PowerShell script to find registry key - powershell

i need some help, i want to create a powershell script that searches the registry for just the key RebootRequired, no value or data search is needed.
with a IF find create a txt file named RebootRequired.txt in folder C:\Candi\
is that even possible?
been trying out some scripting, but i can barley make the script to find the key if it present within the registry.

You could retrieve all keys with Get-ChildItem -Recurse and then filter on key names with Where-Object.
The Registry provider is a little different from the FileSystem provider, in that the Name property of each item is the entire key path (ie. HKEY_LOCAL_MACHINE\Software\Microsoft instead of just Microsoft). You can use PSChildName to refer to the leaf name:
if(#(Get-ChildItem HKLM: -Recurse |Where-Object {$_.PSChildName -eq 'RebootRequired'}))
{
# Something was returned! Create the file
New-Item C:\Candi\RebootRequired.txt -ItemType File
}
You can suppress error messages from inaccessible keys with the -ErrorAction SilentlyContinue parameter argument with Get-ChildItem

Related

Searching for only folders that contain a certain folder using powershell

I am trying to use powershell to update some programs for my company. I am writing a script to do so (as instructed). When I install the new version of the program on the machines, it also requires me to 'upgrade' existing folders to match the new version of the software.
I need to find all of the folders that contain a certain hidden folder(let the name of said folder be .blah). I am trying to use the get-childitem command, with -path [drives to check] -Recurse -Directory -Force -EA SilentlyContinue. However, I am not sure how to filter correctly to only find folders that contain the .blah folder inside of it.
Help would be very much appreciated.
Combine your Get-ChildItem call with a Where-Object call that tests for a child directory of a given name using Test-Path:
# Note: "." refers to the *current* directory
# Adjust as needed.
Get-ChildItem -LiteralPath . -Recurse -Directory -Force -ErrorAction Ignore |
Where-Object {
Test-Path -ItemType Container -LiteralPath "$($_.FullName)\.blah"
}
The Get-ChildItem call outputs all directories (-Directory) in the entire directory subtree (-Recurse), including hidden ones (-Force), ignoring any errors (such as from lack of permissions, -ErrorAction Ignore).
The Where-Object call calls Test-Path to look for a .blah child directory (-ItemType Container) in the directory at hand ($_).
With a -LiteralPath argument, Test-Path finds the specified path if it exists, irrespective of whether the target file or directory is hidden.
By contrast, with a wildcard-based -Path argument, hidden items are not found, and given that, as of PowerShell 7.2.5, Test-Path has no -Force switch, there is no way to force their inclusion; this gap in functionality is the subject of GitHub issue #6501.
Note: In PowerShell (Core) 7+, you could simplify "$($_.FullName)\.blah" to "$_\.blah", because the [System.IO.DirectoryInfo] and [System.IO.FileInfo] instances output by Get-ChildItem and Get-Item there consistently stringify to their full path (.FullName) property, unlike in WindowsPowerShell, where they situationally stringify by their file/directory name only - see this answer.

Script to Find a registry key with wildcard and remove it

I am trying to clean out old Firefox registry entries that are causing our vulnerability scanner to freak out.
The script I am using is:
New-PSDrive HKU Registry HKEY_USERS
Get-ItemProperty -Path "HKU:\*\Software\Mozilla\Mozilla Firefox*" |
Select-Object -ExpandProperty PSPath |
ForEach-Object {Remove-PsPath -Path $_ -WhatIf}
but it fails. I know my issue is in the last section: ForEach-Object {Remove-PsPath -Path $_ -WhatIf} as I can run the other part of the script and get my expected data returns.
The Keys in the registry I want to remove are located in the HKU\%%%randoms SID%%%\Software\Mozilla path. They are:
HKU\%%%randoms SID%%%\Software\Mozilla\Mozilla Firefox
HKU\%%%randoms SID%%%\Software\Mozilla\Mozilla Firefox ESR
I want the script to remove the entire key and all the subkeys. What am I doing wrong in my script?
Remove-PsPath doesn't exist, as far as I can tell. But it all can be reduced to this:
New-PSDrive HKU Registry HKEY_USERS
Remove-Item "HKU:\*\Software\Mozilla\*Firefox*" -Recurse -WhatIf
And of course, remove -WhatIf once you're sure you want to run it.
Also note that I've added an extra wildcard before Firefox because I noticed on my test machine that registry key was simply called Firefox and not Mozilla Firefox. This'll still target your original registry keys.

How do I copy multiple files from multiple hosts in powershell?

