Using PowerShell for editing of registry illustrated by the example of Internet Explorer 11 Hardening (MS15-124 – critical security issue).
#-------------[deklarations]--------------------------
#source
$computers=Get-Content '\\host\shares\!scripts\!source\!computers.txt'
#logs
$successLog='\\host\shares\!scripts\!logs\done.LOG'
$errorLog='\\host\shares\!scripts\!logs\error.LOG'
$unreachableLog='\\host\shares\!scripts\!logs\unreachable.LOG'
#params
#-------------[functions]--------------------------
foreach($computer in $computers) {
if(Test-Connection -ComputerName $computer -Count 1 -Quiet) {
Try {
Write-host "Updating: $computer" -foreground 'gray'
Invoke-Command -computerName $computer -ScriptBlock {New-Item -Path 'HKLM:\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl' -Name 'FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING' -Force}
Invoke-Command -computerName $computer -ScriptBlock {New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING\' -Name iexplore.exe -Value 1 -PropertyType 'DWORD' -Force}
Invoke-Command -computerName $computer -ScriptBlock {New-Item -Path 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl' -Name 'FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING' -Force}
Invoke-Command -computerName $computer -ScriptBlock {New-ItemProperty -Path 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING\' -Name iexplore.exe -Value 1 -PropertyType 'DWORD' -Force}
Write-host "updated: $computer" -foreground 'green'
$computer >> $successLog
} Catch {
Write-host "error: $computer" -foreground 'red'
$computer >> $errorLog<br>
}
} else {
Write-host "offline: $computer" -foreground 'yellow'
$computer >> $unreachableLog
}
}
#-------------krolaki.eu--------------------------