Solved

Powershell script to modify registry keys to a OU in AD

Posted on 2011-09-09
15
775 Views
Last Modified: 2012-05-12
Hi Experts,

I am looking for a PowerShell and/or any other scripting methods to modify the following registry key:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Personal"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
  4c,00,45,00,25,00,5c,00,4d,00,79,00,20,00,44,00,6f,00,63,00,75,00,6d,00,65,\
  00,6e,00,74,00,73,00,00,00


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable"=dword:00000000


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable"=dword:00000000


Please let me know, How may I accomplished this task.  ( I am on a dead line ) your fast response will be appreciated.

Thanks,
0
Comment
Question by:Islandr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
  • 3
  • +1
15 Comments
 
LVL 49

Accepted Solution

by:
Akhater earned 250 total points
ID: 36515467
you can simply save the below in a .reg file and then run

regedit.exe /s file.reg
[Windows Registry Editor Version 5.00]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Personal"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
  4c,00,45,00,25,00,5c,00,4d,00,79,00,20,00,44,00,6f,00,63,00,75,00,6d,00,65,\
  00,6e,00,74,00,73,00,00,00


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable"=dword:00000000


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable"=dword:00000000

Open in new window

0
 
LVL 49

Expert Comment

by:Akhater
ID: 36515474
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 36516059
Another option you may have is to use Group Policy Preferences. Depending on how your permissions are set you may need two scripts or GPP, one for the user and one for the computer. Most of the time users do not have permissions to change HKLM settings.

So if your users do not have permissions to HKLM create one GPP for HKCU settigns and link to the OU the users are in and create another for HKLM and link to the OU the computers are in.

Here is a link for GPP and the regisrty settings.

http://technet.microsoft.com/en-us/library/cc771589.aspx


If you do not want to create two policies or scripts you could look into using loopback processing in a GPP linked to the computers OU.
0
Transaction Monitoring Vs. Real User Monitoring

Synthetic Transaction Monitoring Vs. Real User Monitoring: When To Use Each Approach? In this article, we will discuss two major monitoring approaches: Synthetic Transaction and Real User Monitoring.

 

Author Comment

by:Islandr
ID: 36516115
Akhater/KenMcF,

So, if I decide to run this using a PowerShell script against a list of computers, How may I accomplish this?
0
 
LVL 49

Expert Comment

by:Akhater
ID: 36516150
you create an OU and put all the computers in that OU then you follow one of the links to create a GPO to deploy the changes on that OU
0
 

Author Comment

by:Islandr
ID: 36518919
Akhater,

But script that you provided is not written on PS.
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 36518940
If you are looking to change these keys by running a script on a remote computer it will be difficult. Especially if you only want to change for certain users. The HKCU key is for the interactive user, if you want to change this key you will need to go through the HKU key and find the specific users hive. It would be easier to create a GPO and use a script or Preferences to change these keys. The problem you may run into though is users usually do not have the rights to change HKLM keys so you will need to link this GPO to the computers OU with using another script of GPP.
0
 

Author Comment

by:Islandr
ID: 36519601
KenMcF,

Which script type should I use?  The one above by Akhater? or which one do you recommend?
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 36519787
You could use either. I like to use GPP, i think it is easier to use than login scripts for this.
0
 

Author Comment

by:Islandr
ID: 36528646
Folks,

I did find in the Script Repository, partially what I am looking for, this script modify and change the HKCU value, below is the script:

# ------------------------------------------------------------------------
Param([switch]$get,[switch]$set)
Function Get-ExplorerSettings()
{
 $RegExplorer =  Get-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
"The Current Path for the Personal Key Value is $($RegExplorer.Personal)"
} #end Get-ExplorerSettings

Function Set-ExplorerSettings()
{
 $RegValues = @{
             "Personal" = "%USERPROFILE%\Documents" ;
                                    }
 $path = 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
 ForEach ($key in $RegValues.Keys)
  {
    Set-ItemProperty -path $path -name $key -value $RegValues[$key]
   "Setting $path $($key) to $($RegValues[$key])"
  }

} #end Set-ExplorerSettings
# *** Entry Point to script ***

if($get) { Get-ExplorerSettings }
if($set) { Set-ExplorerSettings }

The way to execute the script is by typing the following:

.\GetExplorersettings.ps1 -get
This will display the current value of the specific key in this case Personal  AND
.\GetExplorersettings.ps1 -get -set
This will query the current value and set the one specified in the script.  Now the real question is HOW DO I RUN THIS SCRIPT AGAINST AN OU IN AD? I found a piece of information that might be able to help us, but I do not know how to put it together, I am going to insert below a few lines of codes and see if anyone of you could help me integrating the whole script together:

$objOU = [ADSI]"LDAP://OU=Workstations,DC=fabrikam,DC=com"
$colItems = $objOU.psbase.children

$colItems | ForEach-Object
{
    if ($_.objectCategory -eq "CN=Computer,CN=Schema,CN=Configuration,DC=fabrikam,DC=com")
        {Get-WMIObject Win32_BIOS -computername $_.Name}
}

The code above looks for BIOS information in a specific OU in AD.

The next piece of code will work against all the Computers in AD:

$strFilter = "computer"
 
$objDomain = New-Object System.DirectoryServices.DirectoryEntry
 
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = "LDAP://OU= Workstations,DC=fabrikam,DC=com"
$objSearcher.SearchScope = "Base"
$objSearcher.PageSize = 1000

$objSearcher.Filter = "(objectCategory=$strFilter)"
$colResults = $objSearcher.FindAll()

foreach ($i in $colResults)
    {
        $objComputer = $i.GetDirectoryEntry()
        Get-WMIObject Win32_BIOS -computername $objComputer.Name
    }

But we can always modify this line:
$objSearch.SearchRoot = "LDAP://OU= Workstations,DC=fabrikam,DC=com"

And finally, this will run against a computer list in this case Excel spreadsheet:

$a = New-Object -comobject Excel.Application

$a.Visible = $True

$b = $a.Workbooks.Open("C:\Scripts\Test.xls")
$c = $b.Worksheets.Item(1)

$i = 1

do
    {
        $d = $c.Cells.Item($i,1).Value()
        if ($d -ne $null)
            {Get-WMIObject Win32_BIOS -computername $d}
        $i++
    }
while ($d -ne $null)

Again, I need assistance putting the script together in one piece, with all the information that provided, please let me know how can we accomplish this.

Thanks,
0
 
LVL 42

Assisted Solution

by:kevinhsieh
kevinhsieh earned 250 total points
ID: 36571006
You can use a single GPO to apply the settings to both the user and the computer. You will need to to apply to both the OUs containing the PCs and the OUs containing the users. Using Group Policy Preferences, the changes will happen the next time that the group policies get applied or refreshed, which is better than making everyone reboot.

Follow the instructions in the link below.
http://technet.microsoft.com/en-us/library/cc753092.aspx
0
 

Author Comment

by:Islandr
ID: 36950139
None of the answers worked maybe because of the security restrictions on my environment.
0
 

Author Closing Comment

by:Islandr
ID: 36950157
None the ansers worked for me, maybe becaus the security restrictions on my environment.
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
With User Account Control (UAC) enabled in Windows 7, one needs to open an elevated Command Prompt in order to run scripts under administrative privileges. Although the elevated Command Prompt accomplishes the task, the question How to run as script…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Six Sigma Control Plans

689 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question