Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2254
  • Last Modified:

Powershell check registry entry

Hi guys, im looking to check a registry entry and say true against a the following key below and false against against those that dont. I have the following code below which i think is almost there. Any ideas how i can proceed.

thanks

$servers =Get-Content "C:\Users\Downloads\exchange.txt"

foreach ( $servers1 in $servers ) {
"
$servers1
"

 if Get-ItemProperty -Path hklm:SYSTEM\CurrentControlSet\services\DNS\Parameters]"EnableGlobalQueryBlockList"=dword:00000000"GlobalQueryBlockList"=""

{

}
0
cwstad2
Asked:
cwstad2
  • 5
  • 5
1 Solution
 
QlemoC++ DeveloperCommented:
That code is so buggy that I cannot get your goal here. I assume you want to remote check for registry entries in the DNS parameter set, and if both parameters are set, it is "true", else "false"?

If I'm correct: You cant check remote registry that simple. How to proceed on what you want to do - set some reg keys, log something, or ... ? Because if you want to execute something on that server, Remoting might be the better approach (i.e. running PowerShell tasks on another machine).
0
 
cwstad2Author Commented:
HI Qlemo, thats right, i realised i needed help at this point. What im looking to do is check the remote registry's from the server list in the text file. Is it easier to set the value on the server itself. I take it i will have to remote on to each server. Thanks
0
 
becraigCommented:
Qlemo is perfectly correct here.

Several points.
1. In order to use PowerShell your best bet would be to leverage invoke-commad
2. You can probably use reg query to do this and parse the response with an if statement (problem here might be the ability to query some 64 bit registry entries)

Short answer:
$output = @()
$servers =Get-Content "C:\Users\Downloads\exchange.txt"
foreach ($server in $servers)
{
#You can validate what you need below
$regvalue = reg query \$server\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\dns\  /v keyyouneed
#Then use an if statement to validate the content of the query 
if ($regvalue -like "*your value*")
{$output +=  "Key found on $server"}
else {$output += "Key not found on $server}
}
$output | Select * | Export-Csv c:\reg-result.csv -NoTypeInformation

Open in new window

0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
QlemoC++ DeveloperCommented:
That's my point. You should use something like:
invoke-command -Computer (Get-Content "C:\Users\Downloads\exchange.txt") -ScriptBlock {
  if ((Get-ItemProperty HKLM:SYSTEM\CurrentControlSet\services\DNS\Parameters EnableGlobalQueryBlockList) -eq 0)
  {
    Set-ItemProperty HKLM:SYSTEM\CurrentControlSet\services\DNS\Parameters GlobalQueryBlockList ""
  }
}

Open in new window

and that's it.
0
 
cwstad2Author Commented:
Hi guys, i ran Qlemos script and got the following. By reading the script is it checking if the "Get-ItemProperty HKLM:SYSTEM\CurrentControlSet\services\DNS\Parameters EnableGlobalQueryBlockList" and if not will it add it? Also what has happened to the "=dword:00000000"GlobalQueryBlockList"=""


thanks

Cannot find path 'HKLM:\SYSTEM\CurrentControlSet\services\DNS\Parameters' because it does not exist.
    + CategoryInfo          : ObjectNotFound: (HKLM:\SYSTEM\Cu...\DNS\Parameters:String) [Get-ItemProperty], ItemNotFoundException
    + FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.GetItemPropertyCommand
    + PSComputerName        : Server
0
 
QlemoC++ DeveloperCommented:
Since your syntax is totally off, I cannot tell what you want to check for exactly. Could you make that clear? Else I'm not able to provide a solution.

Regarding the path, the error message appears if there is no such registry path ( ...\DNS\Parameters ).
There will be nothing created, only set.
0
 
cwstad2Author Commented:
Hi Qlemo, sorry for being vague. To start from the beginning i have a .reg file with entries in, for example the one below is what id like to check is present via powershell. Also id like to set that key if it isnt, The purpose of this is to run the script on many DC's over a low bandwidth connection. Does that make sense? ta



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DNS\Parameters]
"EnableGlobalQueryBlockList"=dword:00000000
"GlobalQueryBlockList"=""
0
 
QlemoC++ DeveloperCommented:
Makes sense that way. But checking is unnecessary, it will not help reducing bandwidth usage or such, so we can "brute force" just change the settings.
invoke-command -Computer (Get-Content "C:\Users\Downloads\exchange.txt") -ScriptBlock {
    Set-ItemProperty HKLM:SYSTEM\CurrentControlSet\services\DNS\Parameters EnableGlobalQueryBlockList 0 -ea SilentlyContinue
    Set-ItemProperty HKLM:SYSTEM\CurrentControlSet\services\DNS\Parameters GlobalQueryBlockList "" -ea SilentlyContinue
}

Open in new window

There might be much more involved if you don't have a domain trust, because it gets more complicated if you have to provide credentials to connect to the remote machines.
0
 
cwstad2Author Commented:
Thanks Qlemo, what about the "=dword:00000000?
0
 
QlemoC++ DeveloperCommented:
It's there. You just need to take a closer look ...
0
 
cwstad2Author Commented:
much appreciated
0

Featured Post

Ready for your healthcare security check-up?

In the past few years, healthcare organizations have become a prime target for advanced attacks. Does your organization have what it needs to defend itself? Schedule your healthcare security check-up today and download our free Healthcare Security Resource Kit today!

  • 5
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now