Adding Registry Entries With Powershell

Working at an MSP, I’ve been trying to script a lot of the repetitious tasks I have to do with Powershell. One of the smaller ones is hiding a local admin account on non domain computers.

Usually, I would have to navigate into the registry to HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon and create a new key, called SpecialAccounts, and then another new key called UserList and then add a new dword value with the name of the account. That’s a lot of work!

Today, I fired up Google and Powershell ISE and came up with this simple, simple script:

New-Item -Path “HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon” -Name SpecialAccounts –Force
New-Item -Path “HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts” -Name UserList –Force
New-ItemProperty “HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList” -Name “[LOCAL ACCOUNT NAME]” -Value 1 -PropertyType “DWord”

Saved it as a PS1 script file and ran it on my computer successfully.

 

Securely Transmitting Passwords

I’ve been doing a lot of research recently on secure methods of password sharing. Being in IT, I have to share many passwords each day and also have passwords shared with me by clients.

My favorite so far is ZeroBin. It is no-frills, open source (so anyone can vet it), and fairly simple. It requires no database and doesn’t store any information in a database. It is as simple as downloading the components, throwing it on a web server and going to the index page. That’s it. I did it on my server here and have been using it personally with no issues.

You can set messages / data to delete after a certain amount of time, like 5 or 10 minutes, or longer… 10 – 30 days.

How is this secure?

  • The text or data is encrypted & compressed inside the browser, then sent to the server already encrypted
  • The server has the encrypted data and that is all
  • The text is encrypted inside the browser. The encrypted data is sent to the server, while the encryption key does not get sent. Therefore even if a server was compromised, nothing could be done with the data
  • The encryption key is part of the URL and that is what unlocks the data

Diagram below

zerobin