I have been trying to enable or disable a Local group policy with powershell to automate the process, I tried installing Remote Server Administration Tools but it's module in powershell needs the pc to be in a domain.
Is there any way to enable\disable a Local group policy with powershell?
Use the registry (note that this requires elevation):
Set-ItemProperty -Path <HKLM:RegistryPath> -Name <PropertyToChange> -Value <NewValue>
Example (Enabling Search Suggestions from Edge):
Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\MicrosoftEdge\SearchScopes" -Name "ShowSearchSuggestionsGlobal" -Value 1
Related
The manual way to solve this is: Local Group Policy Editor > Computer Configuration > Administrative Templates > System > Remote Procedure Call > Change “Restrict Unauthenticated RPC clients” to configured and authenticated.
But I want to be able to script this into powershell.
You can update the corresponding registry setting. Check out the admx.help page on that policy for information about which values to use:
Set-ItemProperty "HKLM:\Software\Policies\Microsoft\Windows NT\Rpc" -Name RestrictRemoteClients -Value 2
If the reg key doesn't already exist, then you may have to create it with New-Item
and/or New-ItemProperty instead.
I am checking how to make the proxy settings of a windows VM by using desired state configuration (DSC) in Azure. Is there a library of DSC?
Normally, i am using below commands to set the proxy from the cli:
Set-ItemProperty -Path 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Internet Settings' -name ProxyServer -Value "123.123.123.123:80"
Set-ItemProperty -Path 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Internet Settings' -name ProxyEnable -Value 1
netsh winhttp set proxy 123.123.123.123:80
Any idea?
You may try with Script resource. In that resource, you may use TestScript and/or GetScript property to check if proxy setting is already set as required. If proxy setting is already not set then use SetScript property to actually set proxy setting using cmdlets you have provided.
I have a long list of shares that I want to see if I can access them. Is there a powershell commandlet that I could use?
I tried the Test-Path command but I believe that returns TRUE regardless of whether I have permissions to access the folder.
I want a similar command that will return TRUE if I can reach a share AND have permission to access it.
Or return FALSE if I can't reach the share or if I have not got permission to access it.
Test-Path only validates the existence of a thing.
the *-ACL cmdlets return permissions on an object (file, folder, registry, etc.)
Just look for the read permission and note, as a rule/practice, admins don't grant access rights to a user, they grant access rights to a group. So, as long as you are a member of a defined Account Group, you have access.
<#
Get specifics for a module, cmdlet, or function
https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.security/get-acl?view=powershell-7
#>
(Get-Command -Name Get-Acl).Parameters
(Get-Command -Name Get-Acl).Parameters.Keys
Get-help -Name Get-Acl -Examples
<#
# Results
Get-Acl C:\Windows
Get-Acl -Path "C:\Windows\k*.log" | Format-List -Property PSPath, Sddl
Get-Acl -Path "C:/Windows/k*.log" -Audit | ForEach-Object { $_.Audit.Count }
Get-Acl -Path "HKLM:\System\CurrentControlSet\Control" | Format-List
Get-Acl -InputObject (Get-StorageSubsystem -Name S087)
#>
Get-help -Name Get-Acl -Full
Get-help -Name Get-Acl -Online
You can also use one of the other modules from the Microsoft powershellgallery.com
Find-MOdule -Name '*acl*' |
Format-Table -AutoSize
<#
# Results
Version Name Repository Description
------- ---- ---------- -----------
1.0.1 ACL-Permissions PSGallery A couple of ACL utilities, for repairing corrupt permissions and applying permissions for IIS AppPool identities
1.30.1.28 ACLReportTools PSGallery Provides Cmdlets for reporting on Share ACLs.
1.7 ACLHelpers PSGallery Modules to help work with ACLs (Access Control Rights)
1.0.1.0 ACLCleanup PSGallery A set of tools to help you clean your fileshares access control lists
0.1.2 ACLTools PSGallery Module for managing NTFS Acls on files and folders
...
#>
Find-MOdule -Name '*ntfs*' |
Format-Table -AutoSize
<#
# Results
Version Name Repository Description
------- ---- ---------- -----------
4.2.6 NTFSSecurity PSGallery Windows PowerShell Module for managing file and folder security on NTFS volumes
1.4.1 cNtfsAccessControl PSGallery The cNtfsAccessControl module contains DSC resources for NTFS access control management.
1.0 NTFSPermissionMigration PSGallery This module is used as a wrapper to the popular icacls utility to save permissions to a file and then restore those permissions to a mirror c...
#>
(Get-ChildItem -Path D:\temp | Get-NtfsAccess) -Match 'ReadAndExecute'
I have a program that I would like to run daily on Azure. Is it possible to start up the VM and login to windows 10 automatically? I have scheduled the VM to start up and shut down, but I have not found a way to login to windows yet. Any suggestions?
Thanks!
Run this to get vm autologin configured (i did it during deployment via Powershell extension)
$RegPath = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
Set-ItemProperty $RegPath "AutoAdminLogon" -Value "1" -type String
Set-ItemProperty $RegPath "DefaultUsername" -Value "$username" -type String
Set-ItemProperty $RegPath "DefaultPassword" -Value "$password" -type String
I am trying to use PowerShell to remove profiles and associated registry entries on remote computers. The account I am using has administrator permissions on the remote computers. I have no trouble pulling the SIDs of the accounts or deleting the profile. My problem comes when trying to remove the registry key for the account located at HKLM:\SOFTWARE\Microsoft\'Windows NT'\CurrentVersion\ProfileList. There is a key for every SID and I want to remove the ones that match the profiles I am deleting.
This is what I have tried so far:
Enter-PSSession $comp
Remove-Item "HKLM:\SOFTWARE\Microsoft\'Windows NT'\CurrentVersion\ProfileList\$SID"
Exit-PSSession
This got the following result:
Remove-Item : Cannot find path 'HKLM:\SOFTWARE\Microsoft\'Windows
NT'\CurrentVersion\ProfileList\S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-1000' because it does not exist.
If I run the same command on the local machine, the key is deleted successfully.
I also tried:
Enter-PSSession $comp
Remove-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList' -name $SID
Exit-PSSession
Which returned the following:
Remove-Itemproperty : Requested registry access is not allowed.
I have also tried using invoke-command to run the exact same command that works locally and I get the same error.
Is there something I am missing? Can any of you kind folks point out what I am doing wrong? I would really like to do this with built-in commands rather than installing a third party module if possible.
If you are looking to remove user profiles and cannot use a third party tool I would recommend using the CIM classes.
Get-CimInstance -ClassName Win32_UserProfile -Filter "SID = 'S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-1000'" -ComputerName $comp | Remove-CIMInstance -WhatIf
If you do not have winrm enabled or configured you can fallback on WMI.
Get-WmiObject -Class WIN32_UserProfile -Filter "SID = 'S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-1000'" -ComputerName $comp | Remove-WmiObject -WhatIf
This will get not only the registry key but also the folders associated with the profile.