I know that I can set a runonce key in the Win7 registry globally, which will be executed no matter which user logs on the next time, using this registry key:
HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
I need to do an initialization only for a specific user, so I wonder if there is a way to programatically (using Powershell) set a runonce-entry that is only executed if one specific user logs on, also if this user is not an Administrator.
Do you know of a way to do this? Thanks.
I think this question and the other (http://stackoverflow.com/questions/10908727/how-can-i-programatically-find-a-users-hkey-users-registry-key-using-powershell) are related:
Anyways, here is how you do it:
$User = New-Object System.Security.Principal.NTAccount($env:UserName)
$sid = $User.Translate([System.Security.Principal.SecurityIdentifier]).value
New-PSDrive HKU Registry HKEY_USERS
Get-Item "HKU:\${sid}"
Set-ItemProperty -Path "HKU:\${sid}\Software\Microsoft\Windows\CurrentVersion\RunOnce" -Name Command -Value "notepad.exe"
Related
I try to bypass Windows IE setting pop up from the initial launch IE. either close the window or click ask later. Is it possible Powershell can check the window object? I tried the "New-Object" below:
New-Object -ComObject 'internetExplorer.Application'
But it doesn't seem to work that way I expected.
Thanks
For those looking for the Registry method (or Powershell), this is the script I use:
$keyPath = 'Registry::HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main'
if (!(Test-Path $keyPath)) {
New-Item $keyPath -Force
}
Set-ItemProperty `
-Path $keyPath `
-Name "DisableFirstRunCustomize" `
-Value 1
You want to test the path exists first as using the -Force parameter on New-Item will remove any existing children of the path provided.
Is using group policy out of the question as this can easily be done through a gpo. Here is a link explaining. https://mkcheah88.blogspot.com/2014/06/microsoft-how-to-disable-internet.html
If not is it ok to change the registry key this links to with powershell prior to internet explorer opening? If so I can modify this answer to include that answer.
I am currently building a Hyper-V lab consisting of a DC and multiple networked VMs, using Windows Server 2016. I'd like to completely disable the windows firewall for all existing and newly created VMs.
The best way that I've found to do this so far is via Group Policy for the Domain Profile. Then set Windows Firewall: Protect all network connections to disabled. What I would like to do is to have a way of scripting this out (using Powershell if possible).
I've found that by performing the above steps in the GUI, it creates a few entries in the registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\WindowsFirewall\DomainProfile
In each of those entries, there is a property called EnableFirewall which is set to 0. So I tried creating all of this using Powershell like this:
New-Item -path "HKLM:\SOFTWARE\Policies\Microsoft" -name WindowsFirewall
New-Item -path "HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall" -name DomainProfile
New-ItemProperty -path "HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile" -name EnableFirewall -value 0 -PropertyType DWord -Force
Unfortunately it doesn't seem to be working, so there must be something else that I'm missing.
Does anybody know how to completely disable the windows firewall for all networked machines using the command line in Windows Server 2016?
Setting up the Windows-Firewall for your domain-computers through computer-startup-script is not a great solution in my opinion.
You should definetly use Group Policy for this task.
GP does exactly what I want, I would just like a way of modifying GP using Powershell. I'm building a lab from scratch, and I'm looking to script as much of it as possible rather than using the gui.
I am not completely sure, what you are trying to achive.
You have created a lab now and I think you are trying to script a complete automatic built-up for future use. Is this correct?
If yes, then my solution is maybe what you are looking for:
Create a new GPO in your lab named "Firewall-Settings" for example.
Make all of your needed FireWall-Settings to the new GPO.
In Group Policy Editor open the main-node named „Group Policy Objects“. (important) Find the newly created GPO, right-click it and select "Backup":
Save the GPO-backup to a folder. (folder must exist)
The GPO is beeing saved and named like on the screenshot below (GUID):
That's it for the preparation. Now you maybe want to script the creation of the GPO with Powershell for future use and import the backup to obtain it's settings in a new environment:
New-GPO -Name "FireWall-Settings" | New-GPLink -Target "DC=mydomain,DC=local" # distinguishedName of Target-OU
Import-GPO -Path $PathtoGPOBackup -TargetName "FireWall-Settings" -BackupGpoName "FireWall-Settings"
The Script creates a GPO in the new environment with the name "FireWall-Settings" and links it to the target-OU.
After that you import the settings of the backup-GPO. All the domain-members in scope of the GPO will get the Windows-Firewall configured automatically.
Now the process is documented and fully automatic, if this is, what you are looking for.
Kind regards
open cmd prompt with elevated mode and run this:
netsh -r ComputerName -u Username -p Password -c advfirewall set allprofiles state off
If you want to do it for all the machines. Get all the ad computers using get-adcomputer. Run a foreach loop and put the variable istead of computername.
