I need the SID to be able to check the value of the registry key for the current user. I can then use that information to get the SID of the user account. WMI stores this in the “domain\username” format, but I need them separately, so I split the information from WMI at the “\” and store each part in a variable. If it is, I get the details of the currently logged in user from WMI. Next, I check if the $CurrentUserAsSystem variable was set to $true. # Set Variables $RegKeyFullPaths = "HKCU:\SOFTWARE\Policies\Microsoft\Edge\Recommended\NewTabPageLocation" ) $RegKeyExpectedValue = "" $CurrentUserAsSystem = $false In this case this is the full path to the registry keys including the name of keys, the value you expect the keys to have (all the keys need to have the same value) and if the script will be run under the system account but needs to check values under the currently logged in user. The Detection ScriptĪs proactive remediations require the script to be loaded in full and it is not possible to pass parameters on the command line, the first part is setting variables for all the values that might change. Let’s look at the detection script first. The detection script is here and the script to set the keys is here. Both scripts can be found in my GitHub Repo. MEM proactive remediation requires 2 scripts, 1 to detect whatever it is to change and 1 to apply the changes. I have created a single set of scripts that is able to be used for registry values either in the current user hive (HKCU) or in the local machine hive (HKLM) of the registry depending on your needs. Setting the value of registry items is one of those group policy preferences, so let’s have a look at how we can do this via a MEM proactive remediation. I personally even prefer applying settings through MEM instead of group policy these days, as anything configured in MEM will apply even if the device is not currently connected to the corporate network (either by being in an office or via a VPN). MEM proactive remediations are a great way to replicate what you can do in an on-prem environment with group policy preferences.
0 kommentar(er)
