Forum Discussion
Registry script is changing 5 of 6 keys
I'm hoping someone can help with this, it's really starting to get on my nerves. There are some registry keys that I needed to change/create on all pc's, so I tried to bundle the changes in a win...
Hi Harm,
I really appreciate your time with this problem. It is very odd that this is happening, but I'm glad you have come across the same problem and it's not just me 😉. It's very frustrating, so hopefully someone can find a reason why this is happening.
I really appreciate your time with this problem. It is very odd that this is happening, but I'm glad you have come across the same problem and it's not just me 😉. It's very frustrating, so hopefully someone can find a reason why this is happening.
Did you ever find a solution?
- No I'm afraid not. I thought it would get more responses on here with a solution, but no luck.
It's just frustrating to be honest, if I can solve this issue then future registry changes can be rolled out with more confidence.Anton_Howard Read the article (https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2013-3900), which does a .reg import. If I do that, the EnableCertPaddingCheck is a REG_SZ, not DWORD. I modified the script for that below. Could you test that?
Set keys $CertPaddingCheckPaths = @("HKLM:\Software\Microsoft\Cryptography\Wintrust\Config", "HKLM:\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config") $SecuritySignaturePaths = @("HKLM:\System\CurrentControlSet\Services\LanManWorkstation\Parameters", "HKLM:\System\CurrentControlSet\Services\LanManServer\Parameters") $EnableCertPaddingCheckKey = "EnableCertPaddingCheck" $RequireSecuritySignatureKey = "RequireSecuritySignature" $KeyValue = "1" #CertPadding foreach ($CertPaddingCheckPath in $CertPaddingCheckPaths) { # Create the registry key if it doesn't exist if (!(Test-Path $CertPaddingCheckPath)) { New-Item -Path $CertPaddingCheckPath -Force -ItemType Directory | Out-Null Write-Host Created $CertPaddingCheckPath } # Create or update the registry value Set-ItemProperty -Path $CertPaddingCheckPath -Name $EnableCertPaddingCheckKey -Value $KeyValue -Type String } #SecuritySignature foreach ($SecuritySignaturePath in $SecuritySignaturePaths) { # Create the registry key if it doesn't exist if (!(Test-Path $SecuritySignaturePath)) { New-Item -Path $SecuritySignaturePath -Force -ItemType Directory | Out-Null Write-Host Created $SecuritySignaturePath } # Create or update the registry value Set-ItemProperty -Path $SecuritySignaturePath -Name $RequireSecuritySignatureKey -Value $KeyValue -Type DWORD } Write-Host "Registry keys and values have been created or updated successfully."
Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.
If the post was helpful in other ways, please consider giving it a Like.- Hi Harm,
Sorry, but I don't understand what this new script is. I'm running the powershell script from within Intune and I don't know how I can use this to import the script into registry instead. If I save it as .reg it will not run as it is not correct format and powershell won't run it either. The CVE page shows that there is a problem changing the registry for that particular value, but doesn't explain how to fix it as far as I can tell.