cwstad2
asked on
Powershell check registry entry
Hi guys, im looking to check a registry entry and say true against a the following key below and false against against those that dont. I have the following code below which i think is almost there. Any ideas how i can proceed.
thanks
$servers =Get-Content "C:\Users\Downloads\exchan ge.txt"
foreach ( $servers1 in $servers ) {
"
$servers1
"
if Get-ItemProperty -Path hklm:SYSTEM\CurrentControl Set\servic es\DNS\Par ameters]"E nableGloba lQueryBloc kList"=dwo rd:0000000 0"GlobalQu eryBlockLi st"=""
{
}
thanks
$servers =Get-Content "C:\Users\Downloads\exchan
foreach ( $servers1 in $servers ) {
"
$servers1
"
if Get-ItemProperty -Path hklm:SYSTEM\CurrentControl
{
}
ASKER
HI Qlemo, thats right, i realised i needed help at this point. What im looking to do is check the remote registry's from the server list in the text file. Is it easier to set the value on the server itself. I take it i will have to remote on to each server. Thanks
Qlemo is perfectly correct here.
Several points.
1. In order to use PowerShell your best bet would be to leverage invoke-commad
2. You can probably use reg query to do this and parse the response with an if statement (problem here might be the ability to query some 64 bit registry entries)
Short answer:
Several points.
1. In order to use PowerShell your best bet would be to leverage invoke-commad
2. You can probably use reg query to do this and parse the response with an if statement (problem here might be the ability to query some 64 bit registry entries)
Short answer:
$output = @()
$servers =Get-Content "C:\Users\Downloads\exchange.txt"
foreach ($server in $servers)
{
#You can validate what you need below
$regvalue = reg query \$server\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\dns\ /v keyyouneed
#Then use an if statement to validate the content of the query
if ($regvalue -like "*your value*")
{$output += "Key found on $server"}
else {$output += "Key not found on $server}
}
$output | Select * | Export-Csv c:\reg-result.csv -NoTypeInformation
That's my point. You should use something like:
invoke-command -Computer (Get-Content "C:\Users\Downloads\exchange.txt") -ScriptBlock {
if ((Get-ItemProperty HKLM:SYSTEM\CurrentControlSet\services\DNS\Parameters EnableGlobalQueryBlockList) -eq 0)
{
Set-ItemProperty HKLM:SYSTEM\CurrentControlSet\services\DNS\Parameters GlobalQueryBlockList ""
}
}
and that's it.
ASKER
Hi guys, i ran Qlemos script and got the following. By reading the script is it checking if the "Get-ItemProperty HKLM:SYSTEM\CurrentControl Set\servic es\DNS\Par ameters EnableGlobalQueryBlockList " and if not will it add it? Also what has happened to the "=dword:00000000"GlobalQue ryBlockLis t"=""
thanks
Cannot find path 'HKLM:\SYSTEM\CurrentContr olSet\serv ices\DNS\P arameters' because it does not exist.
+ CategoryInfo : ObjectNotFound: (HKLM:\SYSTEM\Cu...\DNS\Pa rameters:S tring) [Get-ItemProperty], ItemNotFoundException
+ FullyQualifiedErrorId : PathNotFound,Microsoft.Pow erShell.Co mmands.Get ItemProper tyCommand
+ PSComputerName : Server
thanks
Cannot find path 'HKLM:\SYSTEM\CurrentContr
+ CategoryInfo : ObjectNotFound: (HKLM:\SYSTEM\Cu...\DNS\Pa
+ FullyQualifiedErrorId : PathNotFound,Microsoft.Pow
+ PSComputerName : Server
Since your syntax is totally off, I cannot tell what you want to check for exactly. Could you make that clear? Else I'm not able to provide a solution.
Regarding the path, the error message appears if there is no such registry path ( ...\DNS\Parameters ).
There will be nothing created, only set.
Regarding the path, the error message appears if there is no such registry path ( ...\DNS\Parameters ).
There will be nothing created, only set.
ASKER
Hi Qlemo, sorry for being vague. To start from the beginning i have a .reg file with entries in, for example the one below is what id like to check is present via powershell. Also id like to set that key if it isnt, The purpose of this is to run the script on many DC's over a low bandwidth connection. Does that make sense? ta
[HKEY_LOCAL_MACHINE\SYSTEM \CurrentCo ntrolSet\s ervices\DN S\Paramete rs]
"EnableGlobalQueryBlockLis t"=dword:0 0000000
"GlobalQueryBlockList"=""
[HKEY_LOCAL_MACHINE\SYSTEM
"EnableGlobalQueryBlockLis
"GlobalQueryBlockList"=""
Makes sense that way. But checking is unnecessary, it will not help reducing bandwidth usage or such, so we can "brute force" just change the settings.
invoke-command -Computer (Get-Content "C:\Users\Downloads\exchange.txt") -ScriptBlock {
Set-ItemProperty HKLM:SYSTEM\CurrentControlSet\services\DNS\Parameters EnableGlobalQueryBlockList 0 -ea SilentlyContinue
Set-ItemProperty HKLM:SYSTEM\CurrentControlSet\services\DNS\Parameters GlobalQueryBlockList "" -ea SilentlyContinue
}
There might be much more involved if you don't have a domain trust, because it gets more complicated if you have to provide credentials to connect to the remote machines.
ASKER
Thanks Qlemo, what about the "=dword:00000000?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
much appreciated
If I'm correct: You cant check remote registry that simple. How to proceed on what you want to do - set some reg keys, log something, or ... ? Because if you want to execute something on that server, Remoting might be the better approach (i.e. running PowerShell tasks on another machine).