Working with Windows Registry Keys and PowerShell

I often ponder while scripting tasks for Deletion or Creation of Registry keys or Registry Properties with appropriate Types and Values with corresponding Data. Here is a quick consolidated example that covers various use cases when you want to automate Registry Settings on your Windows Clients.

Sample script as below:

# Working with Windows Registry Keys and PowerShell

# Registry Types

<#

Type is a dynamic parameter that the Registry provider adds to the Set-ItemProperty cmdlet. This parameter only works in the registry drives.

Specifies the type of property that this cmdlet adds. The acceptable values for this parameter are:

String: Specifies a null-terminated string. Equivalent to REG_SZ.
ExpandString: Specifies a null-terminated string that contains unexpanded references to environment variables that are expanded when the value is retrieved. Equivalent to REG_EXPAND_SZ.
Binary: Specifies binary data in any form. Equivalent to REG_BINARY.
DWord: Specifies a 32-bit binary number. Equivalent to REG_DWORD.
MultiString: Specifies an array of null-terminated strings terminated by two null characters. Equivalent to REG_MULTI_SZ.
Qword: Specifies a 64-bit binary number. Equivalent to REG_QWORD.
Unknown: Indicates an unsupported registry data type, such as REG_RESOURCE_LIST.

#>

# Delete Registry Keys Sample 1

 $DeleteRegkeys =
 @("HKCU:\Software\Microsoft\VSTO\Security\Inclusion\3163a048-016e-4c73-832a-935fee6cadb0"),
 ("HKCU:\Software\Microsoft\VSTO\SolutionMetadata\{B53BEEEB-8EC4-4FA7-8ED7-897CA07D14E4}"),
 ("HKCU:\Software\Microsoft\Office\outlook\Addins\DEMO_CORP.Test.OutlookAddIn"),
 ("HKCU:\Software\Microsoft\VSTO\Security\Inclusion\a2772a3f-4af9-4af5-a256-fc0f03c38801"),
 ("HKCU:\Software\Microsoft\VSTO\SolutionMetadata\{804EB145-CE5F-4798-B82F-25CB7FCC98C3}")

 $DeleteRegistryObjects = $DeleteRegkeys[0..4]

 #Deleting Registry Objects
 foreach ($DeleteRegistryObject in $DeleteRegistryObjects) {
 If (Test-Path -Path $DeleteRegistryObject) {
 Write-Output "Reg Key Path $DeleteRegistryObject found, Deleting now"
 Remove-Item -Path $DeleteRegistryObject -Recurse -Force -ErrorAction SilentlyContinue | Out-Null
 }
 }

<# Set Registry Sample 1
[HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\Addins\DEMO_CORP.Test.DemoKeyHive.2.5.OutlookAddIn]
"FriendlyName"="DEMO_CORP Friendly Name"
"Description"="DEMO_CORP.Test.DemoKeyHive.2.5.OutlookAddIn"
"LoadBehavior"=dword:00000003
"Manifest"="C:\\Program Files\\DEMO_CORP\\DemoKeyHive\\2.5\\OutlookAddIn\\DEMO_CORP.Test.DemoKeyHive.2.5.OutlookAddIn.vsto|vstolocal"
#>

$AddinRegPath = 'HKCU:\Software\Microsoft\Office\Outlook\Addins\DEMO_CORP.Test.DemoKeyHive.2.5.OutlookAddIn'

