Forum Discussion
Registry script is changing 5 of 6 keys
I'm hoping someone can help with this, it's really starting to get on my nerves.
There are some registry keys that I needed to change/create on all pc's, so I tried to bundle the changes in a win32 app to run the PowerShell script changes, but they wouldn't run.
Eventually, I found that I could create an app to copy the script to the PC's and another one to run it.
This worked fine once the detection rules were sorted, but there is one key in the script that refuses to change - all others are created as expected so I can't figure out why it won't work on this one key.
Funny thing is that if the script is run locally, all keys are created fine.
Any help greatly appreciated.
$regPath1 = "HKLM:\Software\Microsoft\Cryptography\Wintrust\Config"
$valueName1 = "EnableCertPaddingCheck"
$valueData1 = 1
$regPath2 = "HKLM:\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config"
$valueName2 = "EnableCertPaddingCheck"
$valueData2 = 1
$regPath3 = "HKLM:\System\CurrentControlSet\Services\LanManWorkstation\Parameters"
$valueName3 = "RequireSecuritySignature"
$valueData3 = 1
$regPath4 = "HKLM:\System\CurrentControlSet\Services\LanManWorkstation\Parameters"
$valueName4 = "EnableSecuritySignature"
$valueData4 = 1
$regPath5 = "HKLM:\System\CurrentControlSet\Services\LanManServer\Parameters"
$valueName5 = "RequireSecuritySignature"
$valueData5 = 1
$regPath6 = "HKLM:\System\CurrentControlSet\Services\LanManServer\Parameters"
$valueName6 = "EnableSecuritySignature"
$valueData6 = 1
# Create or update registry keys and values
$regPaths = @($regPath1, $regPath2, $regPath3, $regPath4, $regPath5, $regPath6)
$valueNames = @($valueName1, $valueName2, $valueName3, $valueName4, $valueName5, $valueName6)
$valueDatas = @($valueData1, $valueData2, $valueData3, $valueData4, $valueData5, $valueData6)
for ($i = 0; $i -lt $regPaths.Length; $i++) {
$regPath = $regPaths[$i]
$valueName = $valueNames[$i]
$valueData = $valueDatas[$i]
# Check if the registry key already exists
if (!(Test-Path $regPath)) {
# Create the registry key if it doesn't exist
New-Item -Path $regPath -Force | Out-Null
}
# Create or update the registry value
Set-ItemProperty -Path $regPath -Name $valueName -Value $valueData -Type DWORD
}
Write-Host "Registry keys and values have been created or updated successfully."
Anton_Howard I did some testing and wrote a slightly changed version of your script:
#Set keys $CertPaddingCheckPaths = @("HKLM:\Software\Microsoft\Cryptography\Wintrust\Config", "HKLM:\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config") $SecuritySignaturePaths = @("HKLM:\System\CurrentControlSet\Services\LanManWorkstation\Parameters", "HKLM:\System\CurrentControlSet\Services\LanManServer\Parameters") $EnableCertPaddingCheckKey = "EnableCertPaddingCheck" $RequireSecuritySignatureKey = "RequireSecuritySignature" $KeyValue = "1" #CertPadding foreach ($CertPaddingCheckPath in $CertPaddingCheckPaths) { # Create the registry key if it doesn't exist if (!(Test-Path $CertPaddingCheckPath)) { New-Item -Path $CertPaddingCheckPath -Force -ItemType Directory | Out-Null Write-Host Created $CertPaddingCheckPath } # Create or update the registry value Set-ItemProperty -Path $CertPaddingCheckPath -Name $EnableCertPaddingCheckKey -Value $KeyValue -Type DWORD } #SecuritySignature foreach ($SecuritySignaturePath in $SecuritySignaturePaths) { # Create the registry key if it doesn't exist if (!(Test-Path $SecuritySignaturePath)) { New-Item -Path $SecuritySignaturePath -Force -ItemType Directory | Out-Null Write-Host Created $SecuritySignaturePath } # Create or update the registry value Set-ItemProperty -Path $SecuritySignaturePath -Name $RequireSecuritySignatureKey -Value $KeyValue -Type DWORD } Write-Host "Registry keys and values have been created or updated successfully."
But the same issue, HKLM:\Software\Microsoft\Cryptography\Wintrust\Config doesn't get created... So I enabled some Transcript logging (Start-Transcript), and if I just do a new-item
HKLM:\Software\Microsoft\Cryptography\Wintrust\Config, it does create the Registry path and... It immediately gets deleted?!? Some process is checking that... So weird, I haven't found anything yet why 🙂- Anton_HowardCopper ContributorHi Harm,
I really appreciate your time with this problem. It is very odd that this is happening, but I'm glad you have come across the same problem and it's not just me 😉. It's very frustrating, so hopefully someone can find a reason why this is happening.- Perhaps some service, such as the Cryptography service, is locking this. I tried to stop that service, add Registry, and start it again, but it doesn't pick that up...