I was asked to produce a PowerShell script to check for some keys and then report on the status of those keys, this was for Java in this example and detecting unauthorised or non-compliant versions that were installed on our laptop estate.
This process can also be used with servers and other Windows based devices, here we have the versions of Java that require a license for under the java guidelines and if they are detected then the device is non-compliant:
# Define the registry base keys to search for
$baseKeys = @(
"HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment\1.7.0_80",
"HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment\1.8.0_211",
"HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment\1.8.0_221",
"HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment\1.8.0_231",
"HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment\11",
"HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment\9",
"HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment\10",
"HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment\17",
"HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java SE Subscription"
)
# Get the computer name
$computerName = $env:COMPUTERNAME
# Initialize an array to store the output
$output = @()
# Flag to check if any keys are found
$keysFound = $false
# Loop through each base key and check if it exists
foreach ($key in $baseKeys) {
try {
# Check if the registry key exists
if (Test-Path "Registry::$key") {
$output += "Key Found: $key"
$keysFound = $true
} else {
$output += "Key Not Found: $key"
}
} catch {
$output += "Error checking key: $key - $_"
}
}
# Determine the output file path based on whether any keys were found
if ($keysFound) {
$outputFile = "\\smbshare\AuditOutput\$computerName`_noncompliant.txt"
} else {
$outputFile = "\\smbshare\AuditOutput\$computerName`_compliant.txt"
}
# Write the output to the file
$output | Out-File -FilePath $outputFile -Force
# Display a confirmation message
Write-Host "Registry search results saved to $outputFile"
Non-Complaint Device : %computername%_noncompliant.log
We have used a network location which means all the log files will be saved to the same location for ease of management and auditing.