-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathClear-GpoRegistrySettings.ps1
112 lines (73 loc) · 3.25 KB
/
Clear-GpoRegistrySettings.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
<#
.SYNOPSIS
This cmdlet is used to rebuild the registry.pol machine group policy settings
.DESCRIPTION
Rename the registry.pol file to rebuild a local machines group policy settings
.PARAMETER NewName
Define a location to save the backup of the registry.pol file using this value
.PARAMETER SkipGpUpdate
Tell the cmdlet to not execute a gpupdate after renaming the registry.pol machine group policy file
.EXAMPLE
Clear-GpoRegistrySettings
# This example renames C:\Windows\System32\GroupPolicy\Machine\Registry.pol to C:\Windows\System32\GroupPolicy\Machine\Registry.old and runs a gpupdate
.EXAMPLE
Clear-GpoRegistrySettings -NewName C:\Windows\System32\GroupPolicy\Machine\Registry.old
# This example renames C:\Windows\System32\GroupPolicy\Machine\Registry.pol to C:\Windows\System32\GroupPolicy\Machine\Registry.old and runs a gpupdate
.EXAMPLE
Clear-GpoRegistrySettings -SkipGpUpdate
# This example renames C:\Windows\System32\GroupPolicy\Machine\Registry.pol to C:\Windows\System32\GroupPolicy\Machine\Registry.old and does not run a gpupdate
.NOTES
Author: Robert H. Osborne
Alias: tobor
Contact: [email protected]
.INPUTS
None
.OUTPUTS
None
.LINK
https://osbornepro.com
https://btpssecpack.osbornepro.com
https://writeups.osbornepro.com
https://github.com/OsbornePro
https://github.com/tobor88
https://www.powershellgallery.com/profiles/tobor
https://www.hackthebox.eu/profile/52286
https://www.linkedin.com/in/roberthosborne/
https://www.credly.com/users/roberthosborne/badges
#>
Function Clear-GpoRegistrySettings {
[CmdletBinding(SupportsShouldProcess)]
param(
[Parameter(
Position=0,
Mandatory=$False,
ValueFromPipeline=$False)] # End Parameter
[String]$NewName = "C:\Windows\System32\GroupPolicy\Machine\Registry.old",
[Parameter(
Mandatory=$False)] # End Parameter
[Switch][Bool]$SkipGpUpdate
) # End param
$RegPolPath = "C:\Windows\System32\GroupPolicy\Machine\Registry.pol"
If (Test-Path -Path $RegPolPath -ErrorAction SilentlyContinue) {
If ($PSCmdlet.ShouldProcess($NewName)) {
Write-Output "[*] $RegPolPath file verified to exist, renaming file"
Move-Item -Path $RegPolPath -Destination $NewName -Force -Confirm:$False -PassThru -ErrorVariable $MoveFailed
If ($MoveFailed) {
Write-Ouput "[x] Failed to rename Registry.pol file to $NewName"
} # End If
If (Test-ComputerSecureChannel) {
If (!($SkipGpUpdate.IsPresent)) {
Write-Output "[*] Performing group policy update"
gpupdate /force
} # End If
} Else {
Throw "[x] $env:COMPUTERNAME : Domain trust failed, group policy update can not be performed"
} # End If Else
} Else {
# Rename $RegPolPath to $NewName and performs a group policy update
Move-Item -Path $RegPolPath -Destination $NewName -Force -Confirm:$False -PassThru -WhatIf
} # End If Else
} Else {
Write-Error "[x] $RegPolPath file does NOT exist!"
} # End If Else
} # End Function Clear-GpoRegistrySettings