时间戳

首页 > 解决方案 > 设置脚本以编辑注册表中的扩展白名单

powershell - 设置脚本以编辑注册表中的扩展白名单

问题描述

我正在通过编写一个脚本来学习一些在powershell中编写的脚本,我可以通过阻止chrome和edge中的扩展并创建一个白名单来帮助设置工作中的计算机,但是我的脚本没有按照它应该的方式运行,我不确定我搞砸了逻辑。我也真的希望它是可破译的,一旦我让它做我想做的事,我会在这方面付出很多努力来整理它。

这是脚本的一部分,似乎有点混乱,我已经包含了我的变量以帮助理解我正在尝试做什么,并且我安装了 PoSh Registry 模块以进行注册表调整。

    #Registry Variables
$DefaultAppUpdateURL = "https://clients2.google.com/service/update2/crx"
#Extension Data for whitelisting
$Serene = "falnmchlgbngpmiifgbpgophmdflgiff;$DefaultAppUpdateURL"
$Lastpass = "hdokiejnpimakedhajhdlcegeplioahd;$DefaultAppUpdateURL"
$ADBlocker = "gighmmpiobklfepjocnamgkkbiglidom;$DefaultAppUpdateURL"

 $computer = "MS107B44463257"

#Extensions for Whitelisting
    $WhitelistApps = $Serene,$Lastpass,$ADBlocker

Foreach ($App in $WhitelistApps)      
    {$NumWhitelistedEdgeApps = get-RegValue -ComputerName $computer -Hive LocalMachine -key SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallForcelist |Select-Object -Property value | Measure-Object |Select-Object -ExpandProperty count
     $NumWhitelistedChromeApps = get-RegValue -ComputerName $computer -Hive LocalMachine -key SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist |Select-Object -Property value | Measure-Object |Select-Object -ExpandProperty count
     $NewChromeEntry = $NumWhitelistedChromeApps + 1
     $NewEdgeEntry = $NumWhitelistedEdgeApps + 1        
     
     #Getting whitelist registry entries to see if they exist and are correct
      $EdgeWhitelistEntry = Get-RegValue -ComputerName $computer -Hive LocalMachine -key SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallForcelist |Select-Object -ExpandProperty data
      $ChromeWhitelistEntry = Get-RegValue -ComputerName $computer -Hive LocalMachine -key SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist |Select-Object -ExpandProperty data   
    
     $SetEdgeWhitelistValue = Set-RegString -ComputerName $computer -Hive LocalMachine -key SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallForcelist -value $NewEdgeEntry -data $App -force
     $SetChromeWhitelistValue = Set-RegString -ComputerName $computer -Hive LocalMachine -key SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist -value $NewChromeEntry -data $App -force
     
     
      If ($EdgeWhitelistEntry -eq $App -and $ChromeWhitelistEntry -eq $app)
        {write-host "$app on $computer is whitelisted in Edge and Chrome 1" -ForegroundColor Green}
    
        Elseif ($EdgeWhitelistEntry -ne $App -and $ChromeWhitelistEntry -eq $app)
        {write-host "$app on $computer is whitelisted Chrome but not Edge" -ForegroundColor Red
        $SetEdgeWhitelistValue
        Write-Host "$app is whitelisted for chrome and edge 2" -ForegroundColor Green}
    
        Elseif ($EdgeWhitelistEntry -eq $App -and $ChromeWhitelistEntry -ne $app)
        {write-host "$app on $computer is whitelisted Edge but not Chrome" -ForegroundColor Red
        $SetChromeWhitelistValue
        Write-Host "$app is whitelisted for chrome and edge 3" -ForegroundColor Green}
        
        
        Elseif ($EdgeWhitelistEntry -ne $App -and $ChromeWhitelistEntry -ne $app)
        {write-host "$app is not whitelisted for Chrome or Edge " -ForegroundColor Red
        $SetEdgeWhitelistValue
        $SetChromeWhitelistValue
        Write-Host "$app on $computer is whitelisted for chrome and edge 4" -ForegroundColor Green}
        
        else 
        {Write-Host "adding $app on $computer failed" -ForegroundColor red}}

我已将数字放入写入主机输出中,因此我知道它正在执行的代码位,以便在故障排除期间更容易。这些将在我的最终代码中删除。

我第一次运行它时,一切似乎都在做我想做的事,它会将条目放入我目前正在测试的 3 个扩展的注册表中,即 Serene Lastpass 和 ADBlocker,并为我提供以下输出。

falnmchlgbngpmiifgbpgophmdflgiff;https://clients2.google.com/service/update2/crx is not whitelisted for Chrome or Edge 
falnmchlgbngpmiifgbpgophmdflgiff;https://clients2.google.com/service/update2/crx on MS107B44463257 is whitelisted for chrome and edge 4
hdokiejnpimakedhajhdlcegeplioahd;https://clients2.google.com/service/update2/crx is not whitelisted for Chrome or Edge 
hdokiejnpimakedhajhdlcegeplioahd;https://clients2.google.com/service/update2/crx on MS107B44463257 is whitelisted for chrome and edge 4
gighmmpiobklfepjocnamgkkbiglidom;https://clients2.google.com/service/update2/crx is not whitelisted for Chrome or Edge 
gighmmpiobklfepjocnamgkkbiglidom;https://clients2.google.com/service/update2/crx on MS107B44463257 is whitelisted for chrome and edge 4

