Link to home
Start Free TrialLog in
Avatar of Diazer
DiazerFlag for United States of America

asked on

Powershell registry compare

Hi I hope to have someone help me out as I really need this.

I need to have this code check the registry and then report back a value.  I know there has to be a better way to do this that would be more streamlined.  I have an excel spreadsheet with the Values, names and Keys so maybe there is a way to import them on the fly and put them in a hash table or array.. Any help would be greatly appreciated

Here is the code that I have currently:
$tabName = "LocalGPO"

#Define Variables
$e = "1"
$d = "0"

#Functions
function Get-RegistryValue($key, $value) {    (Get-ItemProperty $key $value).$value}

#Create Table object
$table = New-Object system.Data.DataTable “$tabName”

#Define Columns
$col1 = New-Object system.Data.DataColumn Policy,([string])
$col2 = New-Object system.Data.DataColumn Recommended,([string])
$col3 = New-Object system.Data.DataColumn Current,([string])

#Add the Columns
$table.columns.add($col1)
$table.columns.add($col2)
$table.columns.add($col3)


#Create a row
$row = $table.NewRow()

#Enter data in the row
$row.Policy = "Accounts: Limit local account use of blank passwords to console logon only   " 
$row.Recommended = $e
$row.Current = Get-RegistryValue 'HKLM:\System\CurrentControlSet\Control\Lsa' LimitBlankPasswordUse
 

#Add the row to the table
$table.Rows.Add($row)

#Create a row
$row = $table.NewRow()

#Enter data in the row
$row.Policy = "Audit: Audit the accesss of global system objects   " 
$row.Recommended = "$d"
$row.Current = Get-RegistryValue 'HKLM:\System\CurrentControlSet\Control\Lsa\' AuditBaseObjects

#Add the row to the table
$table.Rows.Add($row)

#Create a row
$row = $table.NewRow()

#Enter data in the row
$row.Policy = "Audit: Audit the use of Backup and Restore privilege   " 
$row.Recommended = "$d"
$row.Current = Get-RegistryValue 'HKLM:\System\CurrentControlSet\Control\Lsa\' FullPrivilegeAuditing

#Add the row to the table
$table.Rows.Add($row)

#Create a row
$row = $table.NewRow()

#Enter data in the row
$row.Policy = "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings   " 
$row.Recommended = "$e"
$row.Current = Get-RegistryValue 'HKLM:\System\CurrentControlSet\Control\Lsa\' SCENoApplyLegacyAuditPolicy

#Add the row to the table
$table.Rows.Add($row)

#Display the table
$table | format-table -AutoSize 

Open in new window


Regards,
Erica
SOLUTION
Avatar of Carlo-Giuliani
Carlo-Giuliani
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Qlemo
Carlo-Giuliani,

That is pretty smart! Using a CSV "template" and fill it is very simple, reliable and easy to manage.


Diazer,

What I'm missing from the requirements is the comparison itself - isn't that important? Like only storing/showing reg values differing?
Avatar of Diazer

ASKER

Hi Qleno,

The comparison is important.. I would like to have two options one that would show what is different and the other that would show all of them if that is possible..

Any ideas?

Regards,
Erica
Avatar of Diazer

ASKER

Hi Carlo-Giuliani,

I am needing it to look like this..

Policy                                                                        Recommended Current
------                                                                        ----------- -------
Accounts: Limit local account use of blank passwords to console logon only    1           1      
Audit: Audit the accesss of global system objects                             0           0      
Audit: Audit the use of Backup and Restore privilege                          0           0
You want to show the underlying policies for those settings instead of the registry names? That is really complex to do. AFAIK only the administrative templates contain the info, and those are files.

In regard of the option to show differences or all entries:
$showall = $false
$Table = Import-csv c:\temp\registry.csv 
Foreach ($row in $table) {  $row.Actual = Get-RegistryValue $row.Key $row.Value }
$table | ? { $_.Value -ne $_.Actual -or $showall } | Format-Table # This line will dispaly the table contents
$table | ? { $_.Value -ne $_.Actual -or $showall } | export-csv c:\temp\registry.csv # This line will rewrite the CSV file

Open in new window

Just add another column for the Policy description to the CSV file.  You can also adjust the heading names as you like...so long as up update the script accordingly.
Avatar of Diazer

ASKER

I have a list of all the regisrty keys and decided to output my data to html for redibility.. so we are almost there..

I have the code only printing the objects I need using Select-Object and I'm able to select "Policy", "Current", "Actual" and exporting it to HTML using ConvertTo-HTML

I tried the code that mentioned Qlemo but I am not getting the results that I am expected. I need to compare the "Recommended" column to the "Actual" that is pulled from the "value"  but with the current logic it is pulling them because it will be equal to one another..

Help :)   I am attaching a snipit of the CSV I am using as that may help.
registry.csv
I don't understand what your issue is.  The code example I gave you was to update the CSV file with the actual value.  Then you can just open the CSV file with Excel and compare recommended with actual values.
Avatar of Diazer

ASKER

I'm sorry Carlo,

I am more refering to what Qlemo posted as he had the compare done on the fly..  The problem is that we need to have this done on the fly. and not having to open an excel spread sheet etc because the machine that are running this do not have Excel installed so the CSV will not work.

You script works great at pulling from the CSV and showing me what the valiues are but I still needed the compare.
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Diazer

ASKER

Thank you both for the solution to my problem and quick answers.  I was able to create both reports that I was needing and display them in HTML as I needed..
Avatar of Diazer

ASKER

Qlemo,

Is there a way to insert a value when it does not exist in the regitsty like "Not Defined"
Of course, but in particular "Not defined" doesn't make much sense ;-). And I have to admit I would need to test some more first before being able to tell you how. Changing the registry in PowerShell isn't done that easily.
Avatar of Diazer

ASKER

Oh I dont want to change any registry settings I just dont want the report showing blanks when the script goes thru the CVS file and attempts to get a registry key that does not exist.  Currently we are supressing the error messages and it does not populate the Actual Values on the results CVS.  So Instead of it being a blank box I would like it to say "Not Defined :)
Extend your function:
function Get-RegistryValue($key, $value)
{
  $v = (Get-ItemProperty $key $value -ea SilentlyContinue).$value
  if ($v -eq $null) { "not defined" } else { $v }
}

Open in new window

Avatar of Diazer

ASKER

that did the trick.. Thank you so much :)
Avatar of Diazer

ASKER

Qleno, Carlo,

I setup a different scenerio and I have the bits but am having trouble on another question since you guys helped me on this one maybe you could take a look..
https://www.experts-exchange.com/questions/28133941/powershell-INF-compare.html?anchorAnswerId=39185284#a39185284

Thank you,