Solved

Powershell registry compare

Posted on 2013-05-15
17
696 Views
Last Modified: 2013-05-21
Hi I hope to have someone help me out as I really need this.

I need to have this code check the registry and then report back a value.  I know there has to be a better way to do this that would be more streamlined.  I have an excel spreadsheet with the Values, names and Keys so maybe there is a way to import them on the fly and put them in a hash table or array.. Any help would be greatly appreciated

Here is the code that I have currently:
$tabName = "LocalGPO"

#Define Variables
$e = "1"
$d = "0"

#Functions
function Get-RegistryValue($key, $value) {    (Get-ItemProperty $key $value).$value}

#Create Table object
$table = New-Object system.Data.DataTable “$tabName”

#Define Columns
$col1 = New-Object system.Data.DataColumn Policy,([string])
$col2 = New-Object system.Data.DataColumn Recommended,([string])
$col3 = New-Object system.Data.DataColumn Current,([string])

#Add the Columns
$table.columns.add($col1)
$table.columns.add($col2)
$table.columns.add($col3)


#Create a row
$row = $table.NewRow()

#Enter data in the row
$row.Policy = "Accounts: Limit local account use of blank passwords to console logon only   " 
$row.Recommended = $e
$row.Current = Get-RegistryValue 'HKLM:\System\CurrentControlSet\Control\Lsa' LimitBlankPasswordUse
 

#Add the row to the table
$table.Rows.Add($row)

#Create a row
$row = $table.NewRow()

#Enter data in the row
$row.Policy = "Audit: Audit the accesss of global system objects   " 
$row.Recommended = "$d"
$row.Current = Get-RegistryValue 'HKLM:\System\CurrentControlSet\Control\Lsa\' AuditBaseObjects

#Add the row to the table
$table.Rows.Add($row)

#Create a row
$row = $table.NewRow()

#Enter data in the row
$row.Policy = "Audit: Audit the use of Backup and Restore privilege   " 
$row.Recommended = "$d"
$row.Current = Get-RegistryValue 'HKLM:\System\CurrentControlSet\Control\Lsa\' FullPrivilegeAuditing

#Add the row to the table
$table.Rows.Add($row)

#Create a row
$row = $table.NewRow()

#Enter data in the row
$row.Policy = "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings   " 
$row.Recommended = "$e"
$row.Current = Get-RegistryValue 'HKLM:\System\CurrentControlSet\Control\Lsa\' SCENoApplyLegacyAuditPolicy

#Add the row to the table
$table.Rows.Add($row)

#Display the table
$table | format-table -AutoSize 

Open in new window


Regards,
Erica
0
Comment
Question by:Diazer
  • 9
  • 5
  • 3
17 Comments
 
LVL 12

Assisted Solution

by:Carlo-Giuliani
Carlo-Giuliani earned 250 total points
ID: 39170247
I would do this by first creating a CSV file containing something like this:

"Key", "Value","Recommended","Acual"
"HKLM:\System\CurrentControlSet\Control\Lsa","LimitBlankPasswordUse,"0",""
"HKLM:\System\CurrentControlSet\Control\Lsa\","AuditBaseObjects","0",""

Open in new window


The you can run a very simple script like this:
$Table = Import-csv c:\temp\registry.csv 
Foreach ($row in $table) {  $row.Actual = Get-RegistryValue $row.Key $row.Value }
$table| Format-Table # This line will dispaly the table contents
$table | export-csv c:\temp\registry.csv # This line will rewrite the CSV file

Open in new window


Note that I have not tested this code...I just typed it out right now, so there may be typos/bugs.  But I can promise you this method will work.  

You can use Excel (or similar program) to create/edit the CSV file.
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 39170597
Carlo-Giuliani,

That is pretty smart! Using a CSV "template" and fill it is very simple, reliable and easy to manage.


Diazer,

What I'm missing from the requirements is the comparison itself - isn't that important? Like only storing/showing reg values differing?
0
 

Author Comment

by:Diazer
ID: 39171518
Hi Qleno,

The comparison is important.. I would like to have two options one that would show what is different and the other that would show all of them if that is possible..

Any ideas?

Regards,
Erica
0
 

Author Comment

by:Diazer
ID: 39171708
Hi Carlo-Giuliani,

I am needing it to look like this..

Policy                                                                        Recommended Current
------                                                                        ----------- -------
Accounts: Limit local account use of blank passwords to console logon only    1           1      
Audit: Audit the accesss of global system objects                             0           0      
Audit: Audit the use of Backup and Restore privilege                          0           0
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 39171831
You want to show the underlying policies for those settings instead of the registry names? That is really complex to do. AFAIK only the administrative templates contain the info, and those are files.

