Forum Discussion

Anton_Howard's avatar
Anton_Howard
Copper Contributor
Sep 05, 2023

Registry script is changing 5 of 6 keys

I'm hoping someone can help with this, it's really starting to get on my nerves.   There are some registry keys that I needed to change/create on all pc's, so I tried to bundle the changes in a win...
Intune
mobile device management (mdm)
Harm_Veenstra's avatar
Harm_Veenstra
MVP
Sep 23, 2023

Anton_Howard I did some testing and wrote a slightly changed version of your script:

 

#Set keys
$CertPaddingCheckPaths = @("HKLM:\Software\Microsoft\Cryptography\Wintrust\Config", "HKLM:\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config")
$SecuritySignaturePaths = @("HKLM:\System\CurrentControlSet\Services\LanManWorkstation\Parameters", "HKLM:\System\CurrentControlSet\Services\LanManServer\Parameters")
$EnableCertPaddingCheckKey = "EnableCertPaddingCheck"
$RequireSecuritySignatureKey = "RequireSecuritySignature"
$KeyValue = "1"

#CertPadding
foreach ($CertPaddingCheckPath in $CertPaddingCheckPaths) {
    # Create the registry key if it doesn't exist
    if (!(Test-Path $CertPaddingCheckPath)) {
        New-Item -Path $CertPaddingCheckPath -Force -ItemType Directory | Out-Null
        Write-Host Created $CertPaddingCheckPath
    }
    # Create or update the registry value
    Set-ItemProperty -Path $CertPaddingCheckPath -Name $EnableCertPaddingCheckKey -Value $KeyValue -Type DWORD
}

#SecuritySignature
foreach ($SecuritySignaturePath in $SecuritySignaturePaths) {
    # Create the registry key if it doesn't exist
    if (!(Test-Path $SecuritySignaturePath)) {
        New-Item -Path $SecuritySignaturePath -Force -ItemType Directory | Out-Null
        Write-Host Created $SecuritySignaturePath
    }
    # Create or update the registry value
    Set-ItemProperty -Path $SecuritySignaturePath -Name $RequireSecuritySignatureKey -Value $KeyValue -Type DWORD
}

Write-Host "Registry keys and values have been created or updated successfully."

 

But the same issue, HKLM:\Software\Microsoft\Cryptography\Wintrust\Config doesn't get created... So I enabled some Transcript logging (Start-Transcript), and if I just do a new-item 

HKLM:\Software\Microsoft\Cryptography\Wintrust\Config, it does create the Registry path and... It immediately gets deleted?!? Some process is checking that... So weird, I haven't found anything yet why 🙂 
  • Anton_Howard's avatar
    Anton_Howard
    Copper Contributor
    Sep 25, 2023
    Hi Harm,
    I really appreciate your time with this problem. It is very odd that this is happening, but I'm glad you have come across the same problem and it's not just me 😉. It's very frustrating, so hopefully someone can find a reason why this is happening.
    • Harm_Veenstra's avatar
      Harm_Veenstra
      MVP
      Oct 23, 2023
      Did you ever find a solution?
      • Anton_Howard's avatar
        Anton_Howard
        Copper Contributor
        Oct 23, 2023
        No I'm afraid not. I thought it would get more responses on here with a solution, but no luck.
        It's just frustrating to be honest, if I can solve this issue then future registry changes can be rolled out with more confidence.
    • Harm_Veenstra's avatar
      Harm_Veenstra
      MVP
      Sep 25, 2023
      Perhaps some service, such as the Cryptography service, is locking this. I tried to stop that service, add Registry, and start it again, but it doesn't pick that up...

Resources