Forum Discussion

  • Hi

    When targetting the HKCU you need to apply the powershell script to the logged in user instead of the system account.. If you are blocking powershell you will need to first catch the logged in user sid id, so you can target the key from hkey_users\sidid
  • XBEAT's avatar
    XBEAT
    Copper Contributor
    Hi, Ben Can you share the script, please?

Resources