rzander / reg2ci Goto Github PK

View Code? Open in Web Editor NEW

101.0 8.0 16.0 6.46 MB

Create System Center Configuration manager ConfigItem (CI's) from a .reg (Registry) or a .pol (Policy) file.

License: Microsoft Public License

C# 13.70% JavaScript 85.78% ASP.NET 0.53%

sccm ci registry policy

reg2ci's People

Contributors

Stargazers

Watchers

Forkers

drempiricism noodled bashtech deomaximo rickmahabeersingh kurtdegreeff trumby ducs dmrepos deanbrighton zmyxpt digitalarche l2g2h thexmeta thatadminguy jeff-jerousek

reg2ci's Issues

Registry entries with a forward slash aren't created correctly.

For example this key

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\AES 128/128]
"Enabled"=dword:ffffffff

Creates this code

Reg2CI (c) 2021 by Roger Zander

if((Test-Path -LiteralPath "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\AES 128/128") -ne $true) { New-Item "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\AES 128/128" -force -ea SilentlyContinue };
New-ItemProperty -LiteralPath 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\AES 128/128' -Name 'Enabled' -Value -1 -PropertyType DWord -Force -ea SilentlyContinue;

and when run creates the following

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\AES 128\128]
"Enabled"=dword:ffffffff

The difference being "AES 128/128" vs "AES 128\128"

Unhandled Exception

****** Reg2CI (c) 2018 by Roger Zander ******

Unhandled Exception: System.Xml.XmlException: An error occurred while parsing EntityName. Line 9, position 128.
   at System.Xml.XmlTextReaderImpl.Throw(Exception e)
   at System.Xml.XmlTextReaderImpl.ParseEntityName()
   at System.Xml.XmlTextReaderImpl.ParseEntityReference()
   at System.Xml.XmlTextReaderImpl.Read()
   at System.Xml.XmlLoader.LoadNode(Boolean skipOverWhitespace)
   at System.Xml.XmlLoader.ParsePartialContent(XmlNode parentNode, String innerxmltext, XmlNodeType nt)
   at System.Xml.XmlElement.set_InnerXml(String value)
   at REG2CI.RegFile.CreatePSXMLAll(String SettingName, String Description, String PSHive)
   at REG2CI.RegFile..ctor(String fileName, Boolean X64, String CIName)
   at REG2CI.Program.Main(String[] args)

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\SIV]
"License Key"="00000000-00000000-NA--NA-NA"
"License Check"=dword:5cbf7f53
"LINK-BID"=hex(7):48,00,49,00,44,00,5c,00,56,00,49,00,44,00,5f,00,31,00,42,00,\
  31,00,43,00,26,00,50,00,49,00,44,00,5f,00,31,00,43,00,30,00,35,00,5c,00,37,\
  00,26,00,32,00,41,00,44,00,37,00,34,00,46,00,42,00,34,00,26,00,30,00,26,00,\
  30,00,30,00,30,00,30,00,00,00,55,00,53,00,42,00,5c,00,56,00,49,00,44,00,5f,\
  00,31,00,42,00,31,00,43,00,26,00,50,00,49,00,44,00,5f,00,30,00,43,00,31,00,\
  35,00,5c,00,37,00,32,00,38,00,39,00,5f,00,32,00,2e,00,30,00,00,00,00,00
"AIO LNP to CLNP"=dword:00000002
"Latest Check"=dword:5ca3545c
"POS_HWMSTS_X"=dword:0000022b
"POS_HWMSTS_Y"=dword:00000054
"POS_AIOSTS_X"=dword:00000155
"POS_AIOSTS_Y"=dword:0000026d
"POS_AIOFAN_X"=dword:0000010f
"POS_AIOFAN_Y"=dword:0000025c
"POS_AIOPSU_X"=dword:0000017b
"POS_AIOPSU_Y"=dword:0000029f
"POS_AIODEV_X"=dword:0000019d
"POS_AIODEV_Y"=dword:00000000
"SIV X"=dword:000001a4
"SIV Y"=dword:00000000
"TEMP-BID-01-0-H100iPro Pump"="H100iPro Temp 1"
"TEMP-BID-01-0-H100iPro Fan 1"="H100iPro Temp 1"
"TEMP-BID-01-0-H100iPro Fan 2"="H100iPro Temp 1"
"POS_TFMSTS_X"=dword:000001cd
"POS_TFMSTS_Y"=dword:0000005f
"POS_AIOMAX_X"=dword:000001d6
"POS_AIOMAX_Y"=dword:00000000
"POS_SMART_X"=dword:00000185
"POS_SMART_Y"=dword:00000096
"POS_TFASTS_X"=dword:000001d0
"POS_TFASTS_Y"=dword:000002d6
"POS_APIC_X"=dword:000001c3
"POS_APIC_Y"=dword:00000000
"POS_CPUSTS_X"=dword:00000340
"POS_CPUSTS_Y"=dword:000000c1
"POS_USAGE_X"=dword:000001c3
"POS_USAGE_Y"=dword:00000000
"POS_HIGHLIGHT_X"=dword:000002c4
"POS_HIGHLIGHT_Y"=dword:00000072
"POS_BENCH_X"=dword:00000214
"POS_BENCH_Y"=dword:00000069

