Solved

Powershell registry compare

Posted on 2013-05-15
17
817 Views
Last Modified: 2013-05-21
Hi I hope to have someone help me out as I really need this.

I need to have this code check the registry and then report back a value.  I know there has to be a better way to do this that would be more streamlined.  I have an excel spreadsheet with the Values, names and Keys so maybe there is a way to import them on the fly and put them in a hash table or array.. Any help would be greatly appreciated

Here is the code that I have currently:
$tabName = "LocalGPO"

#Define Variables
$e = "1"
$d = "0"

#Functions
function Get-RegistryValue($key, $value) {    (Get-ItemProperty $key $value).$value}

#Create Table object
$table = New-Object system.Data.DataTable “$tabName”

#Define Columns
$col1 = New-Object system.Data.DataColumn Policy,([string])
$col2 = New-Object system.Data.DataColumn Recommended,([string])
$col3 = New-Object system.Data.DataColumn Current,([string])

#Add the Columns
$table.columns.add($col1)
$table.columns.add($col2)
$table.columns.add($col3)


#Create a row
$row = $table.NewRow()

#Enter data in the row
$row.Policy = "Accounts: Limit local account use of blank passwords to console logon only   " 
$row.Recommended = $e
$row.Current = Get-RegistryValue 'HKLM:\System\CurrentControlSet\Control\Lsa' LimitBlankPasswordUse
 

#Add the row to the table
$table.Rows.Add($row)

#Create a row
$row = $table.NewRow()

#Enter data in the row
$row.Policy = "Audit: Audit the accesss of global system objects   " 
$row.Recommended = "$d"
$row.Current = Get-RegistryValue 'HKLM:\System\CurrentControlSet\Control\Lsa\' AuditBaseObjects

#Add the row to the table
$table.Rows.Add($row)

#Create a row
$row = $table.NewRow()

#Enter data in the row
$row.Policy = "Audit: Audit the use of Backup and Restore privilege   " 
$row.Recommended = "$d"
$row.Current = Get-RegistryValue 'HKLM:\System\CurrentControlSet\Control\Lsa\' FullPrivilegeAuditing

#Add the row to the table
$table.Rows.Add($row)

#Create a row
$row = $table.NewRow()

#Enter data in the row
$row.Policy = "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings   " 
$row.Recommended = "$e"
$row.Current = Get-RegistryValue 'HKLM:\System\CurrentControlSet\Control\Lsa\' SCENoApplyLegacyAuditPolicy

#Add the row to the table
$table.Rows.Add($row)

#Display the table
$table | format-table -AutoSize 

Open in new window


Regards,
Erica
0
Comment
Question by:Diazer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 5
  • 3
17 Comments
 
LVL 12

Assisted Solution

by:Carlo-Giuliani
Carlo-Giuliani earned 250 total points
ID: 39170247
I would do this by first creating a CSV file containing something like this:

"Key", "Value","Recommended","Acual"
"HKLM:\System\CurrentControlSet\Control\Lsa","LimitBlankPasswordUse,"0",""
"HKLM:\System\CurrentControlSet\Control\Lsa\","AuditBaseObjects","0",""

Open in new window


The you can run a very simple script like this:
$Table = Import-csv c:\temp\registry.csv 
Foreach ($row in $table) {  $row.Actual = Get-RegistryValue $row.Key $row.Value }
$table| Format-Table # This line will dispaly the table contents
$table | export-csv c:\temp\registry.csv # This line will rewrite the CSV file

Open in new window


Note that I have not tested this code...I just typed it out right now, so there may be typos/bugs.  But I can promise you this method will work.  

You can use Excel (or similar program) to create/edit the CSV file.
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 39170597
Carlo-Giuliani,

That is pretty smart! Using a CSV "template" and fill it is very simple, reliable and easy to manage.


Diazer,

What I'm missing from the requirements is the comparison itself - isn't that important? Like only storing/showing reg values differing?
0
 

Author Comment

by:Diazer
ID: 39171518
Hi Qleno,

The comparison is important.. I would like to have two options one that would show what is different and the other that would show all of them if that is possible..

Any ideas?

Regards,
Erica
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 

Author Comment

by:Diazer
ID: 39171708
Hi Carlo-Giuliani,

I am needing it to look like this..

Policy                                                                        Recommended Current
------                                                                        ----------- -------
Accounts: Limit local account use of blank passwords to console logon only    1           1      
Audit: Audit the accesss of global system objects                             0           0      
Audit: Audit the use of Backup and Restore privilege                          0           0
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 39171831
You want to show the underlying policies for those settings instead of the registry names? That is really complex to do. AFAIK only the administrative templates contain the info, and those are files.

