One Of The Major Causes Of System Performance Issues Is Prog

One Of The Major Causes Of System Performance Issues Is Programs That

As a network administrator, my task is to develop a comprehensive PowerShell script that identifies potentially problematic startup programs by analyzing specific registry entries across all networked computers. These registry entries are located at two key locations: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run and HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. These entries often contain programs that run automatically upon system startup, which can adversely impact system performance if unauthorized or unnecessary.

The script must perform the following operations: first, it must read the registry entries from both specified locations on each target computer. It will then compare each entry against a predefined list of acceptable entries provided in a text file named "Acceptable_Reg.txt". Any registry entries that are not found in this list are considered unacceptable. The script should generate a report of all such unacceptable entries, saving this report as a text file named after the computer's hostname (e.g., "ComputerName_Report.txt"). Finally, the script needs to transmit this report to a specified intranet address: intranet.xyzcompany.com/bad_reg.aspx.

The development of this script assumes that security restrictions preventing remote script execution are waived, as the exercise context permits bypassing security concerns. All functionalities should be documented and included within the script to ensure clarity, maintainability, and ease of deployment.

Paper For Above instruction

In organizational networks, system performance can significantly degrade due to the presence of unnecessary or malicious startup programs. These programs, often initiated via registry entries, consume system resources and can be vectors for malware or other unwanted software. Effective management of these startup entries demands a systematic approach to identifying and reporting non-compliant entries across all networked computers. This paper discusses the development of a PowerShell script designed to accomplish this task, focusing on reading specific registry locations, comparing entries against an acceptable list, generating reports, and transmitting these reports for review.

Introduction

Startup programs are processes configured to run automatically when a Windows system boots. These are primarily stored in registry keys located at HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run and HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. While some startup programs are necessary for system operation, others may be unnecessary or malicious. As networks expand, managing these startup entries efficiently becomes critical to optimize performance and secure the environment.

PowerShell, a versatile scripting environment, provides access to Windows registry and network features necessary for automating this management process. The goal is to write a script that can be distributed to all users via an intranet link, which performs registry reads, compares entries with an approved list, records non-compliant entries, and reports back to a centralized server.

Methodology

The script begins by retrieving all registry entries under the specified keys for each machine. It then loads the list of acceptable entries from "Acceptable_Reg.txt". For each registry entry retrieved, it checks for presence in the acceptable list. Any entries not in this list are logged as unacceptable. The script then compiles a report, including details such as the registry path, program name, and command, and saves it as a text file named with the hostname of the computer to ensure unique identification.

Once report generation is complete, the script uses standard PowerShell cmdlets or appropriate methods to transmit the report to the designated intranet URL, enabling centralized review and action. Since security considerations are not a concern in this scenario, authentication and access controls are not implemented.

PowerShell Script

PowerShell Script to identify unauthorized startup registry entries


Define registry paths


$registryPaths = @(


"HKCU:\Software\Microsoft\Windows\CurrentVersion\Run",


"HKLM:\Software\Microsoft\Windows\CurrentVersion\Run"


)


Define the path to the acceptable entries file


$acceptableListPath = "Acceptable_Reg.txt"


Load acceptable entries into a hash set for quick lookup


$acceptableEntries = @{}


if (Test-Path $acceptableListPath) {


Get-Content $acceptableListPath | ForEach-Object {


$acceptableEntries[$_]=''


}


} else {


Write-Error "Acceptable_reg.txt file not found."


exit


}


Get the computer hostname


$computerName = $env:COMPUTERNAME


Initialize report list


$unacceptableEntries = @()


Iterate through each registry path


foreach ($path in $registryPaths) {


if (Get-Item -Path $path -ErrorAction SilentlyContinue) {


Get all registry values


$registryValues = Get-ItemProperty -Path $path


foreach ($property in $registryValues.PSObject.Properties) {


$name = $property.Name


Skip default properties


if ($name -eq "PSPath" -or $name -eq "PSParentPath" -or $name -eq "PSChildName" -or $name -eq "PSDrive" -or $name -eq "PSProvider") {


continue


}


$value = $property.Value


Check if the entry is in the acceptable list


if (-not $acceptableEntries.ContainsKey($name)) {


Log unacceptable entry


$unacceptableEntries += "Registry Path: $path`nEntry Name: $name`nValue: $value`n"


}


}


}


}


Generate report file


$reportFileName = "$computerName`_Report.txt"


$reportPath = ".\$reportFileName"


if ($unacceptableEntries.Count -gt 0) {


$unacceptableEntries -join "`n---`n" | Set-Content -Path $reportPath


} else {


"No unacceptable startup entries found." | Set-Content -Path $reportPath


}


Transmit report to intranet address


$uploadUrl = "http://intranet.xyzcompany.com/bad_reg.aspx"


Invoke-RestMethod -Uri $uploadUrl -Method Post -InFile $reportPath -ContentType "application/octet-stream"

Conclusion

Implementing this PowerShell script in a network environment facilitates proactive management of startup programs, ensuring that only sanctioned entries are present. By automating registry scans, comparisons with an approved list, and centralized reporting, organizations can enhance system performance and security. The script's modular nature allows for easy updates to the acceptable list, and its deployment via intranet ensures accessibility across the network. Such practices are essential in maintaining operational efficiency and preventing malicious activities associated with unauthorized startup programs.

References

  • Microsoft Docs. (2023). Registry Provider. https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_registry_provider
  • Microsoft Docs. (2023). Get-ChildItem (Registry). https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/get-childitem
  • Microsoft Docs. (2023). Get-ItemProperty. https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/get-itemproperty
  • Microsoft Docs. (2023). Invoke-RestMethod. https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/invoke-restmethod
  • Chen, B. (2019). PowerShell Scripting for System Administration. SysAdmin Cookbook, 4th Edition.
  • Strohm, N. (2021). Automating Windows Administration with PowerShell. Packt Publishing.
  • Van Vleet, R. (2020). Managing Startup Programs in Windows. Tech Journal, 15(2), 45-50.
  • Gibson, C. (2018). Securing PowerShell Scripts. Cybersecurity Review, 12(3), 113-119.
  • Anderson, T. (2022). Registry Management in Enterprise Networks. IT Management Journal, 30(4), 29-36.
  • Rosenberg, J. (2021). Automating Compliance Audits With PowerShell. Network Security, 7(1), 61-67.

Related Assignments