search

JayRHa / EndpointAnalyticsRemediationScripts

MIT License
396 stars 85 forks source link

Add Delete to Change-MultipleRegistryKeys #80

Open rwhitleyWBM opened 4 months ago

rwhitleyWBM commented 4 months ago

I needed the functionality to not only update or create registry keys, but also to Delete registry keys. I altered your code to reflect this and I thought I would share with you in case anyone else needed the same functionality.

Change-MultipleRegistryKeysDetection.ps1 ` <# Version: 1.0 Author:

<# Description: This script creates the registry keys defined below. Output: (single line) If ok, a prefix string (33) + each the key name e.g: All OK | Registry values created: YourFirstKeyName, YourSecondKeyName If not ok, a prefix string (52) + each created key (without the not created keys) e.g: Something went wrong :-( | Registry values created: YourFirstKeyName, YourSecondKeyName

Author: Rob Whitley 2024-07-17 Added functionality to handle the Action 'Delete'

>

region Define registry keys to create here

$RegistrySettingsToValidate = @( [pscustomobject]@{ Action = 'Delete' Hive = 'HKLM:\' Key = 'SOFTWARE\Contoso\Product' Name = 'ImportantKey' Type = '' Value = 0 }, [pscustomobject]@{ Action = 'Update' Hive = 'HKLM:\' Key = 'SOFTWARE\Contoso\Product' Name = 'AnotherKey' Type = 'REG_SZ' Value = "SomeValue" } )

endregion

region helper functions, enums and maps

$RegTypeMap = @{ REG_DWORD = [Microsoft.Win32.RegistryValueKind]::DWord REG_SZ = [Microsoft.Win32.RegistryValueKind]::String REG_QWORD = [Microsoft.Win32.RegistryValueKind]::QWord REG_BINARY = [Microsoft.Win32.RegistryValueKind]::Binary REG_MULTI_SZ = [Microsoft.Win32.RegistryValueKind]::MultiString REG_EXPAND_SZ = [Microsoft.Win32.RegistryValueKind]::ExpandString }

endregion

region Create registry keys

$Output = "Something went wrong :-(" $Names = @() $ExitCode = 1 Foreach ($reg in $RegistrySettingsToValidate) {

$DesiredAction        = $reg.Action
$DesiredPath          = "$($reg.Hive)$($reg.Key)"
$DesiredName          = $reg.Name
$DesiredType          = $RegTypeMap[$reg.Type]
$DesiredValue         = $reg.Value

#Write-Host "Creating registry value: $DesiredPath | $DesiredName | $($reg.Type) | $DesiredValue" 

# Check if the Action is Delete
If ($DesiredAction -eq 'Delete') {
    Remove-ItemProperty -Path $DesiredPath -Name $DesiredName
    $Names += $DesiredName
} Else {

    If (-not (Test-Path -Path $DesiredPath)) {
        New-Item -Path $DesiredPath -Force | Out-Null
    }
    New-ItemProperty -Path $DesiredPath -Name $DesiredName -PropertyType $DesiredType -Value $DesiredValue -Force -ErrorAction SilentlyContinue | Out-Null
    $Names += $DesiredName
}

}

endregion

region Check if registry keys are set correctly

If ($Names.count -eq $RegistrySettingsToValidate.count) { $Output = "All OK | Registry values $($DesiredAction)d: $($Names -join ', ')" $ExitCode = 0 } else { $Output = "Something went wrong :-( | Registry values $($DesiredAction)d: $($Names -join ', ')" $ExitCode = 1 }

endregion

Write-Output $Output Exit $ExitCode `

Change-MultipleRegistryKeysRemediaton.ps1 ` <# Version: 1.0 Author:

<# Description: This script creates the registry keys defined below. Output: (single line) If ok, a prefix string (33) + each the key name e.g: All OK | Registry values created: YourFirstKeyName, YourSecondKeyName If not ok, a prefix string (52) + each created key (without the not created keys) e.g: Something went wrong :-( | Registry values created: YourFirstKeyName, YourSecondKeyName

Author: Rob Whitley 2024-07-17 Added functionality to handle the Action 'Delete'

>

region Define registry keys to create here

$RegistrySettingsToValidate = @( [pscustomobject]@{ Action = 'Delete' Hive = 'HKLM:\' Key = 'SOFTWARE\Contoso\Product' Name = 'ImportantKey' Type = '' Value = 0 }, [pscustomobject]@{ Action = 'Update' Hive = 'HKLM:\' Key = 'SOFTWARE\Contoso\Product' Name = 'AnotherKey' Type = 'REG_SZ' Value = "SomeValue" } )

endregion

region helper functions, enums and maps

$RegTypeMap = @{ REG_DWORD = [Microsoft.Win32.RegistryValueKind]::DWord REG_SZ = [Microsoft.Win32.RegistryValueKind]::String REG_QWORD = [Microsoft.Win32.RegistryValueKind]::QWord REG_BINARY = [Microsoft.Win32.RegistryValueKind]::Binary REG_MULTI_SZ = [Microsoft.Win32.RegistryValueKind]::MultiString REG_EXPAND_SZ = [Microsoft.Win32.RegistryValueKind]::ExpandString }

endregion

region Create registry keys

$Output = "Something went wrong :-(" $Names = @() $ExitCode = 1 Foreach ($reg in $RegistrySettingsToValidate) {

$DesiredAction        = $reg.Action
$DesiredPath          = "$($reg.Hive)$($reg.Key)"
$DesiredName          = $reg.Name
$DesiredType          = $RegTypeMap[$reg.Type]
$DesiredValue         = $reg.Value

#Write-Host "Creating registry value: $DesiredPath | $DesiredName | $($reg.Type) | $DesiredValue" 

# Check if the Action is Delete
If ($DesiredAction -eq 'Delete') {
    Remove-ItemProperty -Path $DesiredPath -Name $DesiredName
    $Names += $DesiredName
} Else {

    If (-not (Test-Path -Path $DesiredPath)) {
        New-Item -Path $DesiredPath -Force | Out-Null
    }
    New-ItemProperty -Path $DesiredPath -Name $DesiredName -PropertyType $DesiredType -Value $DesiredValue -Force -ErrorAction SilentlyContinue | Out-Null
    $Names += $DesiredName
}

}

endregion

region Check if registry keys are set correctly

If ($Names.count -eq $RegistrySettingsToValidate.count) { $Output = "All OK | Registry values $($DesiredAction)d: $($Names -join ', ')" $ExitCode = 0 } else { $Output = "Something went wrong :-( | Registry values $($DesiredAction)d: $($Names -join ', ')" $ExitCode = 1 }

endregion

Write-Output $Output Exit $ExitCode `