I am needing to use PowerShell to delete a registry entry from multiple computers. The only thing is that PowerShell scripts are not enabled on the remote computers. Is it possible to manipulate the registry of multiple computers from my computer? What command could I use?
There is a pre powershell registry tool called reg. It will perform registry operations on remote computers.
REG DELETE /?
REG DELETE \\Computer\HKLM\Software\MyCo /v MTU
Deletes the registry value MTU under MyCo on Computer
If you have a list of computers in a list, then you can do something like this
$computers | ForEach-Object {
REG DELETE "\\$_\HKLM\Software\MyCo" /v MTU
}
Related
I am trying to automate sever setup of a windows 2019 server using userdata. I need to update the local group policy settings.
The specific group policy i want to enable is "Set time limit for disconnected sessions"
How can i enable this 'local' group policy for a vm using powershell or bash or even Regedit.
I have tried but i cant seem to get it be in an "enabled" state.
Look at this Registry Edit.
You can access this registry key in Powershell or Bash.
More information here.
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v MaxDisconnectionTime /t REG_DWORD /d 5000 /f
Try this, its the same registry key but using Powershell to set.
Set-ItemProperty "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" -Name MaxDisconnectionTime -Type REG_DWORD -Value 900000
The value is in ms, this would set it to 15 minutes.
https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.TerminalServer::TS_SESSIONS_Disconnected_Timeout_2
After you run that, restart the device and the settings should be updated.
There is no way to directly configure the local group policy using PowerShell.
When configured, the GPO sets a registry key and value.
It's not bi-directional where you can set the registry key and then the GPO is configured.
You can use Microsoft's tool LGPO.exe to export the policy settings from a computer you've configured, and then use PowerShell to import those settings to your new computer.
Below script is to Automate RDP and I am stuck with below two points:
How to map local drive as mapped drive in RDP session(tsclient) using
powershell script/command
Example like this in RDP : drivestoredirect:s:value
RDP Automation - PowerShell Script :
cmdkey /list | ForEach-Object{if($_ -like "*target=TERMSRV/*"){cmdkey /del:($_ -replace " ","" -replace "Target:","")}}
echo "Connecting to Server Name"
$Server="Server Name"
$User="Username"
$Password="Password"
cmdkey /generic:TERMSRV/$Server /user:$User /pass:$Password
mstsc /v:$Server
reg add "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client" /v "AuthenticationLevelOverride" /t "REG_DWORD" /d 0 /f
You can't control all aspects of your connection when using mstsc.exe via command line. The information for mapping local resources in the TS session are stored in the RDP file.
If not specified, it will use the default.rdp file located in "My Documents" folder (hidden file).
If you configure the default RDP to map local resources, all subsequent connections will also have the local resources mapped... but if you change it again, it will apply to all next connections.
So a better approach will be to create one *.rdp file and use it as a template in your script:
Create Template RDP file:
Launch mstsc.exe
Configure all options as per your needs
Save the file somewhere and use it in your script (i.e C:\Temp\MyRDPtemplate.rdp)
Now, change your script in order to use this template file when connecting to a Server:
mstsc "C:\temp\MyRDPtemplate.rdp" /v:$Server
When you first connect to a Server while mapping local resources, you will receive a warning message:
If you want to avoid this message, add the following registry key before launching:
reg add "HKCU\Software\Microsoft\Terminal Server Client\LocalDevices" /v $Server /t "REG_DWORD" /d 0x4d /f
mstsc "C:\temp\MyRDPtemplate.rdp" /v:$Server
There may be a global parameter you can add to avoid this message for all Servers (like for "AuthenticationLevelOverride") but I don't know for sure.
On last word about the stored credentials... if you use cmdkey /generic:xxx, you don't need to specify the service type (TERMSRV), that's the purpose of the /generic switch. But it also works fine...
PS: Very last remark, if you want to bypass the certificate prompt (in case your server doesn't present a valid one, you should add the registry key AuthenticationLevelOverride before connecting to the Server. Also note that this key is valid for all connections.
