Solved

Powershell check registry entry

Posted on 2014-02-17
11
2,036 Views
Last Modified: 2014-02-20
Hi guys, im looking to check a registry entry and say true against a the following key below and false against against those that dont. I have the following code below which i think is almost there. Any ideas how i can proceed.

thanks

$servers =Get-Content "C:\Users\Downloads\exchange.txt"

foreach ( $servers1 in $servers ) {
"
$servers1
"

 if Get-ItemProperty -Path hklm:SYSTEM\CurrentControlSet\services\DNS\Parameters]"EnableGlobalQueryBlockList"=dword:00000000"GlobalQueryBlockList"=""

{

}
0
Comment
Question by:cwstad2
  • 5
  • 5
11 Comments
 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
That code is so buggy that I cannot get your goal here. I assume you want to remote check for registry entries in the DNS parameter set, and if both parameters are set, it is "true", else "false"?

If I'm correct: You cant check remote registry that simple. How to proceed on what you want to do - set some reg keys, log something, or ... ? Because if you want to execute something on that server, Remoting might be the better approach (i.e. running PowerShell tasks on another machine).
0
 
LVL 15

Author Comment

by:cwstad2
Comment Utility
HI Qlemo, thats right, i realised i needed help at this point. What im looking to do is check the remote registry's from the server list in the text file. Is it easier to set the value on the server itself. I take it i will have to remote on to each server. Thanks
0
 
LVL 28

Expert Comment

by:becraig
Comment Utility
Qlemo is perfectly correct here.

Several points.
1. In order to use PowerShell your best bet would be to leverage invoke-commad
2. You can probably use reg query to do this and parse the response with an if statement (problem here might be the ability to query some 64 bit registry entries)

Short answer:
$output = @()
$servers =Get-Content "C:\Users\Downloads\exchange.txt"
foreach ($server in $servers)
{
#You can validate what you need below
$regvalue = reg query \$server\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\dns\  /v keyyouneed
#Then use an if statement to validate the content of the query 
if ($regvalue -like "*your value*")
{$output +=  "Key found on $server"}
else {$output += "Key not found on $server}
}
$output | Select * | Export-Csv c:\reg-result.csv -NoTypeInformation

Open in new window

0
 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
That's my point. You should use something like:
invoke-command -Computer (Get-Content "C:\Users\Downloads\exchange.txt") -ScriptBlock {
  if ((Get-ItemProperty HKLM:SYSTEM\CurrentControlSet\services\DNS\Parameters EnableGlobalQueryBlockList) -eq 0)
  {
    Set-ItemProperty HKLM:SYSTEM\CurrentControlSet\services\DNS\Parameters GlobalQueryBlockList ""
  }
}

Open in new window

and that's it.
0
 
LVL 15

Author Comment

by:cwstad2
Comment Utility
Hi guys, i ran Qlemos script and got the following. By reading the script is it checking if the "Get-ItemProperty HKLM:SYSTEM\CurrentControlSet\services\DNS\Parameters EnableGlobalQueryBlockList" and if not will it add it? Also what has happened to the "=dword:00000000"GlobalQueryBlockList"=""


thanks

Cannot find path 'HKLM:\SYSTEM\CurrentControlSet\services\DNS\Parameters' because it does not exist.
    + CategoryInfo          : ObjectNotFound: (HKLM:\SYSTEM\Cu...\DNS\Parameters:String) [Get-ItemProperty], ItemNotFoundException
    + FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.GetItemPropertyCommand
    + PSComputerName        : Server
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
Since your syntax is totally off, I cannot tell what you want to check for exactly. Could you make that clear? Else I'm not able to provide a solution.

Regarding the path, the error message appears if there is no such registry path ( ...\DNS\Parameters ).
There will be nothing created, only set.
0
 
LVL 15

Author Comment

by:cwstad2
Comment Utility
Hi Qlemo, sorry for being vague. To start from the beginning i have a .reg file with entries in, for example the one below is what id like to check is present via powershell. Also id like to set that key if it isnt, The purpose of this is to run the script on many DC's over a low bandwidth connection. Does that make sense? ta



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DNS\Parameters]
"EnableGlobalQueryBlockList"=dword:00000000
"GlobalQueryBlockList"=""
0
 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
Makes sense that way. But checking is unnecessary, it will not help reducing bandwidth usage or such, so we can "brute force" just change the settings.
invoke-command -Computer (Get-Content "C:\Users\Downloads\exchange.txt") -ScriptBlock {
    Set-ItemProperty HKLM:SYSTEM\CurrentControlSet\services\DNS\Parameters EnableGlobalQueryBlockList 0 -ea SilentlyContinue
    Set-ItemProperty HKLM:SYSTEM\CurrentControlSet\services\DNS\Parameters GlobalQueryBlockList "" -ea SilentlyContinue
}

Open in new window

There might be much more involved if you don't have a domain trust, because it gets more complicated if you have to provide credentials to connect to the remote machines.
0
 
LVL 15

Author Comment

by:cwstad2
Comment Utility
Thanks Qlemo, what about the "=dword:00000000?
0
 
LVL 68

Accepted Solution

by:
Qlemo earned 500 total points
Comment Utility
It's there. You just need to take a closer look ...
0
 
LVL 15

Author Comment

by:cwstad2
Comment Utility
much appreciated
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

The article will show you how you can maintain a simple logfile of all Startup and Shutdown events on Windows servers and desktops with PowerShell. The script can be easily adapted into doing more like gracefully silencing/updating your monitoring s…
How to sign a powershell script so you can prevent tampering, and only allow users to run authorised Powershell scripts
Learn the basics of if, else, and elif statements in Python 2.7. Use "if" statements to test a specified condition.: The structure of an if statement is as follows: (CODE) Use "else" statements to allow the execution of an alternative, if the …
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now