Add a value to a multi_sz key with powershell

HPatzen
HPatzen used Ask the Experts™
on
Hi everyone,

I'm trying to make a powershell script which adds a value to a multi_sz key in the registry but I can't get it to work correctly.

Here's the code:
$windowsversion = (Get-Item "HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion").GetValue("ProductName")
$value1 = "Security Packages"
$value2 = "SecurityProviders"
$NLAPath = "HKLM:\SYSTEM\CurrentControlSet\Control"

if ($windowsversion -like "Windows XP*") {
$SecurityPackagesNoNLA1 = (Get-ItemProperty $NLAPath\Lsa $value1).$value1
Set-ItemProperty $NLAPath\Lsa $value ($SecurityPackagesNoNLA1,"tspkg")
$SecurityPackagesNoNLA2 = (Get-ItemProperty $NLAPath\SecurityProviders $value2).$value2
Set-ItemProperty $NLAPath\SecurityProviders $value2 ($SecurityPackagesNoNLA2,"credssp.dll")
}

Open in new window


Problem is that $SecurityPackagesNoNLA1 is an array but when I do "Set-ItemProperty" it get's converted to a string, which is no good.

Would be great if someone could help me out here. :)

Cheers
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
you gotta specify MultiString type
Set-ItemProperty $NLAPath\Lsa -value $SecurityPackagesNoNLA1\ -propertyType multistring
or try

New-ItemProperty $NLAPath\Lsa -value $SecurityPackagesNoNLA1\ -propertyType multistring

if the property does not already exist
Expert Spotlight: Joe Anderson (DatabaseMX)

We’ve posted a new Expert Spotlight!  Joe Anderson (DatabaseMX) has been on Experts Exchange since 2006. Learn more about this database architect, guitar aficionado, and Microsoft MVP.

Author

Commented:
Thank you for your answer, but that isn't actually what i want.

What I want is to write the array into the registry (Multi_SZ property) as an array and not a string.

Btw. for "Set-ItemProperty" there's no parameter -propertyType just -Type but that didn't help.

Kind regards
MultiString will create an array entry in the registry

Example:

Set-itemProperty $NLAPath\Lsa   -value "value1", "value2", "value3" -type MultiString
this worked for me, just try it:

 
Set-itemProperty "Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control" -name "tspkg" -value "value1", "value2", "value3" -type MultiString

Open in new window

Author

Commented:
Thank you.

My problem is not that it doesn't work.

If you look at the code:
$SecurityPackagesNoNLA1 = (Get-ItemProperty $NLAPath\Lsa $value1).$value1
Set-ItemProperty $NLAPath\Lsa $value ($SecurityPackagesNoNLA1,"tspkg")

Open in new window


The first line get's the current values of that property and saves it into $SecurityPackagesNoNLA1 as an array.
The second lines writes the value back and add's "tspkg". But $SecurityPackagesNoNLA1 gets written back as a string and not an array.

So in the end I have the value written as:
$SecurityPackagesNoNLA1
tspkg

and not as:
$SecurityPackagesNoNLA1[0]
$SecurityPackagesNoNLA1[1]
$SecurityPackagesNoNLA1[2]
$SecurityPackagesNoNLA1[3]
$SecurityPackagesNoNLA1[4]
$SecurityPackagesNoNLA1[n]
tspkg

Hope this clears this up.
But that's how an array is stored in the registry

tspkg    REG_MULTI_SZ "val1" "val2" "val3"

Wait, so tspkg is a value you want to ADD to your array?

I thought of tspkg as a name for the registry key you want to add
if that's the case, try

 
$SecurityPackagesNoNLA1 = (Get-ItemProperty $NLAPath\Lsa $value1).$value1
$SecurityPackagesNoNLA1= $SecurityPackagesNoNLA1 + "tspkg"

Set-itemProperty "Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control" -name "Lsa" -value $SecurityPackagesNoNLA1 -type MultiString

Open in new window

Author

Commented:
Thank you ! That's exactly what I needed! :)

Here's the full working code:
$windowsversion = (Get-Item "HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion").GetValue("ProductName")
$SecPack = "Security Packages"
$SecProv = "SecurityProviders"
$NLAPath = "HKLM:\SYSTEM\CurrentControlSet\Control"

if ($windowsversion -like "Windows XP*") {
    $SecPackNoNLA = (Get-ItemProperty $NLAPath\Lsa $SecPack).$SecPack
    $SecPackNoNLA = $SecPackNoNLA + "tspkg"
    Set-itemProperty $NLAPath\Lsa $SecPack -value $SecPackNoNLA -type MultiString
    
    $SecProvNotExist = Get-ItemProperty $NLAPath\SecurityProviders
    if ($SecProvNotExist) {
        $SecProvNoNLA = (Get-ItemProperty $NLAPath\SecurityProviders $SecProv).$SecProv
    } else {
        $SecProvNoNLA = $NULL
    }
            
    if (!$SecProvNoNLA) {
        Set-ItemProperty $NLAPath\SecurityProviders $SecProv ("credssp.dll")
    } else {
        Set-ItemProperty $NLAPath\SecurityProviders $SecProv ("$SecProvNoNLA,credssp.dll")
    }
}

Open in new window


If you're wondering what I use this code for here's the link: http://support.microsoft.com/kb/951608
I just put this into my logonscript and NLA is activated on all the XP machines. You just need to set the "ExecutionPolicy" to "RemoteSigned" with a reg import and your good to go.

Anyway thank you very much YZlat!

Maybe you could repost the code so I can give you full points for the solution? (Had to tweak the last line a little bit.)

Cheers


Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial