rzander / reg2ci Goto Github PK
View Code? Open in Web Editor NEWCreate System Center Configuration manager ConfigItem (CI's) from a .reg (Registry) or a .pol (Policy) file.
License: Microsoft Public License
Create System Center Configuration manager ConfigItem (CI's) from a .reg (Registry) or a .pol (Policy) file.
License: Microsoft Public License
For example this key
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\AES 128/128]
"Enabled"=dword:ffffffff
Creates this code
if((Test-Path -LiteralPath "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\AES 128/128") -ne $true) { New-Item "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\AES 128/128" -force -ea SilentlyContinue };
New-ItemProperty -LiteralPath 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\AES 128/128' -Name 'Enabled' -Value -1 -PropertyType DWord -Force -ea SilentlyContinue;
and when run creates the following
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\AES 128\128]
"Enabled"=dword:ffffffff
The difference being "AES 128/128" vs "AES 128\128"
****** Reg2CI (c) 2018 by Roger Zander ******
Unhandled Exception: System.Xml.XmlException: An error occurred while parsing EntityName. Line 9, position 128.
at System.Xml.XmlTextReaderImpl.Throw(Exception e)
at System.Xml.XmlTextReaderImpl.ParseEntityName()
at System.Xml.XmlTextReaderImpl.ParseEntityReference()
at System.Xml.XmlTextReaderImpl.Read()
at System.Xml.XmlLoader.LoadNode(Boolean skipOverWhitespace)
at System.Xml.XmlLoader.ParsePartialContent(XmlNode parentNode, String innerxmltext, XmlNodeType nt)
at System.Xml.XmlElement.set_InnerXml(String value)
at REG2CI.RegFile.CreatePSXMLAll(String SettingName, String Description, String PSHive)
at REG2CI.RegFile..ctor(String fileName, Boolean X64, String CIName)
at REG2CI.Program.Main(String[] args)
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\SIV]
"License Key"="00000000-00000000-NA--NA-NA"
"License Check"=dword:5cbf7f53
"LINK-BID"=hex(7):48,00,49,00,44,00,5c,00,56,00,49,00,44,00,5f,00,31,00,42,00,\
31,00,43,00,26,00,50,00,49,00,44,00,5f,00,31,00,43,00,30,00,35,00,5c,00,37,\
00,26,00,32,00,41,00,44,00,37,00,34,00,46,00,42,00,34,00,26,00,30,00,26,00,\
30,00,30,00,30,00,30,00,00,00,55,00,53,00,42,00,5c,00,56,00,49,00,44,00,5f,\
00,31,00,42,00,31,00,43,00,26,00,50,00,49,00,44,00,5f,00,30,00,43,00,31,00,\
35,00,5c,00,37,00,32,00,38,00,39,00,5f,00,32,00,2e,00,30,00,00,00,00,00
"AIO LNP to CLNP"=dword:00000002
"Latest Check"=dword:5ca3545c
"POS_HWMSTS_X"=dword:0000022b
"POS_HWMSTS_Y"=dword:00000054
"POS_AIOSTS_X"=dword:00000155
"POS_AIOSTS_Y"=dword:0000026d
"POS_AIOFAN_X"=dword:0000010f
"POS_AIOFAN_Y"=dword:0000025c
"POS_AIOPSU_X"=dword:0000017b
"POS_AIOPSU_Y"=dword:0000029f
"POS_AIODEV_X"=dword:0000019d
"POS_AIODEV_Y"=dword:00000000
"SIV X"=dword:000001a4
"SIV Y"=dword:00000000
"TEMP-BID-01-0-H100iPro Pump"="H100iPro Temp 1"
"TEMP-BID-01-0-H100iPro Fan 1"="H100iPro Temp 1"
"TEMP-BID-01-0-H100iPro Fan 2"="H100iPro Temp 1"
"POS_TFMSTS_X"=dword:000001cd
"POS_TFMSTS_Y"=dword:0000005f
"POS_AIOMAX_X"=dword:000001d6
"POS_AIOMAX_Y"=dword:00000000
"POS_SMART_X"=dword:00000185
"POS_SMART_Y"=dword:00000096
"POS_TFASTS_X"=dword:000001d0
"POS_TFASTS_Y"=dword:000002d6
"POS_APIC_X"=dword:000001c3
"POS_APIC_Y"=dword:00000000
"POS_CPUSTS_X"=dword:00000340
"POS_CPUSTS_Y"=dword:000000c1
"POS_USAGE_X"=dword:000001c3
"POS_USAGE_Y"=dword:00000000
"POS_HIGHLIGHT_X"=dword:000002c4
"POS_HIGHLIGHT_Y"=dword:00000072
"POS_BENCH_X"=dword:00000214
"POS_BENCH_Y"=dword:00000069
When generating a script for something like a check for the bound SSL certificate in IIS the script doesn't work. the [byte[]] string is formatted with extra ( and ' which breaks it.