In regard of the option to show differences or all entries:
$showall = $false
$Table = Import-csv c:\temp\registry.csv 
Foreach ($row in $table) {  $row.Actual = Get-RegistryValue $row.Key $row.Value }
$table | ? { $_.Value -ne $_.Actual -or $showall } | Format-Table # This line will dispaly the table contents
$table | ? { $_.Value -ne $_.Actual -or $showall } | export-csv c:\temp\registry.csv # This line will rewrite the CSV file

Open in new window

0
 
LVL 12

Expert Comment

by:Carlo-Giuliani
ID: 39171997
Just add another column for the Policy description to the CSV file.  You can also adjust the heading names as you like...so long as up update the script accordingly.
0
 

Author Comment

by:Diazer
ID: 39172560
I have a list of all the regisrty keys and decided to output my data to html for redibility.. so we are almost there..

I have the code only printing the objects I need using Select-Object and I'm able to select "Policy", "Current", "Actual" and exporting it to HTML using ConvertTo-HTML

I tried the code that mentioned Qlemo but I am not getting the results that I am expected. I need to compare the "Recommended" column to the "Actual" that is pulled from the "value"  but with the current logic it is pulling them because it will be equal to one another..

Help :)   I am attaching a snipit of the CSV I am using as that may help.
registry.csv
0
 
LVL 12

Expert Comment

by:Carlo-Giuliani
ID: 39172681
I don't understand what your issue is.  The code example I gave you was to update the CSV file with the actual value.  Then you can just open the CSV file with Excel and compare recommended with actual values.
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:Diazer
ID: 39172733
I'm sorry Carlo,

I am more refering to what Qlemo posted as he had the compare done on the fly..  The problem is that we need to have this done on the fly. and not having to open an excel spread sheet etc because the machine that are running this do not have Excel installed so the CSV will not work.

You script works great at pulling from the CSV and showing me what the valiues are but I still needed the compare.
0
 
LVL 68

Accepted Solution

by:
Qlemo earned 250 total points
ID: 39172986
Sorry for that, I should have compared .Recommended instead of .Value, of course.

I've fixed another issue, in your Get-RegistryValue function which displayed errors if the keys or values where not found. Also I've changed the result CSV file, so the template remains unchanged.
function Get-RegistryValue($key, $value) {    (Get-ItemProperty $key $value -ea SilentlyContinue).$value}

$showall = $false
$Table = Import-csv c:\temp\registry.csv 
Foreach ($row in $table) {  $row.Actual = Get-RegistryValue $row.Key $row.Value }
$table | ? { $_.Recommended -ne $_.Actual -or $showall } | Format-Table # For displaying 
$table | ? { $_.Recommended -ne $_.Actual -or $showall } | export-csv c:\temp\registry-result.csv # Creating a (new) Result file

Open in new window

0
 

Author Closing Comment

by:Diazer
ID: 39173053
Thank you both for the solution to my problem and quick answers.  I was able to create both reports that I was needing and display them in HTML as I needed..
0
 

Author Comment

by:Diazer
ID: 39173121
Qlemo,

Is there a way to insert a value when it does not exist in the regitsty like "Not Defined"
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 39173129
Of course, but in particular "Not defined" doesn't make much sense ;-). And I have to admit I would need to test some more first before being able to tell you how. Changing the registry in PowerShell isn't done that easily.
0
 

Author Comment

by:Diazer
ID: 39173152
Oh I dont want to change any registry settings I just dont want the report showing blanks when the script goes thru the CVS file and attempts to get a registry key that does not exist.  Currently we are supressing the error messages and it does not populate the Actual Values on the results CVS.  So Instead of it being a blank box I would like it to say "Not Defined :)
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 39173199
Extend your function:
function Get-RegistryValue($key, $value)
{
  $v = (Get-ItemProperty $key $value -ea SilentlyContinue).$value
  if ($v -eq $null) { "not defined" } else { $v }
}

Open in new window

0
 

Author Comment

by:Diazer
ID: 39173300
that did the trick.. Thank you so much :)
0
 

Author Comment

by:Diazer
ID: 39185383
Qleno, Carlo,

I setup a different scenerio and I have the bits but am having trouble on another question since you guys helped me on this one maybe you could take a look..
http://www.experts-exchange.com/Programming/Languages/Scripting/Powershell/Q_28133941.html#a39185284

Thank you,
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Active Directory replication delay is the cause to many problems.  Here is a super easy script to force Active Directory replication to all sites with by using an elevated PowerShell command prompt, and a tool to verify your changes.
Synchronize a new Active Directory domain with an existing Office 365 tenant
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now