• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1032
  • Last Modified:

Powershell registry compare

Hi I hope to have someone help me out as I really need this.

I need to have this code check the registry and then report back a value.  I know there has to be a better way to do this that would be more streamlined.  I have an excel spreadsheet with the Values, names and Keys so maybe there is a way to import them on the fly and put them in a hash table or array.. Any help would be greatly appreciated

Here is the code that I have currently:
$tabName = "LocalGPO"

#Define Variables
$e = "1"
$d = "0"

#Functions
function Get-RegistryValue($key, $value) {    (Get-ItemProperty $key $value).$value}

#Create Table object
$table = New-Object system.Data.DataTable “$tabName”

#Define Columns
$col1 = New-Object system.Data.DataColumn Policy,([string])
$col2 = New-Object system.Data.DataColumn Recommended,([string])
$col3 = New-Object system.Data.DataColumn Current,([string])

#Add the Columns
$table.columns.add($col1)
$table.columns.add($col2)
$table.columns.add($col3)


#Create a row
$row = $table.NewRow()

#Enter data in the row
$row.Policy = "Accounts: Limit local account use of blank passwords to console logon only   " 
$row.Recommended = $e
$row.Current = Get-RegistryValue 'HKLM:\System\CurrentControlSet\Control\Lsa' LimitBlankPasswordUse
 

#Add the row to the table
$table.Rows.Add($row)

#Create a row
$row = $table.NewRow()

#Enter data in the row
$row.Policy = "Audit: Audit the accesss of global system objects   " 
$row.Recommended = "$d"
$row.Current = Get-RegistryValue 'HKLM:\System\CurrentControlSet\Control\Lsa\' AuditBaseObjects

#Add the row to the table
$table.Rows.Add($row)

#Create a row
$row = $table.NewRow()

#Enter data in the row
$row.Policy = "Audit: Audit the use of Backup and Restore privilege   " 
$row.Recommended = "$d"
$row.Current = Get-RegistryValue 'HKLM:\System\CurrentControlSet\Control\Lsa\' FullPrivilegeAuditing

#Add the row to the table
$table.Rows.Add($row)

#Create a row
$row = $table.NewRow()

#Enter data in the row
$row.Policy = "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings   " 
$row.Recommended = "$e"
$row.Current = Get-RegistryValue 'HKLM:\System\CurrentControlSet\Control\Lsa\' SCENoApplyLegacyAuditPolicy

#Add the row to the table
$table.Rows.Add($row)

#Display the table
$table | format-table -AutoSize 

Open in new window


Regards,
Erica
0
Diazer
Asked:
Diazer
  • 9
  • 5
  • 3
2 Solutions
 
Carlo-GiulianiCommented:
I would do this by first creating a CSV file containing something like this:

"Key", "Value","Recommended","Acual"
"HKLM:\System\CurrentControlSet\Control\Lsa","LimitBlankPasswordUse,"0",""
"HKLM:\System\CurrentControlSet\Control\Lsa\","AuditBaseObjects","0",""

Open in new window


The you can run a very simple script like this:
$Table = Import-csv c:\temp\registry.csv 
Foreach ($row in $table) {  $row.Actual = Get-RegistryValue $row.Key $row.Value }
$table| Format-Table # This line will dispaly the table contents
$table | export-csv c:\temp\registry.csv # This line will rewrite the CSV file

Open in new window


Note that I have not tested this code...I just typed it out right now, so there may be typos/bugs.  But I can promise you this method will work.  

You can use Excel (or similar program) to create/edit the CSV file.
0
 
QlemoDeveloperCommented:
Carlo-Giuliani,

That is pretty smart! Using a CSV "template" and fill it is very simple, reliable and easy to manage.


Diazer,

What I'm missing from the requirements is the comparison itself - isn't that important? Like only storing/showing reg values differing?
0
 
DiazerAuthor Commented:
Hi Qleno,

The comparison is important.. I would like to have two options one that would show what is different and the other that would show all of them if that is possible..

Any ideas?

Regards,
Erica
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
DiazerAuthor Commented:
Hi Carlo-Giuliani,

I am needing it to look like this..

Policy                                                                        Recommended Current
------                                                                        ----------- -------
Accounts: Limit local account use of blank passwords to console logon only    1           1      
Audit: Audit the accesss of global system objects                             0           0      
Audit: Audit the use of Backup and Restore privilege                          0           0
0
 
QlemoDeveloperCommented:
You want to show the underlying policies for those settings instead of the registry names? That is really complex to do. AFAIK only the administrative templates contain the info, and those are files.