Stripping it down to [byte[]](string)
fixes the issue.
if((Get-ItemPropertyValue -LiteralPath 'HKLM:\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\SslBindingInfo\0.0.0.0:443' -Name 'AppId' -ea SilentlyContinue) -join ',' -eq ('([byte[]]( string ))' -join ',')) { }
This was not a problem a while back.
[HKEY_CURRENT_USER\Software\Classes\PDFXEdit.PDF\shell\Signal\shell\f_Help\command]
@=""C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" "https://website.com/Site.aspx\""
will be converted to
if((Test-Path -LiteralPath "HKCU:\Software\Classes\PDFXEdit.PDF\shell\Signal\shell\f_Help\command") -ne $true) { New-Item "HKCU:\Software\Classes\PDFXEdit.PDF\shell\Signal\shell\f_Help\command" -force -ea SilentlyContinue };
New-ItemProperty -LiteralPath 'HKCU:\Software\Classes\PDFXEdit.PDF\shell\Signal\shell\f_Help\command' -Name '(default)' -Value '"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" "https://website.com/Site.aspx\' -PropertyType String -Force -ea SilentlyContinue;
original value is
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" "https://website/Site.aspx"
but will be after excuting PS
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" "https://website.com/Site.aspx\
which is wrong.
Windows Registry Editor Version 5.00
; ------ Enable Citrix Netscaler Gateway icon in tasktray ------
[HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\Secure Access Client]
"AllowCleanup"=dword:00000001
"DisableIconHide"=dword:00000001
; ------ Enable IE Enterprise Mode ------
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode]
"Enable"=""
; ------ Block Execution of Macros in Office2016 documents coming from the internet ------
[HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\office\16.0\excel\security]
"blockcontentexecutionfrominternet"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\office\16.0\powerpoint\security]
"blockcontentexecutionfrominternet"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\office\16.0\word\security]
"blockcontentexecutionfrominternet"=dword:00000001
; ------ Prevent First Things First, Word File format dialog and Skype quick tips and Help Skype improve window ------
; 13Oct2017 - not allowed to deploy these improvements
[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\General]
"ShownFileFmtPrompt"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Lync]
"IsBasicTutorialSeenByUser"=dword:00000001
"UserConsentedTelemetryUpload"=dword:00000000
;[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\setup]
;"DisableOffice365SimplifiedAccountCreation"=dword:00000000
; ------ Add https://autodiscover.delagelanden.com to local intranet zone Sites (to prevent certificate popups Outlook/Skype and perform autologon) ------
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\customer.com\autodiscover]
"https"=dword:00000002
;Supress Autodiscover redirect warning for autodiscover.delagelanden.com
[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\AutoDiscover\RedirectServers]
"autodiscover.customer.com"=hex(0):
[HKEY_CURRENT_USER\Software\Microsoft\Exchange]
"AlwaysUseMSOAuthForAutoDiscover"=dword:00000001
; ------ Set Trusted Domain List (to prevent certificate warnings because autodiscover domain is different than mail domain (see KB2833618) ------
[HKEY_CURRENT_USER\software\policies\microsoft\office\16.0\lync]
"trustmodeldata"="lync.com, lync.glbdns.microsoft.com, microsoftonline.com, outlook.com"
; ------ Disable the cloud-based discovery logic because it conflicts with our hybrid setup (see KB3135145) ------
;[HKEY_LOCAL_MACHINE\software\policies\microsoft\office\16.0\lync]
;"DisableCloudBasedDiscovery"=dword:00000001
I managed to break your page doing something a bit extreme. I had an issue where .net v4 was giving problems and I decided to try and copy the registry settings from a working machine to a problem machine.
The branch I wanted to copy was HKLM\software\microsoft.netframework
Its huge. The .reg file is 1Mb.
the whole file didn't work, which didn't surprise me. So I tried to slice up the file and used Reg2Cl on chunks of 3-5000 lines at a time. I tried larger but it would fail.
What I did find was that, after converting quite a few large blocks, the page simply stopped responding. It did't matter how small the registry entry was, it didn't work - it returned a server error. I was able to open the page in another browser and continue so I assume theres a cached value or something similar.
