Powershell: Corrupt Registry_POL_localmachine.ps1

Corrupt Registry POL Local Machine Script

This script is designed to detect and fix corrupted registry settings on a local machine. It's a crucial tool for system administrators who need to ensure the integrity of their Windows systems.

Prerequisites

Clear-host
#$server = read-host -Prompt "Enter Server Name"
#$wualoglines = "\\$server\c$\Windows\CCM\Logs\Wuahandler.log" 
$wualoglines = "c:\Windows\CCM\Logs\Wuahandler.log" 
$lines = get-content -path $wualoglines 
$corrupt = 0

The Script

This script starts by clearing the host and setting some variables. It then reads in a log file line by line, searching for specific error patterns that indicate corrupted registry settings.

foreach ($line in $lines) {
    if ($line -like '*0x87d00692*' -or $line -like '*0x80004005*') {
        $corrupt = 1
    }
}

How It Works

Detection Mode

The script uses a `foreach` loop to iterate through the log file lines. For each line, it checks if the line contains specific error patterns (0x87d00692 or 0x80004005). If it finds one of these patterns, it sets the `$corrupt` variable to 1.

Fix Mode

If the script detects corruption, it enters fix mode. It stops the SMS Agent Host service, renames the corrupted registry file, and then starts the SMS Agent Host service again.

if ($corrupt -eq 1) {
    write-host "`nLog file error found! on $server" -ForegroundColor Yellow -BackgroundColor Red
    Write-host "`tStopping SMS Agent Host Service on $server" -ForegroundColor Cyan
    #Invoke-command -computername $Server -scriptblock { stop-service -name CcmExec -Force } -Verbose 
    stop-service -name CcmExec -Force
    Write-host "`tRenaming Registry.pol on $server" -ForegroundColor Magenta
    #Invoke-command -computername $Server -scriptblock { rename-item -Path "c:\Windows\System32\GroupPolicy\Machine\Registry.pol" -NewName "Registry.old.pol" -Force } -verbose
    rename-item -Path "c:\Windows\System32\GroupPolicy\Machine\Registry.pol" -NewName "Registry.old.pol" -Force
    Write-host "`tStarting SMS Agent Host Service on $server" -ForegroundColor Green
    #Invoke-command -computername $Server -scriptblock { Start-Service -Name CcmExec } -verbose
    Start-Service -Name CcmExec
}

Key Code Snippets

The following code snippets are the key parts of the script that make it work:

$corrupt = 0

foreach ($line in $lines) {
    if ($line -like '*0x87d00692*' -or $line -like '*0x80004005*') {
        $corrupt = 1
    }
}

if ($corrupt -eq 1) {
    # Fix mode code here...
}

Usage Examples

This script can be used to detect and fix corrupted registry settings on a local machine. Simply run the script and follow the prompts.

Conclusion

In this blog post, we've explored the Corrupt Registry POL Local Machine Script. This script is an essential tool for system administrators who need to ensure the integrity of their Windows systems. By using this script, you can detect and fix corrupted registry settings, preventing potential issues and ensuring your systems run smoothly.