?
Solved

Powershell script to modify registry keys to a OU in AD

Posted on 2011-09-09
15
Medium Priority
?
776 Views
Last Modified: 2012-05-12
Hi Experts,

I am looking for a PowerShell and/or any other scripting methods to modify the following registry key:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Personal"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
  4c,00,45,00,25,00,5c,00,4d,00,79,00,20,00,44,00,6f,00,63,00,75,00,6d,00,65,\
  00,6e,00,74,00,73,00,00,00


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable"=dword:00000000


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable"=dword:00000000


Please let me know, How may I accomplished this task.  ( I am on a dead line ) your fast response will be appreciated.

Thanks,
0
Comment
Question by:Islandr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
  • 3
  • +1
15 Comments
 
LVL 49

Accepted Solution

by:
Akhater earned 750 total points
ID: 36515467
you can simply save the below in a .reg file and then run

regedit.exe /s file.reg
[Windows Registry Editor Version 5.00]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Personal"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
  4c,00,45,00,25,00,5c,00,4d,00,79,00,20,00,44,00,6f,00,63,00,75,00,6d,00,65,\
  00,6e,00,74,00,73,00,00,00


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable"=dword:00000000


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable"=dword:00000000

Open in new window

0
 
LVL 49

Expert Comment

by:Akhater
ID: 36515474
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 36516059
Another option you may have is to use Group Policy Preferences. Depending on how your permissions are set you may need two scripts or GPP, one for the user and one for the computer. Most of the time users do not have permissions to change HKLM settings.

So if your users do not have permissions to HKLM create one GPP for HKCU settigns and link to the OU the users are in and create another for HKLM and link to the OU the computers are in.

Here is a link for GPP and the regisrty settings.

http://technet.microsoft.com/en-us/library/cc771589.aspx


If you do not want to create two policies or scripts you could look into using loopback processing in a GPP linked to the computers OU.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 

Author Comment

by:Islandr
ID: 36516115
Akhater/KenMcF,

So, if I decide to run this using a PowerShell script against a list of computers, How may I accomplish this?
0
 
LVL 49

Expert Comment

by:Akhater
ID: 36516150
you create an OU and put all the computers in that OU then you follow one of the links to create a GPO to deploy the changes on that OU
0
 

Author Comment

by:Islandr
ID: 36518919
Akhater,

But script that you provided is not written on PS.
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 36518940
If you are looking to change these keys by running a script on a remote computer it will be difficult. Especially if you only want to change for certain users. The HKCU key is for the interactive user, if you want to change this key you will need to go through the HKU key and find the specific users hive. It would be easier to create a GPO and use a script or Preferences to change these keys. The problem you may run into though is users usually do not have the rights to change HKLM keys so you will need to link this GPO to the computers OU with using another script of GPP.
0
 

Author Comment

by:Islandr
ID: 36519601
KenMcF,

Which script type should I use?  The one above by Akhater? or which one do you recommend?
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 36519787
You could use either. I like to use GPP, i think it is easier to use than login scripts for this.
0
 

Author Comment

by:Islandr
ID: 36528646
Folks,

I did find in the Script Repository, partially what I am looking for, this script modify and change the HKCU value, below is the script:

# ------------------------------------------------------------------------
Param([switch]$get,[switch]$set)
Function Get-ExplorerSettings()
{
 $RegExplorer =  Get-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
"The Current Path for the Personal Key Value is $($RegExplorer.Personal)"
} #end Get-ExplorerSettings

Function Set-ExplorerSettings()
{
 $RegValues = @{
             "Personal" = "%USERPROFILE%\Documents" ;
                                    }
 $path = 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
 ForEach ($key in $RegValues.Keys)
  {
    Set-ItemProperty -path $path -name $key -value $RegValues[$key]
   "Setting $path $($key) to $($RegValues[$key])"
  }

} #end Set-ExplorerSettings
# *** Entry Point to script ***

if($get) { Get-ExplorerSettings }
if($set) { Set-ExplorerSettings }

The way to execute the script is by typing the following:

.\GetExplorersettings.ps1 -get
This will display the current value of the specific key in this case Personal  AND
.\GetExplorersettings.ps1 -get -set
This will query the current value and set the one specified in the script.  Now the real question is HOW DO I RUN THIS SCRIPT AGAINST AN OU IN AD? I found a piece of information that might be able to help us, but I do not know how to put it together, I am going to insert below a few lines of codes and see if anyone of you could help me integrating the whole script together:

$objOU = [ADSI]"LDAP://OU=Workstations,DC=fabrikam,DC=com"
$colItems = $objOU.psbase.children

$colItems | ForEach-Object
{
    if ($_.objectCategory -eq "CN=Computer,CN=Schema,CN=Configuration,DC=fabrikam,DC=com")
        {Get-WMIObject Win32_BIOS -computername $_.Name}
}

The code above looks for BIOS information in a specific OU in AD.

The next piece of code will work against all the Computers in AD:

$strFilter = "computer"
 
$objDomain = New-Object System.DirectoryServices.DirectoryEntry
 
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = "LDAP://OU= Workstations,DC=fabrikam,DC=com"
$objSearcher.SearchScope = "Base"
$objSearcher.PageSize = 1000

$objSearcher.Filter = "(objectCategory=$strFilter)"
$colResults = $objSearcher.FindAll()

foreach ($i in $colResults)
    {
        $objComputer = $i.GetDirectoryEntry()
        Get-WMIObject Win32_BIOS -computername $objComputer.Name
    }

But we can always modify this line:
$objSearch.SearchRoot = "LDAP://OU= Workstations,DC=fabrikam,DC=com"

And finally, this will run against a computer list in this case Excel spreadsheet:

$a = New-Object -comobject Excel.Application

$a.Visible = $True

$b = $a.Workbooks.Open("C:\Scripts\Test.xls")
$c = $b.Worksheets.Item(1)

$i = 1

do
    {
        $d = $c.Cells.Item($i,1).Value()
        if ($d -ne $null)
            {Get-WMIObject Win32_BIOS -computername $d}
        $i++
    }
while ($d -ne $null)

Again, I need assistance putting the script together in one piece, with all the information that provided, please let me know how can we accomplish this.

Thanks,
0
 
LVL 42

Assisted Solution

by:kevinhsieh
kevinhsieh earned 750 total points
ID: 36571006
You can use a single GPO to apply the settings to both the user and the computer. You will need to to apply to both the OUs containing the PCs and the OUs containing the users. Using Group Policy Preferences, the changes will happen the next time that the group policies get applied or refreshed, which is better than making everyone reboot.

Follow the instructions in the link below.
http://technet.microsoft.com/en-us/library/cc753092.aspx
0
 

Author Comment

by:Islandr
ID: 36950139
None of the answers worked maybe because of the security restrictions on my environment.
0
 

Author Closing Comment

by:Islandr
ID: 36950157
None the ansers worked for me, maybe becaus the security restrictions on my environment.
0

Featured Post

Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Make the most of your online learning experience.
Starting up a Project
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question