Another choice is get a help form some 3rd-part tools for RDP.
https://github.com/VShawn/PRemoteM
When I run the command to edit a registry value on HKCU with PowerShell, I have to run PS as an admin to have perms to edit the registry. Unfortunately, this changes HKCU to my admin account (as far as I can tell, at least), which keeps me from editing the user.
I need to automate this as we’re rolling out hundreds of machines. Am I missing something?
When running an elevated PowerShell, the user specific registry can be edited under HKEY_USERS\<Users SID>\.... For example:
Get-ItemProperty -Path "registry::hkey_users\$($strSID.Value)\Software\Policies\Microsoft\Windows\Control Panel\Desktop"
I need to be able to pass credentials through, which i have local administrator credential for the remote machine.
I only need to target one machine at a time, which will be manually specified in a function and the IP will be assigned as a $Global:var
I can use WMI-GetObject and stop/start the printer spool service, but cannot figure out a way to delete the remote files while passing credentials without using invoke, which doesnt work as WinRM is not enabled (and cannot be by policy)
Thank you for any help you can offer.
I have a test setup i can test as much as needed
also let me know if this would suit SuperUser more than StackOverflow
In the end i could not find a solution in powershell itself, so i defaulted to a co-located Batch file to handle the windows file operations and called the batch file from powershell with
start-process -Wait "cmd.exe" "/c c:\powershell\clearspool.bat"
batch file is below
#ECHO off
rem Set up the remote server ip
set User=administrator
set /p Server=Enter Server IP:
set /p Password=Enter Admin Password:
rem Mount the remote path
net use \\%Server%\c$\Windows\System32\spool %Password% /USER:%User%
rem Delete a file
del /S /F \\%Server%\c$\Windows\System32\spool\PRINTERS
rem Unmount the remote path
net use \\%Server%\c$\Windows\System32\spool /delete
Working on a script that will be run on a clone of a VM. When cloned out, the IP settings switch from static to DHCP and the name/domain remain the same as the source. Parts of my script require that the VM be on the domain to run, however, I can't just set an open IP on the NIC, since it will then update DNS with the new IP, disable the computer object in AD and break the trust relationship.
Normally, through windows, I join a workgroup [remove from domain] and the OS is happy, just wants a reboot. I can then set the IP on the NIC, change the name and set it to join back to the domain before another reboot. I then have 2 of the same machine, different names and IP addresses without any conflicts.
I am at an impasse at getting this accomplished with PowerShell though. I can't rename or join a workgroup unless I am on the domain. I thought workflows would be the answer, but after reading a little bit on it, I am not so sure anymore.
So this is more of a workflow Q than actual code and any feedback is appreciated.
wmi commandline works and gives me a starting point.
#echo off
start /B /W wmic.exe /interactive:off ComputerSystem Where "Name='%computername%'" Call UnJoinDomainOrWorkgroup FUnjoinOptions=0
start /B /W wmic.exe /interactive:off ComputerSystem Where "Name='%computername%'" Call JoinDomainOrWorkgroup name="WORKGROUP"
start /B /W wmic.exe /interactive:off ComputerSystem Where "Name='%computername%'" Call Rename name="standaloneComputer"
shutdown.exe /r /t 0 /f
I use the following procedure when dealing with cloned Windows VMs:
Start the clone with disconnected network interface(s).
Remove non-present network adapters.
Assign new IP address(es) to the remaining network adapter(s).
$wmi = Get-WmiObject Win32_NetworkAdapterConfiguration -Filter "IPEnabled='true'"
$wmi.EnableStatic('192.168.23.42', '255.255.255.0')
$wmi.SetGateways('192.168.23.1', 1)
$wmi.SetDNSServerSearchOrder(('192.168.23.13', '192.168.23.14'))
Rename the computer and remove it from the domain.
Reboot.
Reconnect the interface(s).
Join the renamed computer back to the domain.
Note: Make sure the clone has a local admin account that you can log in with while the domain is not accessible.