I am trying to make a powershell script (5.1) that will copy several files and folders from several hosts, these hosts change frequently therefore it would be ideal if I can use a list that I can append when required.
I have this all working using xcopy so I know the locations exist. I want to ensure that if a change is made when I am not In work someone can just add or remove a host in the text file and the back up will continue to work.
The code I have is supposed to go through each host in my list of hosts and copy all the files from the list of file paths before moving onto the next host.
But there are 2 errors showing up:
The term '\REMOTEHOST\c$\Users\Public\desktop\back-up\$Computers' is not recognized as the name of a cmdlet, function, script
file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:8 char:17
and:
copy-item : Cannot find path '\HOST\C$\LK\Appdata\Cmmcfg C$\LKAppData\Errc C$\LK\Appdata\TCOMP C$\LK\Probes C$\LK\Appdata\CAMIO C$\LK\Appdata\LaunchPad C$\LK\Appdata\Wincmes
C$\barlen.dta C$\Caliprogs C$\Cali' because it does not exist.
This does not seem to reading through the list as I intended, I have also noticed that the HOST it is reading from is 6th in the list and not first.
REM*This file contains the list of hosts you want to copy files from*
$computers = Get-Content 'Y:\***FILEPATH***\HOSTFILE.txt'
REM*This is the file/folder(s) you want to copy from the hosts in the $computer variable*
$source = Get-Content 'Y:\***FILEPATH***\FilePaths.txt'
REM*The destination location you want the file/folder(s) to be copied to*
$destination = \\**REMOTEHOST**\c$\Users\Public\desktop\back-up\$Computers
foreach ($item in $computers) {
}
foreach ($item in $source) {
}
copy-item \\$computer\$source -Destination $destination -Verbose
Your destination variable needs to be enclosed in quotes. To have it evaluate other variables inside of it, enclose it in double quotes. Otherwise PowerShell thinks it's a command you are trying to run.
$destination = "\\**REMOTEHOST**\c$\Users\Public\desktop\back-up\$Computers"
cracked it, thank you for your help. I was messing up the foreach command!I had both variables set to Item, so I was confusing things!
foreach ($itemhost in $computers) {
$destination = "\Remotehost\c$\Users\xoliver.jeffries\desktop\back-up\$itemhost"
foreach ($item in $source)
{copy-item "\$itemhost\$item*" -Destination $destination -Verbose -recurse}
}
Its not the neatest output but that's just a snag! the code now enables me to use a list of hosts and a list files and copy them to a remote server!

Backup GPOs basing on GPO DisplayName rather than Id

So I am backing up all the GPOs of a Domain Controller and I noticed that the way Backup-GPO cmdlet backs up the GPOS is so unfriendly. By default it creates a folder for every single GPO named after the "ID" which doesn't even match its "GPOID/GUID".
Here is an example, I will just backup a specific GPO:
backup-gpo -guid ff8de365-0842-46ab-9ac7-64ebd8dd4614 -path C:\
DisplayName : N12 Workstation Policy
GpoId : ff8de365-0842-46ab-9ac7-64ebd8dd4614
Id : dd33c220-bac8-4ebd-a9d9-7729fcea9c38
BackupDirectory : C:\
CreationTime : 20/10/2015 17:41:43
DomainName : martyn.local
This is the backup folder name that is created after issuing the previous command:
{DD33C220-BAC8-4EBD-A9D9-7729FCEA9C38}
If I try to Backup all the GPOs I get a folder for every single GPO. Is there any way of naming these folders basing on the GPO DisplayName rather than that unfriendly string?
This is what I would like to get:
N12 Workstation Policy
The reason why I want to do it like that is because if I want to re-import a single GPO in the future and I don't remember the name of the GPO how am I supposed to know which is the right GPO backup folder to import if I am using that awful name?
Thanks
Backup each GPO to separate subfolders of your backup folder:
$invalidChars = ':\\/' + [RegEx]::Escape(-join [IO.Path]::InvalidPathChars)
$backupDir = 'C:\backup'
Get-GPO -All | ForEach-Object {
$name = $_.DisplayName -replace "[$invalidChars]", '_'
$gpoDir = Join-Path $backupDir -ChildPath $name
New-Item $gpoDir -Type Directory | Out-Null
Backup-GPO -Guid $_.Id -Path $gpoDir
}
The replacement is to remove characters that are invalid in a path from the name (the creation of the subfolder would fail if the name of the GPO contained for instance a >). As #briantist suggested in his comment it's better to derive the list of invalid characters from the respective IO.Path property than maintain the list by hand. You may need to manually add other problematic characters, though, specifically :. The colon is used for accessing alternate data streams, so it's technically a valid character in a path, but PowerShell doesn't support it.

Powershell's Copy-Item gives inconsistent results on file system and registry

I am trying to use Powershell's Copy-Item commandlet with the -Recurse and -Force parameters to copy settings from one registry key and overwrite the same settings (if they exist) in another key. If I were using this same command on a file system, then any folders that exist in source and target would be overwritten in the target.
When using this command on the registry, however, if there are keys in the target that exist, the source key is copied as a subkey. Example:
Starting state:
HKCU:Software\OldVendor\Program
HKCU:Software\OldVendor\Program\Setting1
HKCU:Software\OldVendor\Program\Setting2
HKCU:Software\NewVendor\Program
HKCU:Software\NewVendor\Program\Setting1
HKCU:Software\NewVendor\Program\Setting2
Now if I run this command:
Copy-Item -Path "HKCU:Software\OldVendor\Program" -Destination "HKCU:Software\NewVendor" -Recuse -Force
I expect the same structure to be maintained. In fact, the structure under NewVendor looks like this:
HKCU:Software\NewVendor\Program
HKCU:Software\NewVendor\Program\Setting1
HKCU:Software\NewVendor\Program\Setting1\Setting1
HKCU:Software\NewVendor\Program\Setting2
HKCU:Software\NewVendor\Program\Setting2\Setting2
Can anyone tell me how to get Powershell to overwrite existing registry keys, instead of copying to subkeys?
It seems to me you want to copy items and their values, those are properties, not keys. You can list them as follows:
get-itemproperty "HKCU:Software\NewVendor\Program"
or u can use alias and omit quotes:
gp HKCU:Software\NewVendor\Program
Another, better way, which doesn't view powershell specific properties:
Get-Item HKLM:\SOFTWARE\NewVendor\Program | select -ExpandProperty Property
So, if u want to copy all the properties from one key to another:
Get-Item HKLM:\SOFTWARE\Program | select -ExpandProperty Property | % {Copy-ItemProperty -Path HKLM:\SOFTWARE\Program -Destination HKLM:\SOFTWARE\AnotherProgram -Name $_ -Verbose}
You have to use foreach loop, beacuse Copy-ItemProperty cmdlet can copy only one property been specified.