Registry keys are not created via Powershell

Markzoll Natascha 0 Reputation points
2024-05-15T05:21:57.0333333+00:00

Hi together!

We have to create a VPN tunnel in a special way.
Now we have put together a script that actually serves the purpose, but part of it doesn't work. The beginning works - VPN connection is created including route. This is created with Add-VpnConnection and Route.

But now we still need AlwaysOn. We would like to create this with the script attached below.
If you run the sections individually, it works and the registry keys are created.
If you run the script as a whole - not a single registry entry is created and there is no error output.
I've already tried it with and without a transaction...

What the hell is wrong here?

$ProfileName = "VPNNAME"

# Validate VPN profile
Write-Verbose "Searching VPN profiles for `"$ProfileName`"."

If ($AllUserConnection) {

    # Get VPN profile running in the user's context
    $Vpn = Get-VpnConnection -Name $ProfileName -AllUserConnection -ErrorAction SilentlyContinue

}

Else {

    # Get VPN profile running in the 'all users' context
    $Vpn = Get-VpnConnection -Name $ProfileName -ErrorAction SilentlyContinue

}

If ($Null -eq $Vpn) {

    # Exit if VPN profile does not exist
    Write-Warning "VPN connection `"$ProfileName`" not found."
    Return

}

Else {

    Write-Verbose "VPN connection `"$ProfileName`" found."

}

# Use transaction for registry updates
Start-Transaction

#Create registry
REG add "HKLM\System\CurrentControlSet\Services\RasMan\Config\"

# Search AutoTriggerDisabledProfilesList for VPN profile
$Path = 'HKLM:\System\CurrentControlSet\Services\RasMan\Config\'
$Name = 'AutoTriggerDisabledProfilesList'

Write-Verbose "Searching $Name in $Path for VPN profile `"$ProfileName`"..."

Try {

    # Get the current registry values as an array of strings
    [string[]]$DisabledProfiles = Get-ItemPropertyValue -Path $Path -Name $Name -ErrorAction Stop

}

Catch {

    Write-Verbose "$Name does not exist in $Path. No action required."
    Return

}

If ($DisabledProfiles) {

    # Create ordered hashtable
    $List = [Ordered]@{}
    $DisabledProfiles | ForEach-Object { $List.Add("$($_.ToLower())", $_) }

    # Search hashtable for matching VPN profile and remove if present
    If ($List.Contains($ProfileName)) {

        Write-Verbose 'Profile found. Removing entry...'
        $List.Remove($ProfileName)
        Write-Verbose 'Updating the registry...'
        Set-ItemProperty -Path $Path -Name $Name -Value $List.Values -UseTransaction

    }

}

Else {

    Write-Verbose "No profiles found matching `"$ProfileName`"."
    Return

}

# Add user SID to registry
If ($AllUserConnection) {

    $SID = 'S-1-1-0'
    Write-Verbose "Adding SYSTEM SID $SID to registry..."

}

Else {

    Try {

        $SID = [System.Security.Principal.WindowsIdentity]::GetCurrent().User.Value
        Write-Verbose "Adding user SID $SID to registry..."

    }

    Catch {

        Write-Warning $_.Exception.Message
        Return

    }

}

$Parameters = @{

    Path           = 'HKLM:\SYSTEM\CurrentControlSet\Services\RasMan\Config\'
    Name           = 'UserSID'
    PropertyType   = 'String'
    Value          = $SID
    UseTransaction = $True

}

New-ItemProperty @Parameters -Force | Out-Null

# Add VPN profile name to registry
$Parameters = @{

    Path           = 'HKLM:\SYSTEM\CurrentControlSet\Services\RasMan\Config\'
    Name           = 'AutoTriggerProfileEntryName'
    PropertyType   = 'String'
    Value          = $ProfileName
    UseTransaction = $True

}

New-ItemProperty @Parameters | Out-Null

# Add VPN profile GUID to registry
Write-Verbose "Adding VPN GUID $GUID to registry..."
[guid]$GUID = $Vpn | Select-Object -ExpandProperty Guid
$Binary = $Guid.ToByteArray()

$Parameters = @{

    Path           = 'HKLM:\SYSTEM\CurrentControlSet\Services\RasMan\Config\'
    Name           = 'AutoTriggerProfileGUID'
    PropertyType   = 'Binary'
    Value          = $Binary
    UseTransaction = $True

}

New-ItemProperty @Parameters | Out-Null

# Add phonebook path to registry
If ($AllUserConnection) {

    $Path = Join-Path -Path $env:programdata -ChildPath Microsoft\Network\Connections\Pbk\rasphone.pbk
    Write-Verbose "RAS phonebook path is $Path."

}

Else {

    $Path = Join-Path -Path $env:userprofile -ChildPath AppData\Roaming\Microsoft\Network\Connections\Pbk\rasphone.pbk
    Write-Verbose "RAS phonebook path is $Path."

}

$Parameters = @{

    Path           = 'HKLM:\SYSTEM\CurrentControlSet\Services\RasMan\Config\'
    Name           = 'AutoTriggerProfilePhonebookPath'
    PropertyType   = 'String'
    Value          = $Path
    UseTransaction = $True

}

New-ItemProperty @Parameters | Out-Null

# Commit registry changes
Complete-Transaction

# Disable the "Disconnect" button in VAN UI/Settings > ensuring that "Connect Automatically" cannot be unchecked
(get-content -Path "$env:appdata\Microsoft\Network\Connections\Pbk\rasphone.pbk") |ForEach-Object {$_ -Replace "Options=0", "Options=18"} | set-content -Path "$env:appdata\Microsoft\Network\Connections\Pbk\rasphone.pbk"

Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
10,126 questions
PowerShell
PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,675 questions
{count} votes

1 answer

Sort by: Most helpful
  1. MotoX80 34,686 Reputation points
    2024-05-15T14:29:30.4233333+00:00

    I do not have an environment where I can test your script, but I can share how I debug scripts.

    Basically I add a lot of "I got here" displays, along with variable contents or properties to verify that I am processing the data that I think I am processing.

    You have that in some spots like here. I would add more before each logical step in the code.

    # Add VPN profile GUID to registry
    Write-Verbose "Adding VPN GUID $GUID to registry..."
    

    I would remove all "-erroraction silentlycontinue" and " | out-null" and just let the script error out and display results. You can add those back after you get it working.

    Change all write-verbose and write-warning to write-output so that you can see all messages.

    I doubt that your "reg add" statement will participate in the Powershell transaction, so for initial testing I would suggest removing all references to transaction.

    Are you running this script interactively or via a tool like SCCM. You might benefit from logging its activity with a transcript.

    https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.host/start-transcript?view=powershell-5.1

    1 person found this answer helpful.
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.