Manipulating the registry via Intune push

Brass Contributor

Our goal is simple: Manipulate the registry as part of application deployment or PowerShell script.

 

Use case: When we install our VPN client, there are a raft of registry updates that need to be made to configure it for use in our environment. The easiest way of doing this is simply by importing a .reg file we've created.

 

The problem that I just can't seem to overcome is how to import a .reg file using PowerShell as part of an Intune deployment. For testing purposes, I've created a simple test registry file and I'd ideally like to use a PS script that simply has the command "reg.exe import .\1Test.reg" in it. The command runs perfectly from CLI but when I try pushing it as part of a Win32 app, it fails. When I build in other diagnostic steps, everything in the script runs perfectly except for the actual import. I've tried using the script to create a temporary directory, copy the files to it, set it as the working directory, and importing from there in case there were path issues. Everything works perfectly all the way up to the actual import, which never works.

 

I've tried using "regedit.exe /silent" as well as "reg.exe" and I've spun it off as a separate process; nothing seems to work. I think it needs to run in the user instead of system context so I've tried both of those. I'm currently at a 100% failure in my ability to figure this out and I'm hoping that someone out there in the community has dealt with this and knows the incredibly simple secret and can demystify it for me.

 

Thanks in advance for your help!

10 Replies
Hi Joe,

Have you checked this blog post? It’s using batch file not ps, it could do the job.

Moe

https://www.anoopcnair.com/deploy-registry-fix-using-intune-win32-app/
Thanks for the response, Moe! I hadn't seen that post in all the time I've spent cruising his blogs (his content is awesome, BTW) and when I tried testing using his example I had the exact same results as I've seen with my PS scripts. All commands before and after the registry import ran successfully but the registry file wasn't included.

I'm open to anything if you have any more ideas and appreciate your helping me brainstorm this.
I'll add one more piece: I've also tried using PS scripts to create registry entries directly rather than importing a .reg file. Those fail as well. Everything I do work great except my attempts to manipulate the registry in any way. I really think there's some dumb switch or setting somewhere that I'm missing, I'm just at a complete loss for what and where.
Progress! I have a major update and hope that y'all can help me narrow in on it from here.

It turns out all of my registry imports were happening and my test attempts to create new registry entries were successful as well. The issues is that instead of going into HKLM\Software\... they went into HKLM\Software\WOW6432Node. I'm working with a 64-bit version of Win11 22H2 (I just confirmed this). I'm researching the issue now but it appears to be a 32-bit vs 64-bit conundrum.

I'm posting this here as a stream of consciousness to capture it for the next person who's struggling with this. If you have any words of wisdom, I'm all ears!
Importing registry files from PS scripts on 64-bit Windows solved. It's as simple as running the import with a switch to specify 64-bit mode so they're merged where you would expect them to be.

Use this in your PowerShell script and you're good:
reg.exe import TestFile.reg /reg:64
This is awesome Joe, thanks for sharing the answer with others!

Moe

I am in the exact situation you were in, but the difference is I cannot seem to make it work. Do you have a PS1 script I can test in intune, please?

Here's the contents of a .ps1 file for you:

reg.exe import TestFile.reg /reg:64

_______________________________

If you save all of your registry updates to TestFile.reg and put the above line in your TestReg.ps1 file, you can then run:
powershell.exe -ExecutionPolicy Bypass -File .\TestReg.ps1

The configuration of the .reg file is crucial. I don't know your level of experience with them but if you're new to it, the easiest thing to do is make your changes through RegEdit.exe on a test machine and then export that registry key. Open the .reg file and delete anything you don't want included in your import and you'll be left with a properly configured .reg file that contains only the things you want changed. Run the script and it'll import the registry settings from the .reg file using the 64-bit flag in the reg.exe app.

Hello @joemclain 

 

I'm dealing with something similar.

You have already made the script. I have a question, The installation commands within Intune are these: powershell.exe -ExecutionPolicy Bypass -File .\TestReg.ps1 or how did you place them?

@joemclain 

 

You can easily Create registry keys using the Intune remediations method or via a Powershell script.