Bug when generating script for Get-ItemPropertyValue

When generating a script for something like a check for the bound SSL certificate in IIS the script doesn't work. the [byte[]] string is formatted with extra ( and ' which breaks it.
Stripping it down to [byte[]](string) fixes the issue.

if((Get-ItemPropertyValue -LiteralPath 'HKLM:\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\SslBindingInfo\0.0.0.0:443' -Name 'AppId' -ea SilentlyContinue) -join ',' -eq ('([byte[]]( string ))' -join ',')) { }
This was not a problem a while back.

Wrong conversion escaped doublequotes in reg file

[HKEY_CURRENT_USER\Software\Classes\PDFXEdit.PDF\shell\Signal\shell\f_Help\command]
@=""C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" "https://website.com/Site.aspx\""

will be converted to

if((Test-Path -LiteralPath "HKCU:\Software\Classes\PDFXEdit.PDF\shell\Signal\shell\f_Help\command") -ne $true) { New-Item "HKCU:\Software\Classes\PDFXEdit.PDF\shell\Signal\shell\f_Help\command" -force -ea SilentlyContinue };
New-ItemProperty -LiteralPath 'HKCU:\Software\Classes\PDFXEdit.PDF\shell\Signal\shell\f_Help\command' -Name '(default)' -Value '"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" "https://website.com/Site.aspx\' -PropertyType String -Force -ea SilentlyContinue;

original value is
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" "https://website/Site.aspx"

but will be after excuting PS

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" "https://website.com/Site.aspx\

which is wrong.

Unable to convert .reg file.

Windows Registry Editor Version 5.00

; ------ Enable Citrix Netscaler Gateway icon in tasktray ------
[HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\Secure Access Client]
"AllowCleanup"=dword:00000001
"DisableIconHide"=dword:00000001

; ------ Enable IE Enterprise Mode ------
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode]
"Enable"=""

; ------ Block Execution of Macros in Office2016 documents coming from the internet ------
[HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\office\16.0\excel\security]
"blockcontentexecutionfrominternet"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\office\16.0\powerpoint\security]
"blockcontentexecutionfrominternet"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\office\16.0\word\security]
"blockcontentexecutionfrominternet"=dword:00000001

; ------ Prevent First Things First, Word File format dialog and Skype quick tips and Help Skype improve window ------
; 13Oct2017 - not allowed to deploy these improvements
[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\General]
"ShownFileFmtPrompt"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Lync]
"IsBasicTutorialSeenByUser"=dword:00000001
"UserConsentedTelemetryUpload"=dword:00000000

;[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\setup]
;"DisableOffice365SimplifiedAccountCreation"=dword:00000000

; ------ Add https://autodiscover.delagelanden.com to local intranet zone Sites (to prevent certificate popups Outlook/Skype and perform autologon) ------
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\customer.com\autodiscover]
"https"=dword:00000002

;Supress Autodiscover redirect warning for autodiscover.delagelanden.com
[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\AutoDiscover\RedirectServers]
"autodiscover.customer.com"=hex(0):

[HKEY_CURRENT_USER\Software\Microsoft\Exchange]
"AlwaysUseMSOAuthForAutoDiscover"=dword:00000001

; ------ Set Trusted Domain List (to prevent certificate warnings because autodiscover domain is different than mail domain (see KB2833618) ------
[HKEY_CURRENT_USER\software\policies\microsoft\office\16.0\lync]
"trustmodeldata"="lync.com, lync.glbdns.microsoft.com, microsoftonline.com, outlook.com"

; ------ Disable the cloud-based discovery logic because it conflicts with our hybrid setup (see KB3135145) ------
;[HKEY_LOCAL_MACHINE\software\policies\microsoft\office\16.0\lync]
;"DisableCloudBasedDiscovery"=dword:00000001

Sorry, I broke your page

I managed to break your page doing something a bit extreme. I had an issue where .net v4 was giving problems and I decided to try and copy the registry settings from a working machine to a problem machine.

The branch I wanted to copy was HKLM\software\microsoft.netframework
Its huge. The .reg file is 1Mb.

the whole file didn't work, which didn't surprise me. So I tried to slice up the file and used Reg2Cl on chunks of 3-5000 lines at a time. I tried larger but it would fail.

What I did find was that, after converting quite a few large blocks, the page simply stopped responding. It did't matter how small the registry entry was, it didn't work - it returned a server error. I was able to open the page in another browser and continue so I assume theres a cached value or something similar.

I was able to convert the whole branch, so thank you very much, but this also means that theres nothing in the exported file which is an issue, the problem was the large number of entries I was trying to convert

Do you think it's possible to integrate current user policies with a script

Currently I modify this script for detection and remediation of HKCU\software\policies because otherwise the items return "access denied"

https://www.pdq.com/blog/modifying-the-registry-of-another-user/

It gets a little tedious filling out each one, rather than just importing them like I do machine policies.

