我有多台机器需要启用证书填充。我的脚本如下所示:
$ComputerName = Read-Host "Please Enter Computer Name"
Invoke-Command -ComputerName $ComputerName -ScriptBlock {
$RegPath1 = "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config"
$RegPath2 = "HKLM:\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config"
$ValueName = "EnableCertPaddingCheck"
$Value = "1"
$RegistryKey = Test-Path -Path $RegPath1
if ($RegistryKey -eq "True") {
Write-Host -f Green "***Certificate Padding is Already Enabled***"
}
else {
New-Item -Path $RegPath1
New-ItemProperty -Path $RegPath1 -Name $ValueName -Value $Value
New-Item -Path $RegPath2
New-ItemProperty -Path $RegPath2 -Name $ValueName -Value
if ($RegistryKey -eq "True") {
Write-Host -f Green "Certificate Padding Has Been Enabled."
}
else {
Write-Host -f Red "Something Went Wrong!"
}
}
但是,我在运行脚本时收到这些错误:
The registry key at the specified path does not exist.
+ CategoryInfo : InvalidArgument: (HKEY_LOCAL_MACH...graphy\Wintrust:String) [New-Item], ArgumentException
+ FullyQualifiedErrorId : System.ArgumentException,Microsoft.PowerShell.Commands.NewItemCommand
+ PSComputerName : localhost
Cannot find path 'HKLM:\Software\Microsoft\Cryptography\Wintrust\Config' because it does not exist.
+ CategoryInfo : ObjectNotFound: (HKLM:\Software\...Wintrust\Config:String) [Set-ItemProperty], ItemNotFoundException
+ FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.SetItemPropertyCommand
+ PSComputerName : localhost
Cannot find path 'HKLM:\Software\Microsoft\Cryptography\Wintrust\Config' because it does not exist.
+ CategoryInfo : ObjectNotFound: (HKLM:\Software\...Wintrust\Config:String) [Set-ItemProperty], ItemNotFoundException
+ FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.SetItemPropertyCommand
+ PSComputerName : localhost
当我在远程计算机上输入 psession 并尝试使用时:
New-Item -Path "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config"
我收到第一条关于路径不存在的错误消息。这是因为我缺少父目录,而 New-Item 没有创建父目录吗?
$ComputerName = Read-Host "Please Enter Computer Name"
Invoke-Command -ComputerName $ComputerName -ScriptBlock {
$RegPath1 = "Registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config"
$RegPath2 = "HKLM:\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config"
$ValueName = "EnableCertPaddingCheck"
$Value = "1"
$RegistryKey = Test-Path -Path $RegPath1
if ($RegistryKey -eq "True") {
Write-Host -f Green "***Certificate Padding is Already Enabled***"
}
else {
New-Item -Path $RegPath1 -Force | Out-Null
New-ItemProperty -Path $RegPath1 -Name $ValueName -Value $Value
New-Item -Path $RegPath2 -Force | Out-Null
New-ItemProperty -Path $RegPath2 -Name $ValueName -Value
if ($RegistryKey -eq "True") {
Write-Host -f Green "Certificate Padding Has Been Enabled."
}
else {
Write-Host -f Red "Something Went Wrong!"
}
}
其实是因为我需要指定父键的创建。这是新脚本。 感谢@Mathias R. Jessen 确认这一点。