I was able to convert the whole branch, so thank you very much, but this also means that theres nothing in the exported file which is an issue, the problem was the large number of entries I was trying to convert
Currently I modify this script for detection and remediation of HKCU\software\policies because otherwise the items return "access denied"
https://www.pdq.com/blog/modifying-the-registry-of-another-user/
It gets a little tedious filling out each one, rather than just importing them like I do machine policies.
Looking on suggestions of how could I modify Reg2CI or Reg2PS to make use of the registry hive loop.
Currently https://reg2ps.azurewebsites.net/ seems to output check scripts with: return $false or $true
Whereas MS states that "A remediation script only runs if the detection script uses exit code: exit 1, meaning the issue was detected."(https://learn.microsoft.com/en-us/mem/analytics/remediations)
Forgive my ignorance if return $false is the same as exit 1, but given that I have run across a couple websites that recommend editing the reg2ps output to use exit 1 and some colleagues that claim reg2ps output doesn't work, I thought I would take a second to log it as an issue for your clarification.
cheers,
Wanted to inform you something I found.
Registry I put in the converter.
[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Png\shell\open\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,
6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,
00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,00,73,00,
25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,50,00,68,00,6f,
00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,72,00,5c,00,50,00,68,00,
6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,65,00,72,00,2e,00,64,00,6c,00,6c,
00,22,00,2c,00,20,00,49,00,6d,00,61,00,67,00,65,00,56,00,69,00,65,00,77,00,
5f,00,46,00,75,00,6c,00,6c,00,73,00,63,00,72,00,65,00,65,00,6e,00,20,00,25,
00,31,00,00,00
What the converter gave me.
New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Classes\PhotoViewer.FileAssoc.Png\shell\open\command' -Name '(default)' -Value "%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1" -PropertyType ExpandString -Force -ea SilentlyContinue;
What I had to do to get it to work. I had to put another set of " around the %ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll . When only one set, it would stop at Windows due to the space. This happened with 3 other registries that were similar.
New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Classes\PhotoViewer.FileAssoc.Png\shell\open\command' -Name '(default)' -Value "%SystemRoot%\System32\rundll32.exe ""%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll"", ImageView_Fullscreen %1" -PropertyType ExpandString -Force -ea SilentlyContinue;
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\RunVirtual]
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\RunVirtual\excel.exe]
@="b57326c2-5a80-42a7-b633-a55e19f3f5d3_69c5de76-cd51-4797-9990-ee19d6de2613"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\RunVirtual\outlook.exe]
@="b57326c2-5a80-42a7-b633-a55e19f3f5d3_69c5de76-cd51-4797-9990-ee19d6de2613"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\RunVirtual\powerpnt.exe]
@="b57326c2-5a80-42a7-b633-a55e19f3f5d3_69c5de76-cd51-4797-9990-ee19d6de2613"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\RunVirtual\winword.exe]
@="b57326c2-5a80-42a7-b633-a55e19f3f5d3_69c5de76-cd51-4797-9990-ee19d6de2613"
To Replicate:
Enter:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned]
Into the 'Registry to Powershell' field and select 'Get Check Script'
The result is:
# Reg2CI (c) 2019 by Roger Zander
try {
}
catch { return $false }
return $true
(It's missing what it's supposed to be checking.)
When one selects 'Get Remediation Script' there is a remediation script provided:
# Reg2CI (c) 2019 by Roger Zander
if((Test-Path -LiteralPath "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned") -ne $true) { New-Item "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned" -force -ea SilentlyContinue };
If I convert
`Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
"DefaultSecureProtocols"=dword:00000800
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
"DefaultSecureProtocols"=dword:00000800
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions" = dword:00000001
"SchUseStrongCrypto" = dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions" = dword:00000001
"SchUseStrongCrypto" = dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions" = dword:00000001
"SchUseStrongCrypto" = dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions" = dword:00000001
"SchUseStrongCrypto" = dword:00000001`
I get really strange results like
New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\WOW6432Node\Microsoft.NETFramework\v4.0.30319' -Name 'SchUseStrongCrypto ' -Value ' dword:00000001' -PropertyType String -Force -ea SilentlyContinue;
Output of the script will hang powershell if registry paths contain asterisk *
.
Solution for this is to prepend -LiteralPath
For example:
if((Test-Path "HKLM:\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip") -ne $true) { New-Item "HKLM:\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip" -force -ea SilentlyContinue };
to
if((Test-Path -LiteralPath "HKLM:\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip") -ne $true) { New-Item -LiteralPath "HKLM:\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip" -force -ea SilentlyContinue };
It's rare enough issue that is easy to fix by hand, just thought I'd share it.
Thanks a lot for the script by the way, very handy!!!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.