37. Registry and Powershell Part 2 PS C:\> Get-PSProvider
Name Capabilities Drives
---- ------------ ------
Alias ShouldProcess {Alias}
Environment ShouldProcess {Env}
FileSystem Filter, ShouldProcess, Credentials {C, D}
Function ShouldProcess {Function}
Registry ShouldProcess, Transactions {HKLM, HKCU}
Variable ShouldProcess {Variable}
PS C:\> PS C:\> New-Item - Path ' HKCU:\PFPT' ---- --------
PFPT
PS C:\> PS C:\> New-Item - Path ' HKCU:\PFPT\NewSubKey' ---- --------
NewSubKey
PS C:\> PS C:\> New-ItemProperty - Path ' HKCU:\PFPT' - Name Reg2 - PropertyType String - Value 2
Reg2 : 2
PSPath : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\PFPT
PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER
PSChildName : PFPT
PSDrive : HKCU
PSProvider : Microsoft.PowerShell.Core\Registry
PS C:\> PS C:\> Rename-Item HKCU:\PFPT\NewSubKey - NewName RenamedSubKey PS C:\> Rename-ItemProperty HKCU:\PFPT - Name Reg2 - NewName Reg3 PS C:\> Set-ItemProperty - Path HKCU:\PFPT - Name Reg3 - Value 45
Attach the Degugger to the Sticky Keys executable
PS C:\> New-Item ' HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe' ---- --------
sethc.exe
PS C:\> PS C:\> New-ItemProperty ' HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe' - Name Degugger - PropertyType String - Value cmd.exe
Degugger : cmd.exe
PSPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe
PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
PSChildName : sethc.exe
PSDrive : HKLM
PSProvider : Microsoft.PowerShell.Core\Registry
PS C:\>
Write a script which:
Disables Macro Security by editing the Registry, if it is enabled.
Enables Macro Security, if it is not enabled
