Manipulating the registry via Intune push

Occasional Contributor

Our goal is simple: Manipulate the registry as part of application deployment or PowerShell script.

 

Use case: When we install our VPN client, there are a raft of registry updates that need to be made to configure it for use in our environment. The easiest way of doing this is simply by importing a .reg file we've created.

 

The problem that I just can't seem to overcome is how to import a .reg file using PowerShell as part of an Intune deployment. For testing purposes, I've created a simple test registry file and I'd ideally like to use a PS script that simply has the command "reg.exe import .\1Test.reg" in it. The command runs perfectly from CLI but when I try pushing it as part of a Win32 app, it fails. When I build in other diagnostic steps, everything in the script runs perfectly except for the actual import. I've tried using the script to create a temporary directory, copy the files to it, set it as the working directory, and importing from there in case there were path issues. Everything works perfectly all the way up to the actual import, which never works.

 

I've tried using "regedit.exe /silent" as well as "reg.exe" and I've spun it off as a separate process; nothing seems to work. I think it needs to run in the user instead of system context so I've tried both of those. I'm currently at a 100% failure in my ability to figure this out and I'm hoping that someone out there in the community has dealt with this and knows the incredibly simple secret and can demystify it for me.

 

Thanks in advance for your help!

6 Replies
Hi Joe,

Have you checked this blog post? It’s using batch file not ps, it could do the job.

Moe

https://www.anoopcnair.com/deploy-registry-fix-using-intune-win32-app/
Thanks for the response, Moe! I hadn't seen that post in all the time I've spent cruising his blogs (his content is awesome, BTW) and when I tried testing using his example I had the exact same results as I've seen with my PS scripts. All commands before and after the registry import ran successfully but the registry file wasn't included.

I'm open to anything if you have any more ideas and appreciate your helping me brainstorm this.
I'll add one more piece: I've also tried using PS scripts to create registry entries directly rather than importing a .reg file. Those fail as well. Everything I do work great except my attempts to manipulate the registry in any way. I really think there's some dumb switch or setting somewhere that I'm missing, I'm just at a complete loss for what and where.
Progress! I have a major update and hope that y'all can help me narrow in on it from here.

It turns out all of my registry imports were happening and my test attempts to create new registry entries were successful as well. The issues is that instead of going into HKLM\Software\... they went into HKLM\Software\WOW6432Node. I'm working with a 64-bit version of Win11 22H2 (I just confirmed this). I'm researching the issue now but it appears to be a 32-bit vs 64-bit conundrum.

I'm posting this here as a stream of consciousness to capture it for the next person who's struggling with this. If you have any words of wisdom, I'm all ears!
Importing registry files from PS scripts on 64-bit Windows solved. It's as simple as running the import with a switch to specify 64-bit mode so they're merged where you would expect them to be.

Use this in your PowerShell script and you're good:
reg.exe import TestFile.reg /reg:64
This is awesome Joe, thanks for sharing the answer with others!

Moe