但是,当第二次运行它时,不仅仅是说所有 3 个扩展都存在于 chrome 和边缘白名单上,而是将它们再次写入注册表并给我以下输出

falnmchlgbngpmiifgbpgophmdflgiff;https://clients2.google.com/service/update2/crx on MS107B44463257 is whitelisted in Edge and Chrome 1
hdokiejnpimakedhajhdlcegeplioahd;https://clients2.google.com/service/update2/crx on MS107B44463257 is whitelisted in Edge and Chrome 1
gighmmpiobklfepjocnamgkkbiglidom;https://clients2.google.com/service/update2/crx on MS107B44463257 is whitelisted in Edge and Chrome 1

循环的每次后续运行都给出与上述输出相同的结果,但它不断将新条目写入注册表,看起来它检查注册表,看到扩展已经存在,点击我的 If 语句的第一部分,然后无论如何都会将另一组写入注册表。因此,如果我运行循环 4 次,我最终会在注册表的白名单中输入 12 个条目。

我还尝试更改 If 语句的顺序,并将顶部的 If 语句切换为底部的 ElseIf 语句,它仍然只是点击顶部语句,执行它并写入额外的条目。

我不明白写作来自哪里,因为我没有要求它在我获取写入主机输出的语句部分中进行任何注册表更改。

################################################# ######################### 编辑:好的,所以我已经完成并简化了代码,我想出了以下内容仍在做多个条目。我尝试添加一个我在另一个脚本中使用过的衬里,该衬里应该获取当前注册表项及其数据的列表,然后将其与我希望添加的列表扩展名进行比较,并删除那些加倍的扩展名。

    #Registry Variables
    $DefaultAppUpdateURL = "https://clients2.google.com/service/update2/crx"

    #Extension Data for whitelisting
    $Serene = "falnmchlgbngpmiifgbpgophmdflgiff;$DefaultAppUpdateURL"
    $Lastpass = "hdokiejnpimakedhajhdlcegeplioahd;$DefaultAppUpdateURL"
    $ADBlocker = "gighmmpiobklfepjocnamgkkbiglidom;$DefaultAppUpdateURL"


    #Extensions for Whitelisting
    $NewChromeWhiteListedApps = $Serene,$Lastpass,$ADBlocker
#Getting whitelist registry entries to see if they exist in the list
              $ChromeWhitelistRegistryList = Get-RegValue -ComputerName $computer -Hive LocalMachine -key SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist |Select-Object -ExpandProperty data  
    
        <#This Gets a list of Extensions that are currently installed in the browsers and removes them from the list of Extensions to be whitelisted so we can only add single entries into the registry
        rather than new entries for each time the script is run #>
        $WhitelistedChromeAppsToBeAllowed = $NewChromeWhiteListedApps.Where{$_.Name -notin $ChromeWhitelistRegistryList}
            
        
        Foreach ($App in $WhitelistedChromeAppsToBeAllowed)      
            {<#This is for setting the name of the Extension in the registry, it will count the number of entries in the ForceInstall registry key for both chrome and edge, add 1 and use that as the name 
            of the next entry to add the app data into #>
             
             $NumWhitelistedChromeApps = get-RegValue -ComputerName $computer -Hive LocalMachine -key $ChromeWhiteList |Select-Object -Property value | Measure-Object |Select-Object -ExpandProperty count
             $NewChromeEntry = $NumWhitelistedChromeApps + 1
                   
             
             
            #This is to set the extension in the registry
             Set-RegString -ComputerName $computer -Hive LocalMachine -key $ChromeWhiteList -value $NewChromeEntry -data $App -force}

################################################# ######################## EDIT number 2 我设法用 IF 语句解决了它

#Extension Registry Variables
$DefaultAppUpdateURL = "https://clients2.google.com/service/update2/crx"

#Extension Data for whitelisting
$Serene = "falnmchlgbngpmiifgbpgophmdflgiff;$DefaultAppUpdateURL"
$Lastpass = "hdokiejnpimakedhajhdlcegeplioahd;$DefaultAppUpdateURL"
$ADBlocker = "gighmmpiobklfepjocnamgkkbiglidom;$DefaultAppUpdateURL"


#Extensions for Whitelisting
$NewChromeWhiteListedApps = $Serene,$Lastpass,$ADBlocker
    
#Getting whitelist registry entries to see if they exist and are correct
$ChromeWhitelistRegistryList = Get-RegValue -ComputerName $computer -Hive LocalMachine -key $ChromeWhiteList |Select-Object -ExpandProperty data  
 
      
    Foreach ($App in $NewChromeWhiteListedApps)      
        {<#This is for setting the name of the Extension in the registry, it will count the number of entries in the ForceInstall registry key for both chrome and edge, add 1 and use that as the name 
        of the next entry to add the app data into #>
         
         $NumWhitelistedChromeApps = get-RegValue -ComputerName $computer -Hive LocalMachine -key $ChromeWhiteList |Select-Object -Property value | Measure-Object |Select-Object -ExpandProperty count
         $NewChromeEntry = $NumWhitelistedChromeApps + 1
               
                If ($ChromeWhitelistRegistryList -eq $App)
                    {Write-Host "$App is in $computer Chrome Whitelist registry" -ForeGroundColor Green}
            
                Elseif ($ChromeWhitelistRegistryList -ne $App)
                    {Write-Host "$App is not in $computer Chrome Whitelist registry" -ForeGroundColor Red
                    Set-RegString -ComputerName $computer -Hive LocalMachine -key $ChromeWhiteList -value $NewChromeEntry -data $App -force
                    Write-Host "$App is now in $computer Chrome Whitelist registry" -ForeGroundColor Green}
                Else
                    {Write-Host "Adding $App to $computer Chrome Whitelist Failed" -ForeGroundColor Red}}

标签: powershellloopsregistry

解决方案

推荐阅读