Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 783
  • Last Modified:

Powershell script to modify registry keys to a OU in AD

Hi Experts,

I am looking for a PowerShell and/or any other scripting methods to modify the following registry key:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Personal"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
  4c,00,45,00,25,00,5c,00,4d,00,79,00,20,00,44,00,6f,00,63,00,75,00,6d,00,65,\
  00,6e,00,74,00,73,00,00,00


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable"=dword:00000000


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable"=dword:00000000


Please let me know, How may I accomplished this task.  ( I am on a dead line ) your fast response will be appreciated.

Thanks,
0
Islandr
Asked:
Islandr
  • 6
  • 3
  • 3
  • +1
2 Solutions
 
AkhaterCommented:
you can simply save the below in a .reg file and then run

regedit.exe /s file.reg
[Windows Registry Editor Version 5.00]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Personal"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
  4c,00,45,00,25,00,5c,00,4d,00,79,00,20,00,44,00,6f,00,63,00,75,00,6d,00,65,\
  00,6e,00,74,00,73,00,00,00


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable"=dword:00000000


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable"=dword:00000000

Open in new window

0
 
AkhaterCommented:
0
 
KenMcFCommented:
Another option you may have is to use Group Policy Preferences. Depending on how your permissions are set you may need two scripts or GPP, one for the user and one for the computer. Most of the time users do not have permissions to change HKLM settings.

So if your users do not have permissions to HKLM create one GPP for HKCU settigns and link to the OU the users are in and create another for HKLM and link to the OU the computers are in.

Here is a link for GPP and the regisrty settings.

http://technet.microsoft.com/en-us/library/cc771589.aspx


If you do not want to create two policies or scripts you could look into using loopback processing in a GPP linked to the computers OU.
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
IslandrAuthor Commented:
Akhater/KenMcF,

So, if I decide to run this using a PowerShell script against a list of computers, How may I accomplish this?
0
 
AkhaterCommented:
you create an OU and put all the computers in that OU then you follow one of the links to create a GPO to deploy the changes on that OU
0
 
IslandrAuthor Commented:
Akhater,

But script that you provided is not written on PS.
0
 
KenMcFCommented:
If you are looking to change these keys by running a script on a remote computer it will be difficult. Especially if you only want to change for certain users. The HKCU key is for the interactive user, if you want to change this key you will need to go through the HKU key and find the specific users hive. It would be easier to create a GPO and use a script or Preferences to change these keys. The problem you may run into though is users usually do not have the rights to change HKLM keys so you will need to link this GPO to the computers OU with using another script of GPP.
0
 
IslandrAuthor Commented:
KenMcF,

Which script type should I use?  The one above by Akhater? or which one do you recommend?
0
 
KenMcFCommented:
You could use either. I like to use GPP, i think it is easier to use than login scripts for this.
0
 
IslandrAuthor Commented:
Folks,

I did find in the Script Repository, partially what I am looking for, this script modify and change the HKCU value, below is the script:

# ------------------------------------------------------------------------
Param([switch]$get,[switch]$set)
Function Get-ExplorerSettings()
{
 $RegExplorer =  Get-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
"The Current Path for the Personal Key Value is $($RegExplorer.Personal)"
} #end Get-ExplorerSettings

Function Set-ExplorerSettings()
{
 $RegValues = @{
             "Personal" = "%USERPROFILE%\Documents" ;
                                    }
 $path = 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
 ForEach ($key in $RegValues.Keys)
  {
    Set-ItemProperty -path $path -name $key -value $RegValues[$key]
   "Setting $path $($key) to $($RegValues[$key])"
  }

} #end Set-ExplorerSettings
# *** Entry Point to script ***

if($get) { Get-ExplorerSettings }
if($set) { Set-ExplorerSettings }

The way to execute the script is by typing the following:

.\GetExplorersettings.ps1 -get
This will display the current value of the specific key in this case Personal  AND
.\GetExplorersettings.ps1 -get -set
This will query the current value and set the one specified in the script.  Now the real question is HOW DO I RUN THIS SCRIPT AGAINST AN OU IN AD? I found a piece of information that might be able to help us, but I do not know how to put it together, I am going to insert below a few lines of codes and see if anyone of you could help me integrating the whole script together:

$objOU = [ADSI]"LDAP://OU=Workstations,DC=fabrikam,DC=com"
$colItems = $objOU.psbase.children

$colItems | ForEach-Object
{
    if ($_.objectCategory -eq "CN=Computer,CN=Schema,CN=Configuration,DC=fabrikam,DC=com")
        {Get-WMIObject Win32_BIOS -computername $_.Name}
}

The code above looks for BIOS information in a specific OU in AD.

The next piece of code will work against all the Computers in AD:

$strFilter = "computer"
 
$objDomain = New-Object System.DirectoryServices.DirectoryEntry
 
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = "LDAP://OU= Workstations,DC=fabrikam,DC=com"
$objSearcher.SearchScope = "Base"
$objSearcher.PageSize = 1000

$objSearcher.Filter = "(objectCategory=$strFilter)"
$colResults = $objSearcher.FindAll()

foreach ($i in $colResults)
    {
        $objComputer = $i.GetDirectoryEntry()
        Get-WMIObject Win32_BIOS -computername $objComputer.Name
    }

But we can always modify this line:
$objSearch.SearchRoot = "LDAP://OU= Workstations,DC=fabrikam,DC=com"

And finally, this will run against a computer list in this case Excel spreadsheet:

$a = New-Object -comobject Excel.Application

$a.Visible = $True

$b = $a.Workbooks.Open("C:\Scripts\Test.xls")
$c = $b.Worksheets.Item(1)

$i = 1

do
    {
        $d = $c.Cells.Item($i,1).Value()
        if ($d -ne $null)
            {Get-WMIObject Win32_BIOS -computername $d}
        $i++
    }
while ($d -ne $null)

Again, I need assistance putting the script together in one piece, with all the information that provided, please let me know how can we accomplish this.

Thanks,
0
 
kevinhsiehCommented:
You can use a single GPO to apply the settings to both the user and the computer. You will need to to apply to both the OUs containing the PCs and the OUs containing the users. Using Group Policy Preferences, the changes will happen the next time that the group policies get applied or refreshed, which is better than making everyone reboot.

Follow the instructions in the link below.
http://technet.microsoft.com/en-us/library/cc753092.aspx
0
 
IslandrAuthor Commented:
None of the answers worked maybe because of the security restrictions on my environment.
0
 
IslandrAuthor Commented:
None the ansers worked for me, maybe becaus the security restrictions on my environment.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 6
  • 3
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now