test for provider items (which map to registry keys), not also their properties (which map to registry values).

Creating Key in regedit with "/"in the name

Hi i'm just wondering im currently creating folder on my registry this is my code
function AddMachineRegistry{
param(
[string] $registryPath = $(throw "registryPath is a required parameter"),
[string] $name = $(throw "name is a required parameter"),
[int] $value = $(throw "value is a required parameter")
)
IF(!(Test-Path $registryPath))
{
New-Item -Path $registryPath -ItemType Key -Force | Out-Null
}
New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType DWORD -force | Out-Null
}
and tried to used it like this
AddMachineRegistry "HKLM:\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128\" "Enabled" 0
basically im trying to create a key with the name of "RC4 40/128" but when i execute it it creates "RC4 40" folder and under that it creates "128"
im just wondering is it possible to create that? since im currently using "New-Item" and just giving it a path. i want my folder to named "RC4 40/128"

The easiest way will be invoking & REG ADD (basically, using CMD for the task) since PowerShell wants to interpret the forward slash as a delimiter. I just had a problem at work recently where I ran into this problem and could not find any solutions beyond that one.
A small tip: | Out-Null is a very slow operation and if you plan on calling anything with it to scale, I'd recommend using $Null = or [Void]( ... )

Normaly you must use:
New-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\" -Name "RC4 40/128" -PropertyType DWORD -Value 0
In this case it will we be:
AddMachineRegistry "HKLM:\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\" "RC4 40/128" 0
There is no need to backslashes the "/". Alternative: you can put path in ' ' instead " ". Commands in ' ' change special characters to normal chars.

Append an array using powershell

I have an array with 3 elements(feature) in my code. Currently i have declared them as $feature = "System","Battery","Signal","Current";
But in future there can be more features. So I thought of giving an option in my code to add new feature(implemented as GUI) and using $feature.Add("$new_feature") command.
This works perfectly for that particular run of the script. But when i run the script again, this new added feature is not appearing. How can i solve this issue, so that when ever new feature is added, then it will remain in the script for ever?
Is this possible?

The simplest approach would be to store the array data in a file:
# read array from file
$feature = #(Get-Content 'features.txt')
# write array back to file
$feature | Set-Content 'features.txt'
You can use $PSScriptRoot to get the location of the script file (so you can store the data file in the same folder). Prior to PowerShell v3 use the following command to determine the folder containing the script:
$PSScriptRoot = Split-Path $MyInvocation.MyCommand.Path -Parent
Another option is to store the data in the registry (easier to locate the data, but a little more complex to handle):
$key = 'HKCU:\some\key'
$name = 'features'
# read array from registry
$feature = #(Get-ItemProperty -Path $key -Name $name -EA SilentlyContinue | Select-Object -Expand $name)
# create registry value if it didn't exist before
if (-not $?) {
New-ItemProperty -Path $key -Name $name -Type MultiString -Value #()
}
# write array back to registry
Set-ItemProperty -Path $key -Name $name -Value $feature

How to set a binary registry value (REG_BINARY) with PowerShell?

How to set a binary registry value (REG_BINARY) with PowerShell?
Background:
I need to change some properties of the ASP.NET State service using a PowerShell script. Unfortunately, the built-in PowerShell cmdlet Set-Service only lets you modify the service description, startup type, display name, and status. I need to modify the Subsequent failures property found on the Recovery tab (when viewing the service's properties). I found that this value was stored in the registry as a REG_BINARY value.
An export of the value looks like this:
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\aspnet_state]
"FailureActions"=hex:50,33,01,00,00,00,00,00,00,00,00,00,03,00,00,00,0e,00,00,\
00,01,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00
In Powershell there is a Set-ItemProperty cmdlet with which you can set registry value values. For a string or dword value, you can just pass a string or an int. I know which hex value in the array to change, but I can't figure out how to set a binary value.

