@AJP_UK,
####################
## Variables List ##
####################
$TargetPortal = 'YourPortal'
##################
## Start Script ##
##################
# Regex pattern for SIDs
$PatternSID = 'S-1-5-21-\d+-\d+\-\d+\-\d+$'
# Get Username, SID, and location of ntuser.dat for all users
$ProfileList = Get-ItemProperty 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\*' | Where-Object {$_.PSChildName -match $PatternSID} |
Select-Object @{name="SID";expression={$_.PSChildName}},
@{name="UserHive";expression={"$($_.ProfileImagePath)\ntuser.dat"}},
@{name="Username";expression={$_.ProfileImagePath -replace '^(.*[\\\/])', ''}}
# Get all user SIDs found in HKEY_USERS (ntuder.dat files that are loaded)
$LoadedHives = Get-ChildItem Registry::HKEY_USERS | Where-Object {$_.PSChildname -match $PatternSID} | Select-Object @{name="SID";expression={$_.PSChildName}}
# Get all users that are not currently logged
$UnloadedHives = Compare-Object $ProfileList.SID $LoadedHives.SID | Select-Object @{name="SID";expression={$_.InputObject}}, UserHive, Username
# Loop through each profile on the machine
Foreach ($item in $ProfileList) {
# Load User ntuser.dat if it's not already loaded
IF ($item.SID -in $UnloadedHives.SID) {
reg load HKU\$($Item.SID) $($Item.UserHive)
}
#####################################################################
# This is where you can read/modify a users portion of the registry
# Grab the LastUrl String
"{0}" -f $($item.Username) | Write-Output
$ItemPath = "registry::HKEY_USERS\" + $item.SID + "\Software\Palo Alto Networks\GlobalProtect\Settings"
if (Test-Path $ItemPath){
$LastUrl = Get-ItemPropertyValue $ItemPath -Name LastUrl
if (-NOT ($LastUrl -eq $TargetPortal)){
New-ItemProperty -Path $ItemPath -Name LastUrl -Value $TargetPortal -PropertyType String -Force
}
else {
Write-Host "$(item.Username) : LastUrl value matches $TargetPortal"
}
}
#####################################################################
# Unload ntuser.dat
IF ($item.SID -in $UnloadedHives.SID) {
### Garbage collection and closing of ntuser.dat ###
[gc]::Collect()
reg unload HKU\$($Item.SID) | Out-Null
}
}
# Update Machine Strings #
$PanSetup = "registry::HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\PanSetup"
$PanSettings = "registry::HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\Settings"
if (Test-Path $PanSetup){
$Portal = Get-ItemPropertyValue $PanSetup -Name Portal
if (-NOT ($Portal -eq $TargetPortal)){
New-ItemProperty -Path $PanSetup -Name Portal -Value $TargetPortal -PropertyType String -Force
}
}
if (Test-Path $PanSettings){
$LastUrl = Get-ItemPropertyValue $PanSettings -Name LastUrl
if (-NOT ($LastUrl -eq $TargetPortal)){
New-ItemProperty -Path $PanSettings -Name LastUrl -Value $TargetPortal -PropertyType String -Force
}
}
... View more