When you delete a value in the registry an event produce
if ((Test-Path -Path HKU:\) -ne $true)
{
New-PSDrive -PSProvider Registry -Name HKU -Root HKEY_USERS
}
$query = "Select * from RegistryTreeChangeEvent where Hive='HKEY_USERS'
AND RootPath='xxxxxxxxxxxxxxxxxxxxxxxxx\\Software\\Policies\\Google\\Chrome'"
Register-WmiEvent -SourceIdentifier "Start" -Query $query -Action {
Remove-ItemProperty -Path "HKU:\xxxxxxxxxxxxxxxxxxxxxxx\Software\Policies\Google\Chrome" -Name "DefaultSearchProviderNewTabURL" -ErrorAction SilentlyContinue
Remove-ItemProperty -Path "HKU:\xxxxxxxxxxxxxxxxxxxxxxxxx\Software\Policies\Google\Chrome" -Name "DefaultSearchProviderName" -ErrorAction SilentlyContinue
Remove-ItemProperty -Path "HKU:\xxxxxxxxxxxxxxxxxxxxxxxxx\Software\Policies\Google\Chrome" -Name "DefaultSearchProviderIconURL" -ErrorAction SilentlyContinue
Remove-ItemProperty -Path "HKU:\xxxxxxxxxxxxxxxxxxxxxxxxx\Software\Policies\Google\Chrome" -Name "HomepageLocation" -ErrorAction SilentlyContinue
Remove-ItemProperty -Path "HKU:\xxxxxxxxxxxxxxxxxxxxxxxxx\Software\Policies\Google\Chrome" -Name "DefaultSearchProviderSearchURL" -ErrorAction SilentlyContinue
Write-Host "Something Changed"
}
Aucun commentaire:
Enregistrer un commentaire