If (Test-Path -Path $AddinRegPath) {
Set-ItemProperty -Path $AddinRegPath -Name "FriendlyName" -Type STRING -Value "DEMO_CORP Friendly Name" -Force -ErrorAction SilentlyContinue | Out-Null
Set-ItemProperty -Path $AddinRegPath -Name "Description" -Type STRING -Value "DEMO_CORP.Test.DemoKeyHive.2.5.OutlookAddIn" -Force -ErrorAction SilentlyContinue | Out-Null
Set-ItemProperty -Path $AddinRegPath -Name "LoadBehavior" -Type DWORD -Value "3" -Force -ErrorAction SilentlyContinue | Out-Null
Set-ItemProperty -Path $AddinRegPath -Name "Manifest" -Type STRING -Value "C:\\Program Files\\DEMO_CORP\\DemoKeyHive\\2.5\\OutlookAddIn\\DEMO_CORP.Test.DemoKeyHive.2.5.OutlookAddIn.vsto|vstolocal" -Force -ErrorAction SilentlyContinue | Out-Null
}

<# Set Registry Sample 2
[HKEY_CURRENT_USER\Software\DEMO_CORP\DemoKeyHive\2.5]
"TraceLog"="0"
"ProtectionOwnerMarker"=hex(7):00,00
"ExternalSMIMEClientCertSN"=""
"RmsReProtectOn"=dword:00000000
"UnclassifiedAttachmentEnabled"=dword:00000000
"BackOffResetAfterNoFailuresOn"=dword:00000000
#>

$DemoKeyHiveRegPath = 'HKCU:\Software\DEMO_CORP\DemoKeyHive\2.5'

If (Test-Path -Path $DemoKeyHiveRegPath) {
Write-Output "Reg Key Path $DemoKeyHiveRegPath found, Adding registry Properties now"
Set-ItemProperty -Path $DemoKeyHiveRegPath -Name "TraceLog" -Type STRING -Value "0" -Force -ErrorAction SilentlyContinue | Out-Null
Set-ItemProperty -Path $DemoKeyHiveRegPath -Name "ProtectionOwnerMarker" -Type REG_MULTI_SZ -Value $NULL -Force -ErrorAction SilentlyContinue | Out-Null
Set-ItemProperty -Path $DemoKeyHiveRegPath -Name "ExternalSMIMEClientCertSN" -Type STRING -Value "" -Force -ErrorAction SilentlyContinue | Out-Null
Set-ItemProperty -Path $DemoKeyHiveRegPath -Name "RmsReProtectOn" -Type DWORD -Value "0" -Force -ErrorAction SilentlyContinue | Out-Null
Set-ItemProperty -Path $DemoKeyHiveRegPath -Name "UnclassifiedAttachmentEnabled" -Type DWORD -Value "0" -Force -ErrorAction SilentlyContinue | Out-Null
Set-ItemProperty -Path $DemoKeyHiveRegPath -Name "BackOffResetAfterNoFailuresOn" -Type DWORD -Value "0" -Force -ErrorAction SilentlyContinue | Out-Null
}

<# Set Registry Sample 3
[HKEY_CURRENT_USER\Software\DEMO_CORP\RMSProtector\1.0]
"LoggerMode"="Information"
#>

$RMSProtectRegPath = 'HKCU:\Software\DEMO_CORP\RMSProtector\1.0'

If (Test-Path -Path $RMSProtectRegPath) {
Write-Output "Reg Key Path $RMSProtectRegPath found, Adding registry Properties now"
Set-ItemProperty -Path $RMSProtectRegPath -Name "LoggerMode" -Type STRING -Value "Information" -Force -ErrorAction SilentlyContinue | Out-Null
}

<# Set Registry Sample 4
[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Resiliency\DoNotDisableAddinList]
"DEMO_CORP.Test.DemoKeyHive.2.5.OutlookAddIn"=dword:00000001
#>

$DonotDisableAddinRegPath = 'HKCU:\Software\Microsoft\Office\16.0\Outlook\Resiliency\DoNotDisableAddinList'

If (Test-Path -Path $DonotDisableAddinRegPath) {
Write-Output "Reg Key Path $DonotDisableAddinRegPath found, Adding registry Properties now"
Set-ItemProperty -Path $DonotDisableAddinRegPath -Name "DEMO_CORP.Test.DemoKeyHive.2.5.OutlookAddIn" -Type DWORD -Value "1" -Force -ErrorAction SilentlyContinue | Out-Null
}

