Powershell Syntax Issue

Welcome Forums General PowerShell Q&A Powershell Syntax Issue

This topic contains 6 replies, has 4 voices, and was last updated by

 
Participant
1 day, 12 hours ago.

  • Author
    Posts
  • #127398

    Participant
    Points: -3
    Rank: Member

    Hello, new to the forum. Want to say thank you in advance for any and all assistance on this post. I have been racked my brain on an problem I am having with an apparent syntax issue. I am writing a script for an SCCM deployment that remediates a Group Policy vulnerability (MS015-11) by detecting the presence of two registry values, and then writing two new values if those values do not exist. The link below provides more detail.

    https://www.stigviewer.com/stig/windows_10/2016-06-24/finding/V-63577

    The problem I am running into is the value contains an asterisk symbol (*), so it is treating it like a wildcard and not a literal asterisk. I tried using the back-tick character (`) in front of the asterisk to escape the character, but the back-tick then becomes part of the string.I think it's just a syntax I am missing.  Here is my code. Any ideas would be greatly appreciated. Also, I am somewhat of a PS noob, so please go easy on me 🙂

    #Function to test presence of registry value
    function Test-RegistryValue {
        param (
        [parameter(Mandatory=$true)]
        [ValidateNotNullOrEmpty()]$Path,
        [parameter(Mandatory=$true)]
        [ValidateNotNullOrEmpty()]$Name
              )
    try {
    Get-ItemProperty -Path $Path -Name $Name -ErrorAction Stop | Out-Null
    return $true
        }
    catch {
    return $false
          }
    }
    
    ###Variables
    $RegKey_HardenedPaths = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths"
    $RegVal_NETLOGON = '\\*\NETLOGON' ###Note the asterisk
    $RegVal_SYSVOL = '\\*\SYSVOL' 
    ###Tried adding the back-tick to escape the character, but it then literally adds the back-tick into my string.
    $RegVal_NETLOGON_BACKTICK = '\\`*\NETLOGON'
    $RegVal_SYSVOL_BACKTICK = '\\`*\SYSVOL'
    $Test_NETLOGON = Test-RegistryValue -path $RegKey_HardenedPaths -Name $RegVal_NETLOGON
    $Test_SYSVOL = Test-RegistryValue -path $RegKey_HardenedPaths -Name $RegVal_SYSVOL
    
    ###When I run the function, the Get-ItemProperty cmdlet returns null, so the if statement interprets this as True, even though the reg values do not exist.
    If ($Test_NETLOGON -eq $False -or $Test_SYSVOL -eq $False)
    {
        New-ItemProperty -Path $RegKey_HardenedPaths -Name $RegVal_NETLOGON -Value "RequireMutualAuthentication=1, RequireIntegrity=1" -PropertyType "String" | Out-Null
        New-ItemProperty -Path $RegKey_HardenedPaths -Name $RegVal_SYSVOL  -Value "RequireMutualAuthentication=1, RequireIntegrity=1" -PropertyType "String" | Out-Null
        Write-Host "UNC Path Hardening has been applied"
    }
    Else
    {
    Write-Host "UNC Path Hardenening is already enabled"
    Return $True
    }
  • #127416

    Keymaster
    Points: 1,704
    Helping HandTeam Member
    Rank: Community Hero

    Use -LiteralPath instead of -Path.

    • #129495

      Participant
      Points: -3
      Rank: Member

      Sorry for the late response! I have a question for you, Don. You suggest using -LiteralPath in Get-ItemProperty instead of -Path. However, the path to the registry key isn't the issue, it is the registry value giving me issues because of the asterisk. Is there a comparable switch to -LiteralPath that I can use for the -Name switch?

  • #127433

    Participant
    Points: 290
    Helping Hand
    Rank: Contributor

    Also, you have a server named *? I can't help but think that would cause all manner of interesting issues! 🙂

    • #129498

      Participant
      Points: -3
      Rank: Member

      Hey Joel, thanks for the response. the asterisk * is a wildcard, so the path would cover any domain controller. I could instead use absolute paths as a workaround, but this issue with the asterisk is really bugging me and my OCD has kicked into overdrive! 🙂

  • #129554

    Participant
    Points: 290
    Helping Hand
    Rank: Contributor

    I'm not really sure if \\*\ is a valid UNC path at all, but I have a feeling it's causing PowerShell to attempt to enumerate every possible IPAddress, which would doubtless take forever or just make it give up sooner or later. I think you'll need to figure out the available machine DNS names in advance before you loop through them and query one path at a time.

  • #129569

    Participant
    Points: 105
    Helping Hand
    Rank: Participant

    Get-ItemProperty doesn't throw an error, if the path exists. So, no throwing in the case of path+no value – it simply returns null.

    I'm thinking this will catch both situations:

    function Test-RegistryValue {
        param (
            [parameter(Mandatory=$true)]
            [ValidateNotNullOrEmpty()]$Path,
            [parameter(Mandatory=$true)]
            [ValidateNotNullOrEmpty()]$Name
        )
    
        try {
            $result = Get-ItemProperty -Path $Path -Name $Name -ErrorAction Stop
        }
        catch {
            $result = $null
        }
    
        $null -ne $result
    }

You must be logged in to reply to this topic.