Search code examples
windowspowershellregistryinvoke-commandnew-item

Unable to create Registry value through Powershell

I have multiple machines that need certificate padding enabled. My script looks like this:

$ComputerName = Read-Host "Please Enter Computer Name"

Invoke-Command -ComputerName $ComputerName -ScriptBlock {
    $RegPath1 = "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config"
    $RegPath2 = "HKLM:\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config"
    $ValueName = "EnableCertPaddingCheck"
    $Value = "1"

    $RegistryKey = Test-Path -Path $RegPath1
    if ($RegistryKey -eq "True") {
        Write-Host -f Green "***Certificate Padding is Already Enabled***"
    }
    else {
            New-Item -Path $RegPath1
            New-ItemProperty -Path $RegPath1 -Name $ValueName -Value $Value

            New-Item -Path $RegPath2
            New-ItemProperty -Path $RegPath2 -Name $ValueName -Value
            if ($RegistryKey -eq "True") {
                Write-Host -f Green "Certificate Padding Has Been Enabled."
            }
            else {
                Write-Host -f Red "Something Went Wrong!"
            }
    }

However I receive these errors when running the script:

The registry key at the specified path does not exist.
    + CategoryInfo          : InvalidArgument: (HKEY_LOCAL_MACH...graphy\Wintrust:String) [New-Item], ArgumentException
    + FullyQualifiedErrorId : System.ArgumentException,Microsoft.PowerShell.Commands.NewItemCommand
    + PSComputerName        : localhost

Cannot find path 'HKLM:\Software\Microsoft\Cryptography\Wintrust\Config' because it does not exist.
    + CategoryInfo          : ObjectNotFound: (HKLM:\Software\...Wintrust\Config:String) [Set-ItemProperty], ItemNotFoundException
    + FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.SetItemPropertyCommand
    + PSComputerName        : localhost

Cannot find path 'HKLM:\Software\Microsoft\Cryptography\Wintrust\Config' because it does not exist.
    + CategoryInfo          : ObjectNotFound: (HKLM:\Software\...Wintrust\Config:String) [Set-ItemProperty], ItemNotFoundException
    + FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.SetItemPropertyCommand
    + PSComputerName        : localhost

When I enter a pssession on the remote machine and try to use:

New-Item -Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config"

I receive the first error message about the path not existing. Is this because I am missing the parent directories, and New-Item does not create parents?

Solution 
  • $ComputerName = Read-Host "Please Enter Computer Name"

Invoke-Command -ComputerName $ComputerName -ScriptBlock {
    $RegPath1 = "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config"
    $RegPath2 = "HKLM:\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config"
    $ValueName = "EnableCertPaddingCheck"
    $Value = "1"

    $RegistryKey = Test-Path -Path $RegPath1
    if ($RegistryKey -eq "True") {
        Write-Host -f Green "***Certificate Padding is Already Enabled***"
    }
    else {
            New-Item -Path $RegPath1 -Force | Out-Null
            New-ItemProperty -Path $RegPath1 -Name $ValueName -Value $Value

            New-Item -Path $RegPath2 -Force | Out-Null
            New-ItemProperty -Path $RegPath2 -Name $ValueName -Value
            if ($RegistryKey -eq "True") {
                Write-Host -f Green "Certificate Padding Has Been Enabled."
            }
            else {
                Write-Host -f Red "Something Went Wrong!"
            }
    }

    It was in fact because I needed to specify the creation of parent keys. This is the new script. Thank you to @Mathias R. Jessen for confirming this.