The following line gives you an example how to create one
New-ItemProperty -Path . -Name Test -PropertyType Binary -Value ([byte[]](0x30,0x31,0xFF))
and how to change an existing one:
Set-ItemProperty -Path . -Name Test -Value ([byte[]](0x33,0x32,0xFF))

Is it just me who feels this misses the main part of this question?
How would you go about changing the original:
50,33,01,00,00,00,00,00,00,00,00,00,03,00,00,00,0e,00,00,\
00,01,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00
Into a format like:
([byte[]](0x33,0x32,0xFF))
EDIT: After trying to get this working it turns out you just prefix all of the pairs with '0x'. Not sure why that was not mentioned in the answer. So just change the above to:
0x50,0x33,0x01,0x00,0x00,0x00,0x00,0x00... etc.
Then wrap that in the following:
([byte[]](0x50,0x33,0x01,0x00,0x00,0x00,0x00,0x00... etc.))

This post has helped me out with similar problem. Thanks!
Bringing xBr0k3n and Howard's answers together:
#Change these three to match up to the extracted registry data and run as Admin
$YourInput = "50,33,01,00,00,00,00,00,00,00,00,00,03,00,00,00,0e,00,00,00,01,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00"
$RegPath = 'HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\aspnet_state'
$AttrName = "FailureActions"
$hexified = $YourInput.Split(',') | % { "0x$_"}
New-ItemProperty -Path $RegPath -Name $AttrName -PropertyType Binary -Value ([byte[]]$hexified)

Resurrecting this.
Here's how you can modify registry item binary values concisely in easy-to-follow powershell. In this example DefaultConnectionSettings is the registry item with a REG_BINARY value that we're trying to modify.
$path = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections"
$objName = "DefaultConnectionSettings"
$getObj = Get-ItemProperty -path $path -name $objName
$getObj.DefaultConnectionSettings[8] = 1
$objValue = $getObj.DefaultConnectionSettings
Set-ItemProperty -path $path -name $objName -Value $objValue
When you use Get-ItemProperty for a registry item with a REG_BINARY value, it gives you a number of child objects in a collection.
By referencing the name of the item (in this case we do getObj.DefaultConnectionSettings) as a child object of getObj, we get an array of values, where each binary value (i.e 50,33,01,00,00,00,00,00,04) has its own position in the array.
Because it is an array we can reference, modify, and iterate through it easily by doing $getObj.DefaultConnectionSettings[8] = 1 or whatever number you want in place of 8. The 8 refers to the position of the value in the array. In the example of 50,33,01,00,00,00,00,00,04 the 9th position is 04. Remember that, like other things, arrays start counting at 0.
Setting it = 1 will change that 04 value in the binary to 01 while leaving the rest of the values unchanged in the array.
Finally, we set the change in place with Set-ItemProperty -path $path -name $objName -Value $objValue
Hope this helps others.

FYI, you can also set binary values with the PSRemoteRegistry PowerShell module (
http://psremoteregistry.codeplex.com/), on local or remote computers.
$Key = 'SOFTWARE\MyCompany'
Set-RegBinary -Hive LocalMachine -ComputerName Server1 -Key $Key -Value RegBinary -Data #([char[]]'PowerShell')

Let's start with an integer:
$int = 0xffffffff
Get the bytes:
$bytes = [bitconverter]::GetBytes($int)
Using set-itemproperty with the little knows '-type' parameter that can be used with registry paths:
Set-ItemProperty hkcu:\key1 bin1 $bytes -type binary
Get it back:
$bytes = Get-ItemProperty hkcu:\key1 bin1 | % bin1
Turn 4 bytes into an int:
$int = [bitconverter]::toint32($bytes, 0)
'0x{0:x}' -f $int
0xffffffff

I had problems with the other solutions, here's what I found to work:
Short Answer:
New-ItemProperty -path $path -name $name -value [byte]0x00,0x01,0x02 -PropertyType Binary
Complete Example:
$path = "HKCU:\Software\Hex-Rays\"
$name = "StrWinStringTypes"
$value = [byte]0x00,0x01,0x02
#if key path found, just add/modify the value/data pair
If (Test-Path($path))
{
New-ItemProperty -path $path -name $name -value $value -PropertyType Binary -Force | Out-Null
}
#if key path not found, create it first before adding value/data
Else
{
New-Item -path $path -force
New-ItemProperty -path $path -name $name -value $value -PropertyType Binary -Force | Out-Null
}