Q. Is there a way with PowerShell to check on a registry key/file and if it changes set it back?

Q. Is there a way with PowerShell to check on a registry key/file and if it changes set it back?

Q. Is there a way with PowerShell to check on a registry key/file and if it changes set it back?

A. There are many ways to achieve this. Below is a very basic example that simply does a check once a minute for a registry value and if it is not the required value it is set back:

$key = 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon'
while ($true)
{
    #Check the registry value for AutoAdminLogon
    $AutoAdminLogon = (Get-ItemProperty -Path $key -Name AutoAdminLogon).AutoAdminLogon
    if ($AutoAdminLogon -eq "0")
    {
        $timenow = [datetime]::Now
        Write-Output "$timenow - AutoAdminLogon is 0"
        #Enable the AutoAdminLogon
        Set-ItemProperty -Path $key -Name AutoAdminLogon -Value "1"
        Set-ItemProperty -Path $key -Name DefaultUsername -Value "localadmin"
        Set-ItemProperty -Path $key -Name DefaultPassword -Value "Password"
    }
    #Now wait a minute before checking again
    Start-Sleep -Seconds 60
}

Note that another approach rather than reading the registry key would be to setup a subscription to be notified if the key changed which is documented at https://msdn.microsoft.com/en-us/library/aa393035(v=vs.85).aspx. The same approach could also be used to check for files or really anything else.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish