Pages

Monday, 24 June 2024

User based detection

function getloggedindetails() {
    ##Find logged in username
    $user = Get-WmiObject Win32_Process -Filter "Name='explorer.exe'" |
      ForEach-Object { $_.GetOwner() } |
      Select-Object -Unique -Expand User
   
        $path= "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\*"
        $sid = (Get-ItemProperty -Path $path | Where-Object { $_.ProfileImagePath -like "*$user" }).PSChildName

    $return = $sid, $user
   
    return $return
    }
    $loggedinuser = getloggedindetails
    $username = $loggedinuser[1]
   $File = "C:\users\$username\AppData\Local\Microsoft\Teams.jpg"
   if (Test-Path $File) {
    write-output "Teams Update detected, exiting"
    exit 0
    }
   else {
    exit 1
    }



    #####Registry
        $loggedinuser = getloggedindetails
        ##Set key

        $sid = $loggedinuser[0]
        $Path = "Registry::HKU\$sid\SOFTWARE\7-Zip"
        $Name = "Path"
        $Type = "STRING"
        $Value = "C:\Program Files\7-Zip\"

        Try {
            $Registry = Get-ItemProperty -Path $Path -Name $Name -ErrorAction Stop | Select-Object -ExpandProperty $Name
            If ($Registry -eq $Value){
                Write-Output "Detected"
               Exit 0
            }
            Exit 1
        }
        Catch {
            Exit 1
                write-host "not detected"
            write-host $path
        }
at No comments:

Monday, 17 June 2024

User registry through PS

 New-PSDrive HKU Registry HKEY_USERS | Out-Null

$user = Get-WmiObject -Class Win32_ComputerSystem | Select-Object -ExpandProperty Username
$sid = (New-Object System.Security.Principal.NTAccount($user)).Translate([System.Security.Principal.SecurityIdentifier]).Value
$key = "HKU:\$sid\Software\Test"
$reg = Get-Item -Path $key -ErrorAction SilentlyContinue

if (-not $reg) {
    Write-Host "Registry key didn't exist, creating it now"
    New-Item -Path "HKU:\$sid\Software" -Name "Test" -Force | Out-Null
}

if (-not $reg) {
    Write-Host "Registry key didn't exist, creating it now"
    New-ItemProperty -Path "HKU:\$sid\Software\Test" -Name "Testing" -Value "working" -PropertyType String | Out-Null
} else {
    Write-Host "Registry key changed to 1"
    Set-ItemProperty -Path "HKU:\$sid\Software\Test" -Name "Testing" -Value "working" | Out-Null
}

at No comments:
Subscribe to: Posts (Atom)

User based detection

function getloggedindetails () {     ##Find logged in username     $user = Get-WmiObject Win32_Process - Filter "Name='explorer...

Search This Blog