Link to home
Start Free TrialLog in
Avatar of cwstad2
cwstad2Flag for United Kingdom of Great Britain and Northern Ireland

asked on

Powershell check registry entry

Hi guys, im looking to check a registry entry and say true against a the following key below and false against against those that dont. I have the following code below which i think is almost there. Any ideas how i can proceed.

thanks

$servers =Get-Content "C:\Users\Downloads\exchange.txt"

foreach ( $servers1 in $servers ) {
"
$servers1
"

 if Get-ItemProperty -Path hklm:SYSTEM\CurrentControlSet\services\DNS\Parameters]"EnableGlobalQueryBlockList"=dword:00000000"GlobalQueryBlockList"=""

{

}
Avatar of Qlemo
Qlemo
Flag of Germany image
That code is so buggy that I cannot get your goal here. I assume you want to remote check for registry entries in the DNS parameter set, and if both parameters are set, it is "true", else "false"?

If I'm correct: You cant check remote registry that simple. How to proceed on what you want to do - set some reg keys, log something, or ... ? Because if you want to execute something on that server, Remoting might be the better approach (i.e. running PowerShell tasks on another machine).
Avatar of cwstad2
cwstad2
Flag of United Kingdom of Great Britain and Northern Ireland image

ASKER

HI Qlemo, thats right, i realised i needed help at this point. What im looking to do is check the remote registry's from the server list in the text file. Is it easier to set the value on the server itself. I take it i will have to remote on to each server. Thanks
Avatar of becraig
becraig
Flag of United States of America image
Qlemo is perfectly correct here.

Several points.
1. In order to use PowerShell your best bet would be to leverage invoke-commad
2. You can probably use reg query to do this and parse the response with an if statement (problem here might be the ability to query some 64 bit registry entries)

Short answer:
$output = @()
$servers =Get-Content "C:\Users\Downloads\exchange.txt"
foreach ($server in $servers)
{
#You can validate what you need below
$regvalue = reg query \$server\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\dns\  /v keyyouneed
#Then use an if statement to validate the content of the query 
if ($regvalue -like "*your value*")
{$output +=  "Key found on $server"}
else {$output += "Key not found on $server}
}
$output | Select * | Export-Csv c:\reg-result.csv -NoTypeInformation

Open in new window

Avatar of Qlemo
Qlemo
Flag of Germany image
That's my point. You should use something like:
invoke-command -Computer (Get-Content "C:\Users\Downloads\exchange.txt") -ScriptBlock {
  if ((Get-ItemProperty HKLM:SYSTEM\CurrentControlSet\services\DNS\Parameters EnableGlobalQueryBlockList) -eq 0)
  {
    Set-ItemProperty HKLM:SYSTEM\CurrentControlSet\services\DNS\Parameters GlobalQueryBlockList ""
  }
}

Open in new window

and that's it.
Avatar of cwstad2
cwstad2
Flag of United Kingdom of Great Britain and Northern Ireland image

ASKER

Hi guys, i ran Qlemos script and got the following. By reading the script is it checking if the "Get-ItemProperty HKLM:SYSTEM\CurrentControlSet\services\DNS\Parameters EnableGlobalQueryBlockList" and if not will it add it? Also what has happened to the "=dword:00000000"GlobalQueryBlockList"=""


thanks

Cannot find path 'HKLM:\SYSTEM\CurrentControlSet\services\DNS\Parameters' because it does not exist.
    + CategoryInfo          : ObjectNotFound: (HKLM:\SYSTEM\Cu...\DNS\Parameters:String) [Get-ItemProperty], ItemNotFoundException
    + FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.GetItemPropertyCommand
    + PSComputerName        : Server
Avatar of Qlemo
Qlemo
Flag of Germany image
Since your syntax is totally off, I cannot tell what you want to check for exactly. Could you make that clear? Else I'm not able to provide a solution.

Regarding the path, the error message appears if there is no such registry path ( ...\DNS\Parameters ).
There will be nothing created, only set.
Avatar of cwstad2
cwstad2
Flag of United Kingdom of Great Britain and Northern Ireland image

ASKER

Hi Qlemo, sorry for being vague. To start from the beginning i have a .reg file with entries in, for example the one below is what id like to check is present via powershell. Also id like to set that key if it isnt, The purpose of this is to run the script on many DC's over a low bandwidth connection. Does that make sense? ta



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DNS\Parameters]
"EnableGlobalQueryBlockList"=dword:00000000
"GlobalQueryBlockList"=""
Avatar of Qlemo
Qlemo
Flag of Germany image
Makes sense that way. But checking is unnecessary, it will not help reducing bandwidth usage or such, so we can "brute force" just change the settings.
invoke-command -Computer (Get-Content "C:\Users\Downloads\exchange.txt") -ScriptBlock {
    Set-ItemProperty HKLM:SYSTEM\CurrentControlSet\services\DNS\Parameters EnableGlobalQueryBlockList 0 -ea SilentlyContinue
    Set-ItemProperty HKLM:SYSTEM\CurrentControlSet\services\DNS\Parameters GlobalQueryBlockList "" -ea SilentlyContinue
}

Open in new window

There might be much more involved if you don't have a domain trust, because it gets more complicated if you have to provide credentials to connect to the remote machines.
Avatar of cwstad2
cwstad2
Flag of United Kingdom of Great Britain and Northern Ireland image

ASKER

Thanks Qlemo, what about the "=dword:00000000?
ASKER CERTIFIED SOLUTION
Avatar of Qlemo
Qlemo
Flag of Germany image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of cwstad2
cwstad2
Flag of United Kingdom of Great Britain and Northern Ireland image

ASKER

much appreciated