If you have the domain admin creds, then you are good to go with this.
Hope it helps.
Depending on the profile you want to disable, specify profiles (public, domain, private) using the -Name parameter. To disable all profiles for a networked machine, where $computerName array is the hostname of your DC, PC etc:
$computerName = 'DC1, PC1, MS1'
Invoke-Command -Computername $computerName -ScriptBlock {
Set-NetFirewallProfile -Name Domain, Public, Private -Enabled False
}
I have created over 100 users using the wrong regional settings, therefore wrong date format. I wish to correct this without logging in as every user and going through the necessary steps.
I am looking for a way to do this in one go either via UI or via Powershell script.
Ideally I want a script that will ForEach the local users and run a command to change their language/regional settings.
NOTE: I am not using Active Directory therefore cannot use group policies.
Set your desired settings in one of the users, then Get those settings from
"HKEY_CURRENT_USER\Control Panel\International"
find the SID of each user then
Apply it to each user on:
"HKEY_USERS\[UserSID]\Control Panel\International"
To get The SID of the user you can use this Function:
Function GetSIDfromSAM()
{
Param(
[Parameter(mandatory=$true)]$userName
)
$myacct = Get-WmiObject Win32_UserAccount -filter "Name='$userName'"
return $myacct.sid
}
GetSIDfromSAM localuser
S-1-5-21-1837353773-20556466214-3321741005-1005
Then use the Foreach section (just for example)
New-PSDrive HKU Registry HKEY_USERS
Foreach ($SID in $SIDs)
{
Set-ItemProperty -Path "HKU:\$SID\Control Panel\International" -Name "LocaleName" -Value "en-us"
}
Of course you should update all the properties, you can use a switch section with all properties and values, or other methods, let me know if you need more help on this
I need to check some settings for all users on Windows clients in the network. All users have roaming profiles.
I have written a Powershell script that loads an offline copy of a users' NTuser.dat and reads out the specific keys. Then the file is unloaded and the next one is loaded into the registry.
The problem is that after about 10 users no new files are loaded. When the script is launched again the users still don't load. New users are only after I close the Powershell prompt and open a new one. The script always stalls after about 10 users.
$userlist = ls "C:\Temp calls\profiles"
foreach ($user in $userlist){
$username = $user.name
#$username = "ciproda"
reg load "hklm\$username" "C:\Temp calls\profiles\$username\NTUSER.DAT" | Out-Null
...
Here I check the keys
...
[gc]::collect()
start-sleep -s 3
reg unload "hklm\$username"
}
In your section 'Here I check the keys', are you mounting the hive as a PS drive using something like:
new-Psdrive -name <blah> -PSProvider Registry -root <blih>
cd <blah>:
# Some Set-ItemProperty and Get-ItemProperty calls here referring to
# your PSDrive and using PowerShell variables
Remove-PSDrive <blah>
If you still have references to some of your PSDrive variables before calling REG UNLOAD, that call might fail. Try to remove all variables that would still refer to your PSDrive through Remove-Variable.
I wonder if there is a way to find a local user's registry key in HKEY_USERS if you know the login-name of that user on the local machine. I want to programmatically add stuff to a specific user's registry keys (Autorun for example), but I only know the username. How can I determine which of the cryptic users in HKEY_USERS actually belongs to a specific username?
$User = New-Object System.Security.Principal.NTAccount($env:UserName)
$sid = $User.Translate([System.Security.Principal.SecurityIdentifier]).value
The above snippet gives you the SID of the logged-in user. This when appended to the HKEY_USERS givs you the right path for that username.
New-PSDrive HKU Registry HKEY_USERS
Get-Item "HKU:\${sid}"
This answer is not complete, as HKEY_USERS does not contain all the users, just those that are currently active.
You'll need to load the registry hive for the user(s) you want to work with using
reg load hku\ThatUserName C:\Users\ThatUserName\NTUSER.DAT
See this SO answer for an example of how to load the registry hive for all the user(s).
You can then access the registry for that user with
Set-Location HKU:\ThatUserName
Or call New-PSDrive to give the user's registry it's own drive, like so:
New-PSDrive -Name HKThatUser -PSProvider Registry -Root HKU\ThatUserName
Set-Location HKThatUser:
Be sure to unload the registry, and do garbage collection to ensure the hive is released when done:
reg unload hku\ThatUserName
[gc]::collect()
See this post for more info
This does it for me
ls 'hklm:software/microsoft/windows nt/currentversion/profilelist' | ? {
$_.getvalue('profileimagepath') -match 'Steven'
} | % pschildname
Example