Private/Set-RegistryConfiguration.ps1

<#
.SYNOPSIS
    Configures registry settings by loading an NTUSER.DAT file, modifying specified registry paths, and unloading the hive.
 
.DESCRIPTION
    This function loads a specified NTUSER.DAT file into a temporary registry hive, removes specific registry paths, and then unloads the hive.
 
.PARAMETER LogPath
    The path to the log file where messages will be recorded.
 
.PARAMETER NtuserDatPath
    The path to the NTUSER.DAT file to be loaded into the registry.
 
.PARAMETER RegistryPaths
    The registry paths to be removed from the loaded hive.
 
.EXAMPLE
    Set-RegistryConfiguration -LogPath "C:\path\to\logfile.log" -NtuserDatPath "C:\Users\Default\NTUSER.DAT"
    Remove registry paths using default paths
 
.EXAMPLE
    Set-RegistryConfiguration -LogPath "C:\Logs\RegistryUpdate.log" -NtuserDatPath "C:\Users\User\NTUSER.DAT" -RegistryPaths @("Software\Path1", "Software\Path2")
    Remove registry paths using specified paths
#>


function Set-RegistryConfiguration {
    [Diagnostics.CodeAnalysis.SuppressMessageAttribute(
        <#Category#>'PSUseShouldProcessForStateChangingFunctions',
        <#CheckId#>'', Scope='Function',
        Justification = 'Not needed for a private cmdlet'
    )]
    [CmdletBinding()]
    param (
        [Parameter(Mandatory = $true, HelpMessage = "Path to the log file where log messages will be written.")]
        [string] $LogPath,

        [Parameter(Mandatory = $true, HelpMessage = "Path to the NTUSER.DAT file.")]
        [string] $NtuserDatPath,

        [Parameter(Mandatory = $false, HelpMessage = "Array of registry paths to remove. If not specified, default paths will be used.")]
        [string[]] $RegistryPaths
    )

    if (-not (Test-Path $NtuserDatPath)) {
        Write-Log -Message "NTUSER.DAT path does not exist: $NtuserDatPath" -LogPath $LogPath
        return
    }

    $hiveName = "TempHive_" + (Get-Date -Format "yyyyMMddHHmm")

    $loadSuccess = $false
    for ($i = 0; $i -lt 3; $i++) {
        $loadResult = Start-Process -FilePath "reg.exe" -ArgumentList "load HKLM\$hiveName $NtuserDatPath" -NoNewWindow -PassThru -Wait | Out-String
        if ($loadResult -match "ERROR") {
            Write-Log -Message "Attempt $($i+1) failed to load NTUSER.DAT: $loadResult" -LogPath $LogPath
            Start-Sleep -Seconds 5
        } else {
            Write-Log -Message "Successfully loaded NTUSER.DAT on attempt $($i+1)" -LogPath $LogPath
            $loadSuccess = $true
            break
        }
    }

    if (-not $loadSuccess) {
        Write-Log -Message "Failed to load NTUSER.DAT after multiple attempts" -LogPath $LogPath
        return
    }

    # Use default registry paths if none are specified
    if (-not $RegistryPaths) {
        $RegistryPaths = @(
            "Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders",
            "Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders",
            "Software\Policies\Microsoft\OneDrive",
            "SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2",
            "Network\a",
            "SOFTWARE\Policies\Microsoft\office\16.0\outlook",
            "SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook",
            "SOFTWARE\Microsoft\Office\16.0\Outlook"
        )
    }

    foreach ($path in $RegistryPaths) {
        $fullPath = "HKLM:\$hiveName\$path"
        if (-not (Test-Path $fullPath)) {
            Write-Log -Message "Registry path does not exist: $fullPath" -LogPath $LogPath
            continue
        }

        try {
            Remove-Item $fullPath -Recurse -Force
            Write-Log -Message "Removed registry path: $fullPath" -LogPath $LogPath
        } catch {
            Write-Log -Message "Failed to remove registry path: $fullPath. Error: $_" -LogPath $LogPath
        }
    }

    $unloadSuccess = $false
    for ($i = 0; $i -lt 3; $i++) {
        $unloadResult = Start-Process -FilePath "reg.exe" -ArgumentList "unload HKLM\$hiveName" -NoNewWindow -PassThru -Wait | Out-String
        if ($unloadResult -match "ERROR") {
            Write-Log -Message "Attempt $($i+1) failed to unload $hiveName : $unloadResult" -LogPath $LogPath
            Start-Sleep -Seconds 5
        } else {
            Write-Log -Message "Successfully unloaded NTUSER.DAT from HKLM\$hiveName on attempt $($i+1)" -LogPath $LogPath
            $unloadSuccess = $true
            break
        }
    }

    if (-not $unloadSuccess) {
        Write-Log -Message "Failed to unload $hiveName after multiple attempts" -LogPath $LogPath
    }

    if (Test-Path "HKLM:\$hiveName") {
        try {
            Remove-Item "HKLM:\$hiveName" -Recurse -Force
            Write-Log -Message "Successfully removed the hive: HKLM\$hiveName" -LogPath $LogPath
        } catch {
            Write-Log -Message "Failed to remove the hive: HKLM\$hiveName. Error: $_" -LogPath $LogPath
        }
    }
}