Looking on suggestions of how could I modify Reg2CI or Reg2PS to make use of the registry hive loop.

Exit codes as per MS requirements?

Currently https://reg2ps.azurewebsites.net/ seems to output check scripts with: return $false or $true

Whereas MS states that "A remediation script only runs if the detection script uses exit code: exit 1, meaning the issue was detected."(https://learn.microsoft.com/en-us/mem/analytics/remediations)

Forgive my ignorance if return $false is the same as exit 1, but given that I have run across a couple websites that recommend editing the reg2ps output to use exit 1 and some colleagues that claim reg2ps output doesn't work, I thought I would take a second to log it as an issue for your clarification.

cheers,

Issue with adding multiple strings as values with spaces.

Wanted to inform you something I found.

Registry I put in the converter.
[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Png\shell\open\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,
6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,
00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,00,73,00,
25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,50,00,68,00,6f,
00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,72,00,5c,00,50,00,68,00,
6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,65,00,72,00,2e,00,64,00,6c,00,6c,
00,22,00,2c,00,20,00,49,00,6d,00,61,00,67,00,65,00,56,00,69,00,65,00,77,00,
5f,00,46,00,75,00,6c,00,6c,00,73,00,63,00,72,00,65,00,65,00,6e,00,20,00,25,
00,31,00,00,00

What the converter gave me.
New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Classes\PhotoViewer.FileAssoc.Png\shell\open\command' -Name '(default)' -Value "%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" -PropertyType ExpandString -Force -ea SilentlyContinue;

What I had to do to get it to work. I had to put another set of " around the %ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll . When only one set, it would stop at Windows due to the space. This happened with 3 other registries that were similar.

New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Classes\PhotoViewer.FileAssoc.Png\shell\open\command' -Name '(default)' -Value "%SystemRoot%\System32\rundll32.exe ""%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll"", ImageView_Fullscreen %1" -PropertyType ExpandString -Force -ea SilentlyContinue;

Error unable to convert

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\RunVirtual]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\RunVirtual\excel.exe]
@="b57326c2-5a80-42a7-b633-a55e19f3f5d3_69c5de76-cd51-4797-9990-ee19d6de2613"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\RunVirtual\outlook.exe]
@="b57326c2-5a80-42a7-b633-a55e19f3f5d3_69c5de76-cd51-4797-9990-ee19d6de2613"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\RunVirtual\powerpnt.exe]
@="b57326c2-5a80-42a7-b633-a55e19f3f5d3_69c5de76-cd51-4797-9990-ee19d6de2613"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\RunVirtual\winword.exe]
@="b57326c2-5a80-42a7-b633-a55e19f3f5d3_69c5de76-cd51-4797-9990-ee19d6de2613"

Registry Path with no Key Value doesn't provide a test check (it does provide a remediation script)

To Replicate:

Enter:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned]
Into the 'Registry to Powershell' field and select 'Get Check Script'
The result is:

# Reg2CI (c) 2019 by Roger Zander
try {
}
catch { return $false }
return $true

(It's missing what it's supposed to be checking.)

When one selects 'Get Remediation Script' there is a remediation script provided:

# Reg2CI (c) 2019 by Roger Zander
if((Test-Path -LiteralPath "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned") -ne $true) {  New-Item "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned" -force -ea SilentlyContinue };

Script cannot handle extra leading spaces or spaces around "="

If I convert

`Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
"DefaultSecureProtocols"=dword:00000800

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
"DefaultSecureProtocols"=dword:00000800

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions" = dword:00000001
"SchUseStrongCrypto" = dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions" = dword:00000001
"SchUseStrongCrypto" = dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions" = dword:00000001
"SchUseStrongCrypto" = dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions" = dword:00000001
"SchUseStrongCrypto" = dword:00000001`

I get really strange results like
New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\WOW6432Node\Microsoft.NETFramework\v4.0.30319' -Name 'SchUseStrongCrypto ' -Value ' dword:00000001' -PropertyType String -Force -ea SilentlyContinue;

Issues with registry paths containing asterisk (*)

Output of the script will hang powershell if registry paths contain asterisk *.
Solution for this is to prepend -LiteralPath

For example:

if((Test-Path "HKLM:\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip") -ne $true) {  New-Item "HKLM:\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip" -force -ea SilentlyContinue };

if((Test-Path -LiteralPath "HKLM:\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip") -ne $true) {  New-Item -LiteralPath  "HKLM:\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip" -force -ea SilentlyContinue };

It's rare enough issue that is easy to fix by hand, just thought I'd share it.

Thanks a lot for the script by the way, very handy!!!

rzander / reg2ci Goto Github PK

reg2ci's People

Contributors

Stargazers

Watchers

Forkers

reg2ci's Issues

Reg2CI (c) 2021 by Roger Zander

Recommend Projects

Recommend Topics

Recommend Org

Jobs