Solved

Powershell script to modify registry keys to a OU in AD

Posted on 2011-09-09
15
758 Views
Last Modified: 2012-05-12
Hi Experts,

I am looking for a PowerShell and/or any other scripting methods to modify the following registry key:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Personal"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
  4c,00,45,00,25,00,5c,00,4d,00,79,00,20,00,44,00,6f,00,63,00,75,00,6d,00,65,\
  00,6e,00,74,00,73,00,00,00


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable"=dword:00000000


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable"=dword:00000000


Please let me know, How may I accomplished this task.  ( I am on a dead line ) your fast response will be appreciated.

Thanks,
0
Comment
Question by:Islandr
  • 6
  • 3
  • 3
  • +1
15 Comments
 
LVL 49

Accepted Solution

by:
Akhater earned 250 total points
ID: 36515467
you can simply save the below in a .reg file and then run

regedit.exe /s file.reg
[Windows Registry Editor Version 5.00]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Personal"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
  4c,00,45,00,25,00,5c,00,4d,00,79,00,20,00,44,00,6f,00,63,00,75,00,6d,00,65,\
  00,6e,00,74,00,73,00,00,00


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable"=dword:00000000


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable"=dword:00000000

Open in new window

0
 
LVL 49

Expert Comment

by:Akhater
ID: 36515474
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 36516059
Another option you may have is to use Group Policy Preferences. Depending on how your permissions are set you may need two scripts or GPP, one for the user and one for the computer. Most of the time users do not have permissions to change HKLM settings.

So if your users do not have permissions to HKLM create one GPP for HKCU settigns and link to the OU the users are in and create another for HKLM and link to the OU the computers are in.

Here is a link for GPP and the regisrty settings.

http://technet.microsoft.com/en-us/library/cc771589.aspx


If you do not want to create two policies or scripts you could look into using loopback processing in a GPP linked to the computers OU.
0
 

Author Comment

by:Islandr
ID: 36516115
Akhater/KenMcF,

So, if I decide to run this using a PowerShell script against a list of computers, How may I accomplish this?
0
 
LVL 49

Expert Comment

by:Akhater
ID: 36516150
you create an OU and put all the computers in that OU then you follow one of the links to create a GPO to deploy the changes on that OU
0
 

Author Comment

by:Islandr
ID: 36518919
Akhater,

But script that you provided is not written on PS.
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 27

Expert Comment

by:KenMcF
ID: 36518940
If you are looking to change these keys by running a script on a remote computer it will be difficult. Especially if you only want to change for certain users. The HKCU key is for the interactive user, if you want to change this key you will need to go through the HKU key and find the specific users hive. It would be easier to create a GPO and use a script or Preferences to change these keys. The problem you may run into though is users usually do not have the rights to change HKLM keys so you will need to link this GPO to the computers OU with using another script of GPP.
0
 

Author Comment

by:Islandr
ID: 36519601
KenMcF,

Which script type should I use?  The one above by Akhater? or which one do you recommend?
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 36519787
You could use either. I like to use GPP, i think it is easier to use than login scripts for this.
0
 

Author Comment

by:Islandr
ID: 36528646
Folks,

I did find in the Script Repository, partially what I am looking for, this script modify and change the HKCU value, below is the script:

# ------------------------------------------------------------------------
Param([switch]$get,[switch]$set)
Function Get-ExplorerSettings()
{
 $RegExplorer =  Get-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
"The Current Path for the Personal Key Value is $($RegExplorer.Personal)"
} #end Get-ExplorerSettings

Function Set-ExplorerSettings()
{
 $RegValues = @{
             "Personal" = "%USERPROFILE%\Documents" ;
                                    }
 $path = 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
 ForEach ($key in $RegValues.Keys)
  {
    Set-ItemProperty -path $path -name $key -value $RegValues[$key]
   "Setting $path $($key) to $($RegValues[$key])"
  }

} #end Set-ExplorerSettings
# *** Entry Point to script ***

if($get) { Get-ExplorerSettings }
if($set) { Set-ExplorerSettings }

The way to execute the script is by typing the following:

.\GetExplorersettings.ps1 -get
This will display the current value of the specific key in this case Personal  AND
.\GetExplorersettings.ps1 -get -set
This will query the current value and set the one specified in the script.  Now the real question is HOW DO I RUN THIS SCRIPT AGAINST AN OU IN AD? I found a piece of information that might be able to help us, but I do not know how to put it together, I am going to insert below a few lines of codes and see if anyone of you could help me integrating the whole script together:

$objOU = [ADSI]"LDAP://OU=Workstations,DC=fabrikam,DC=com"
$colItems = $objOU.psbase.children

$colItems | ForEach-Object
{
    if ($_.objectCategory -eq "CN=Computer,CN=Schema,CN=Configuration,DC=fabrikam,DC=com")
        {Get-WMIObject Win32_BIOS -computername $_.Name}
}

The code above looks for BIOS information in a specific OU in AD.

The next piece of code will work against all the Computers in AD:

$strFilter = "computer"
 
$objDomain = New-Object System.DirectoryServices.DirectoryEntry
 
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = "LDAP://OU= Workstations,DC=fabrikam,DC=com"
$objSearcher.SearchScope = "Base"
$objSearcher.PageSize = 1000

$objSearcher.Filter = "(objectCategory=$strFilter)"
$colResults = $objSearcher.FindAll()

foreach ($i in $colResults)
    {
        $objComputer = $i.GetDirectoryEntry()
        Get-WMIObject Win32_BIOS -computername $objComputer.Name
    }

But we can always modify this line:
$objSearch.SearchRoot = "LDAP://OU= Workstations,DC=fabrikam,DC=com"

And finally, this will run against a computer list in this case Excel spreadsheet:

$a = New-Object -comobject Excel.Application

$a.Visible = $True

$b = $a.Workbooks.Open("C:\Scripts\Test.xls")
$c = $b.Worksheets.Item(1)

$i = 1

do
    {
        $d = $c.Cells.Item($i,1).Value()
        if ($d -ne $null)
            {Get-WMIObject Win32_BIOS -computername $d}
        $i++
    }
while ($d -ne $null)

Again, I need assistance putting the script together in one piece, with all the information that provided, please let me know how can we accomplish this.

Thanks,
0
 
LVL 42

Assisted Solution

by:kevinhsieh
kevinhsieh earned 250 total points
ID: 36571006
You can use a single GPO to apply the settings to both the user and the computer. You will need to to apply to both the OUs containing the PCs and the OUs containing the users. Using Group Policy Preferences, the changes will happen the next time that the group policies get applied or refreshed, which is better than making everyone reboot.

Follow the instructions in the link below.
http://technet.microsoft.com/en-us/library/cc753092.aspx
0
 

Author Comment

by:Islandr
ID: 36950139
None of the answers worked maybe because of the security restrictions on my environment.
0
 

Author Closing Comment

by:Islandr
ID: 36950157
None the ansers worked for me, maybe becaus the security restrictions on my environment.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Active Directory replication delay is the cause to many problems.  Here is a super easy script to force Active Directory replication to all sites with by using an elevated PowerShell command prompt, and a tool to verify your changes.
Synchronize a new Active Directory domain with an existing Office 365 tenant
Viewers will learn how to properly install Eclipse with the necessary JDK, and will take a look at an introductory Java program. Download Eclipse installation zip file: Extract files from zip file: Download and install JDK 8: Open Eclipse and …
In this fourth video of the Xpdf series, we discuss and demonstrate the PDFinfo utility, which retrieves the contents of a PDF's Info Dictionary, as well as some other information, including the page count. We show how to isolate the page count in a…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now