[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4769
  • Last Modified:

Add a value to a multi_sz key with powershell

Hi everyone,

I'm trying to make a powershell script which adds a value to a multi_sz key in the registry but I can't get it to work correctly.

Here's the code:
$windowsversion = (Get-Item "HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion").GetValue("ProductName")
$value1 = "Security Packages"
$value2 = "SecurityProviders"
$NLAPath = "HKLM:\SYSTEM\CurrentControlSet\Control"

if ($windowsversion -like "Windows XP*") {
$SecurityPackagesNoNLA1 = (Get-ItemProperty $NLAPath\Lsa $value1).$value1
Set-ItemProperty $NLAPath\Lsa $value ($SecurityPackagesNoNLA1,"tspkg")
$SecurityPackagesNoNLA2 = (Get-ItemProperty $NLAPath\SecurityProviders $value2).$value2
Set-ItemProperty $NLAPath\SecurityProviders $value2 ($SecurityPackagesNoNLA2,"credssp.dll")
}

Open in new window


Problem is that $SecurityPackagesNoNLA1 is an array but when I do "Set-ItemProperty" it get's converted to a string, which is no good.

Would be great if someone could help me out here. :)

Cheers
0
HPatzen
Asked:
HPatzen
  • 8
  • 3
1 Solution
 
YZlatCommented:
you gotta specify MultiString type
0
 
YZlatCommented:
Set-ItemProperty $NLAPath\Lsa -value $SecurityPackagesNoNLA1\ -propertyType multistring
0
 
YZlatCommented:
or try

New-ItemProperty $NLAPath\Lsa -value $SecurityPackagesNoNLA1\ -propertyType multistring

if the property does not already exist
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
HPatzenAuthor Commented:
Thank you for your answer, but that isn't actually what i want.

What I want is to write the array into the registry (Multi_SZ property) as an array and not a string.

Btw. for "Set-ItemProperty" there's no parameter -propertyType just -Type but that didn't help.

Kind regards
0
 
YZlatCommented:
MultiString will create an array entry in the registry

Example:

Set-itemProperty $NLAPath\Lsa   -value "value1", "value2", "value3" -type MultiString
0
 
YZlatCommented:
this worked for me, just try it:

 
Set-itemProperty "Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control" -name "tspkg" -value "value1", "value2", "value3" -type MultiString

Open in new window

0
 
HPatzenAuthor Commented:
Thank you.

My problem is not that it doesn't work.

If you look at the code:
$SecurityPackagesNoNLA1 = (Get-ItemProperty $NLAPath\Lsa $value1).$value1
Set-ItemProperty $NLAPath\Lsa $value ($SecurityPackagesNoNLA1,"tspkg")

Open in new window


The first line get's the current values of that property and saves it into $SecurityPackagesNoNLA1 as an array.
The second lines writes the value back and add's "tspkg". But $SecurityPackagesNoNLA1 gets written back as a string and not an array.

So in the end I have the value written as:
$SecurityPackagesNoNLA1
tspkg

and not as:
$SecurityPackagesNoNLA1[0]
$SecurityPackagesNoNLA1[1]
$SecurityPackagesNoNLA1[2]
$SecurityPackagesNoNLA1[3]
$SecurityPackagesNoNLA1[4]
$SecurityPackagesNoNLA1[n]
tspkg

Hope this clears this up.
0
 
YZlatCommented:
But that's how an array is stored in the registry

tspkg    REG_MULTI_SZ "val1" "val2" "val3"
0
 
YZlatCommented:

Wait, so tspkg is a value you want to ADD to your array?

I thought of tspkg as a name for the registry key you want to add
0
 
YZlatCommented:
if that's the case, try

 
$SecurityPackagesNoNLA1 = (Get-ItemProperty $NLAPath\Lsa $value1).$value1
$SecurityPackagesNoNLA1= $SecurityPackagesNoNLA1 + "tspkg"

Set-itemProperty "Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control" -name "Lsa" -value $SecurityPackagesNoNLA1 -type MultiString

Open in new window

0
 
HPatzenAuthor Commented:
Thank you ! That's exactly what I needed! :)

Here's the full working code:
$windowsversion = (Get-Item "HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion").GetValue("ProductName")
$SecPack = "Security Packages"
$SecProv = "SecurityProviders"
$NLAPath = "HKLM:\SYSTEM\CurrentControlSet\Control"

if ($windowsversion -like "Windows XP*") {
    $SecPackNoNLA = (Get-ItemProperty $NLAPath\Lsa $SecPack).$SecPack
    $SecPackNoNLA = $SecPackNoNLA + "tspkg"
    Set-itemProperty $NLAPath\Lsa $SecPack -value $SecPackNoNLA -type MultiString
    
    $SecProvNotExist = Get-ItemProperty $NLAPath\SecurityProviders
    if ($SecProvNotExist) {
        $SecProvNoNLA = (Get-ItemProperty $NLAPath\SecurityProviders $SecProv).$SecProv
    } else {
        $SecProvNoNLA = $NULL
    }
            
    if (!$SecProvNoNLA) {
        Set-ItemProperty $NLAPath\SecurityProviders $SecProv ("credssp.dll")
    } else {
        Set-ItemProperty $NLAPath\SecurityProviders $SecProv ("$SecProvNoNLA,credssp.dll")
    }
}

Open in new window


If you're wondering what I use this code for here's the link: http://support.microsoft.com/kb/951608
I just put this into my logonscript and NLA is activated on all the XP machines. You just need to set the "ExecutionPolicy" to "RemoteSigned" with a reg import and your good to go.

Anyway thank you very much YZlat!

Maybe you could repost the code so I can give you full points for the solution? (Had to tweak the last line a little bit.)

Cheers


0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 8
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now