In regard of the option to show differences or all entries:
$showall = $false
$Table = Import-csv c:\temp\registry.csv 
Foreach ($row in $table) {  $row.Actual = Get-RegistryValue $row.Key $row.Value }
$table | ? { $_.Value -ne $_.Actual -or $showall } | Format-Table # This line will dispaly the table contents
$table | ? { $_.Value -ne $_.Actual -or $showall } | export-csv c:\temp\registry.csv # This line will rewrite the CSV file

Open in new window

0
 
Carlo-GiulianiCommented:
Just add another column for the Policy description to the CSV file.  You can also adjust the heading names as you like...so long as up update the script accordingly.
0
 
DiazerAuthor Commented:
I have a list of all the regisrty keys and decided to output my data to html for redibility.. so we are almost there..

I have the code only printing the objects I need using Select-Object and I'm able to select "Policy", "Current", "Actual" and exporting it to HTML using ConvertTo-HTML

I tried the code that mentioned Qlemo but I am not getting the results that I am expected. I need to compare the "Recommended" column to the "Actual" that is pulled from the "value"  but with the current logic it is pulling them because it will be equal to one another..

Help :)   I am attaching a snipit of the CSV I am using as that may help.
registry.csv
0
 
Carlo-GiulianiCommented:
I don't understand what your issue is.  The code example I gave you was to update the CSV file with the actual value.  Then you can just open the CSV file with Excel and compare recommended with actual values.
0
 
DiazerAuthor Commented:
I'm sorry Carlo,

I am more refering to what Qlemo posted as he had the compare done on the fly..  The problem is that we need to have this done on the fly. and not having to open an excel spread sheet etc because the machine that are running this do not have Excel installed so the CSV will not work.

You script works great at pulling from the CSV and showing me what the valiues are but I still needed the compare.
0
 
QlemoDeveloperCommented:
Sorry for that, I should have compared .Recommended instead of .Value, of course.

I've fixed another issue, in your Get-RegistryValue function which displayed errors if the keys or values where not found. Also I've changed the result CSV file, so the template remains unchanged.
function Get-RegistryValue($key, $value) {    (Get-ItemProperty $key $value -ea SilentlyContinue).$value}

$showall = $false
$Table = Import-csv c:\temp\registry.csv 
Foreach ($row in $table) {  $row.Actual = Get-RegistryValue $row.Key $row.Value }
$table | ? { $_.Recommended -ne $_.Actual -or $showall } | Format-Table # For displaying 
$table | ? { $_.Recommended -ne $_.Actual -or $showall } | export-csv c:\temp\registry-result.csv # Creating a (new) Result file

Open in new window

0
 
DiazerAuthor Commented:
Thank you both for the solution to my problem and quick answers.  I was able to create both reports that I was needing and display them in HTML as I needed..
0
 
DiazerAuthor Commented:
Qlemo,

Is there a way to insert a value when it does not exist in the regitsty like "Not Defined"
0
 
QlemoDeveloperCommented:
Of course, but in particular "Not defined" doesn't make much sense ;-). And I have to admit I would need to test some more first before being able to tell you how. Changing the registry in PowerShell isn't done that easily.
0
 
DiazerAuthor Commented:
Oh I dont want to change any registry settings I just dont want the report showing blanks when the script goes thru the CVS file and attempts to get a registry key that does not exist.  Currently we are supressing the error messages and it does not populate the Actual Values on the results CVS.  So Instead of it being a blank box I would like it to say "Not Defined :)
0
 
QlemoDeveloperCommented:
Extend your function:
function Get-RegistryValue($key, $value)
{
  $v = (Get-ItemProperty $key $value -ea SilentlyContinue).$value
  if ($v -eq $null) { "not defined" } else { $v }
}

Open in new window

0
 
DiazerAuthor Commented:
that did the trick.. Thank you so much :)
0
 
DiazerAuthor Commented:
Qleno, Carlo,

I setup a different scenerio and I have the bits but am having trouble on another question since you guys helped me on this one maybe you could take a look..
http://www.experts-exchange.com/Programming/Languages/Scripting/Powershell/Q_28133941.html#a39185284

Thank you,
0

Featured Post

[Webinar] Kill tickets & tabs using PowerShell

Are you tired of cycling through the same browser tabs everyday to close the same repetitive tickets? In this webinar JumpCloud will show how you can leverage RESTful APIs to build your own PowerShell modules to kill tickets & tabs using the PowerShell command Invoke-RestMethod.

  • 9
  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now