<# Set Multiple Registry keys and Property Keys Sample 5
A) if user is member of AD Group "App_Global_DemoKeyHive_WS_Disable"

[HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\Addins\DEMO_CORP.Test.DemoKeyHive.2.5.OutlookAddIn] "LoadBehavior"=dword:00000000

B) if user is NOT member of AD Group "App_Global_DemoKeyHive_WS_Disable"

[HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\Addins\DEMO_CORP.Test.DemoKeyHive.2.5.OutlookAddIn] "LoadBehavior"=dword:00000003
#>

$userToken = $NULL
$GroupSIDs = $NULL
$GroupNames = $NULL
[String]$Domain=$Env:USERDOMAIN
$userToken = [System.Security.Principal.WindowsIdentity]::GetCurrent()
$GroupSIDs = $userToken.Groups
$AddinRegPath = 'HKCU:\Software\Microsoft\Office\Outlook\Addins\DEMO_CORP.Test.DemoKeyHive.2.5.OutlookAddIn'

$GroupMatch = $GroupSIDs.Translate([System.Security.Principal.NTAccount]).value -split '\\' -match 'App_Global_DemoKeyHive_WS_Disable' ## Regex Matches and Returns AD Groups that matches 'App_Global_DemoKeyHive_WS_Disable'

# Verify if the User is logged into a Domain Authenticated Session and not a Local User Session

If($GroupMatch -and $Domain -notlike $env:COMPUTERNAME)
{Set-ItemProperty -Path $AddinRegPath -Name "LoadBehavior" -Type DWORD -Value "0" -Force -ErrorAction SilentlyContinue | Out-Null}

Else
{Set-ItemProperty -Path $AddinRegPath -Name "LoadBehavior" -Type DWORD -Value "3" -Force -ErrorAction SilentlyContinue | Out-Null}


# Set Multiple Registry and Property Keys Sample 6 # Different Registry Types

 $CreateRegistry =
 @("HKCU:\SOFTWARE\DEMO_CORP\Test\Test1","TraceLog","STRING","0"),
 ("HKCU:\SOFTWARE\DEMO_CORP\Test\Test2","ProtectionOwnerMarker","MULTISTRING",$NULL),
 ("HKCU:\SOFTWARE\DEMO_CORP\Test\Test3","ExternalSMIMEClientCertSN","STRING",""),
 ("HKCU:\SOFTWARE\DEMO_CORP\Test\Test4","RmsReProtectOn","DWORD","0"),
 ("HKCU:\SOFTWARE\DEMO_CORP\Test\Test5","UnclassifiedAttachmentEnabled","DWORD","0"),
 ("HKCU:\SOFTWARE\DEMO_CORP\Test\Test6","BackOffResetAfterNoFailuresOn","DWORD","0")

 $NewCreateRegistry = $CreateRegistry[0..5]

 #Creating Registry Objects
 foreach ($NewCreateRegistryObject in $NewCreateRegistry) {
 If (!(Test-Path -Path $NewCreateRegistryObject[0])) {
 New-Item -Path $NewCreateRegistryObject[0] -Force -ErrorAction SilentlyContinue | Out-Null
 Set-ItemProperty -Path $NewCreateRegistryObject[0] -Name $NewCreateRegistryObject[1] -Type $NewCreateRegistryObject[2] -Value $NewCreateRegistryObject[3] -Force -ErrorAction SilentlyContinue | Out-Null
 }
 Else 
 {
 Set-ItemProperty -Path $NewCreateRegistryObject[0] -Name $NewCreateRegistryObject[1] -Type $NewCreateRegistryObject[2] -Value $NewCreateRegistryObject[3] -Force -ErrorAction SilentlyContinue | Out-Null
 }
 }
## Snippets End ##

Hope this helps. Cheers !

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: