Private/Set-RegistryConfiguration.ps1
|
<#
.SYNOPSIS Configures registry settings by loading an NTUSER.DAT file, modifying specified registry paths, and unloading the hive. .DESCRIPTION This function loads a specified NTUSER.DAT file into a temporary registry hive, removes specific registry paths, and then unloads the hive. .PARAMETER LogPath The path to the log file where messages will be recorded. .PARAMETER NtuserDatPath The path to the NTUSER.DAT file to be loaded into the registry. .PARAMETER RegistryPaths The registry paths to be removed from the loaded hive. .EXAMPLE Set-RegistryConfiguration -LogPath "C:\path\to\logfile.log" -NtuserDatPath "C:\Users\Default\NTUSER.DAT" Remove registry paths using default paths .EXAMPLE Set-RegistryConfiguration -LogPath "C:\Logs\RegistryUpdate.log" -NtuserDatPath "C:\Users\User\NTUSER.DAT" -RegistryPaths @("Software\Path1", "Software\Path2") Remove registry paths using specified paths #> function Set-RegistryConfiguration { [CmdletBinding()] param ( [Parameter(Mandatory = $true, HelpMessage = "Path to the log file where log messages will be written.")] [string] $LogPath, [Parameter(Mandatory = $true, HelpMessage = "Path to the NTUSER.DAT file.")] [string] $NtuserDatPath, [Parameter(Mandatory = $false, HelpMessage = "Array of registry paths to remove. If not specified, default paths will be used.")] [string[]] $RegistryPaths ) # Check if the NTUSER.DAT path exists if (-not (Test-Path -Path $NtuserDatPath)) { Write-Log -Message "NTUSER.DAT path does not exist: $NtuserDatPath" -LogPath $LogPath return } # Generate a unique hive name to avoid conflicts $hiveName = "TempHive_" + (Get-Date -Format "yyyyMMddHHmm") try { # Load the NTUSER.DAT file into the registry reg load "HKLM\$hiveName" $NtuserDatPath 2>&1 | Out-Null # Define paths to key registry locations within the loaded hive $RegistryPaths = @( "HKLM:\$hiveName\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders", "HKLM:\$hiveName\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders", "HKLM:\$hiveName\Software\Policies\Microsoft\OneDrive", "HKLM:\$hiveName\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2", "HKLM:\$hiveName\Network\a", "HKLM:\$hiveName\SOFTWARE\Policies\Microsoft\office\16.0\outlook", "HKLM:\$hiveName\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook", "HKLM:\$hiveName\SOFTWARE\Microsoft\Office\16.0\Outlook" ) # Remove specified registry paths foreach ($path in $RegistryPaths) { if (Test-Path -Path $path) { try { Remove-Item -Path $path -Recurse -Force Write-Log -Message "Removed registry path: $path" -LogPath $LogPath } catch { Write-Log -Message "Failed to remove registry path: $path. Error: $_" -LogPath $LogPath } } else { Write-Log -Message "Registry path does not exist, skipping: $path" -LogPath $LogPath } } } catch { Write-Log -Message "Failed to load NTUSER.DAT: $_" -LogPath $LogPath return } finally { # Ensure the hive is unloaded even if errors occur $maxRetries = 6 $retryCount = 0 while ($retryCount -lt $maxRetries) { $unloadResult = reg unload "HKLM\$hiveName" 2>&1 if ($unloadResult -match "ERROR") { Write-Log -Message "Attempt $($retryCount + 1): Failed to unload $hiveName : $unloadResult" -LogPath $LogPath $retryCount++ Start-Sleep -Seconds 5 } else { Write-Log -Message "Successfully unloaded NTUSER.DAT from HKLM\$hiveName" -LogPath $LogPath break } } if ($retryCount -eq $maxRetries) { Write-Log -Message "Failed to unload $hiveName after $maxRetries attempts." -LogPath $LogPath } } } |