In regard of the option to show differences or all entries:
$showall = $false
$Table = Import-csv c:\temp\registry.csv 
Foreach ($row in $table) {  $row.Actual = Get-RegistryValue $row.Key $row.Value }
$table | ? { $_.Value -ne $_.Actual -or $showall } | Format-Table # This line will dispaly the table contents
$table | ? { $_.Value -ne $_.Actual -or $showall } | export-csv c:\temp\registry.csv # This line will rewrite the CSV file

Open in new window

0
 
LVL 12

Expert Comment

by:Carlo-Giuliani
ID: 39171997
Just add another column for the Policy description to the CSV file.  You can also adjust the heading names as you like...so long as up update the script accordingly.
0
 

Author Comment

by:Diazer
ID: 39172560
I have a list of all the regisrty keys and decided to output my data to html for redibility.. so we are almost there..

I have the code only printing the objects I need using Select-Object and I'm able to select "Policy", "Current", "Actual" and exporting it to HTML using ConvertTo-HTML

I tried the code that mentioned Qlemo but I am not getting the results that I am expected. I need to compare the "Recommended" column to the "Actual" that is pulled from the "value"  but with the current logic it is pulling them because it will be equal to one another..

Help :)   I am attaching a snipit of the CSV I am using as that may help.
registry.csv
0
 
LVL 12

Expert Comment

by:Carlo-Giuliani
ID: 39172681
I don't understand what your issue is.  The code example I gave you was to update the CSV file with the actual value.  Then you can just open the CSV file with Excel and compare recommended with actual values.
0
 

Author Comment

by:Diazer
ID: 39172733
I'm sorry Carlo,

I am more refering to what Qlemo posted as he had the compare done on the fly..  The problem is that we need to have this done on the fly. and not having to open an excel spread sheet etc because the machine that are running this do not have Excel installed so the CSV will not work.

You script works great at pulling from the CSV and showing me what the valiues are but I still needed the compare.
0
 
LVL 69

Accepted Solution

by:
Qlemo earned 250 total points
ID: 39172986
Sorry for that, I should have compared .Recommended instead of .Value, of course.

I've fixed another issue, in your Get-RegistryValue function which displayed errors if the keys or values where not found. Also I've changed the result CSV file, so the template remains unchanged.
function Get-RegistryValue($key, $value) {    (Get-ItemProperty $key $value -ea SilentlyContinue).$value}

$showall = $false
$Table = Import-csv c:\temp\registry.csv 
Foreach ($row in $table) {  $row.Actual = Get-RegistryValue $row.Key $row.Value }
$table | ? { $_.Recommended -ne $_.Actual -or $showall } | Format-Table # For displaying 
$table | ? { $_.Recommended -ne $_.Actual -or $showall } | export-csv c:\temp\registry-result.csv # Creating a (new) Result file

Open in new window

0
 

Author Closing Comment

by:Diazer
ID: 39173053
Thank you both for the solution to my problem and quick answers.  I was able to create both reports that I was needing and display them in HTML as I needed..
0
 

Author Comment

by:Diazer
ID: 39173121
Qlemo,

Is there a way to insert a value when it does not exist in the regitsty like "Not Defined"
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 39173129
Of course, but in particular "Not defined" doesn't make much sense ;-). And I have to admit I would need to test some more first before being able to tell you how. Changing the registry in PowerShell isn't done that easily.
0
 

Author Comment

by:Diazer
ID: 39173152
Oh I dont want to change any registry settings I just dont want the report showing blanks when the script goes thru the CVS file and attempts to get a registry key that does not exist.  Currently we are supressing the error messages and it does not populate the Actual Values on the results CVS.  So Instead of it being a blank box I would like it to say "Not Defined :)
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 39173199
Extend your function:
function Get-RegistryValue($key, $value)
{
  $v = (Get-ItemProperty $key $value -ea SilentlyContinue).$value
  if ($v -eq $null) { "not defined" } else { $v }
}

Open in new window

0
 

Author Comment

by:Diazer
ID: 39173300
that did the trick.. Thank you so much :)
0
 

Author Comment

by:Diazer
ID: 39185383
Qleno, Carlo,

I setup a different scenerio and I have the bits but am having trouble on another question since you guys helped me on this one maybe you could take a look..
http://www.experts-exchange.com/Programming/Languages/Scripting/Powershell/Q_28133941.html#a39185284

Thank you,
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question