From f8e1a23036a4d03298453849331d56d08312fcc3 Mon Sep 17 00:00:00 2001 From: Joe Workman Date: Mon, 29 Dec 2025 13:41:44 -0700 Subject: [PATCH 1/4] Start-Migration recovery tests for close/process/retry --- .../Start-Migration.Acceptance.Tests.ps1 | 165 ++++++++++++++++++ 1 file changed, 165 insertions(+) diff --git a/jumpcloud-ADMU/Powershell/Tests/Public/Start-Migration.Acceptance.Tests.ps1 b/jumpcloud-ADMU/Powershell/Tests/Public/Start-Migration.Acceptance.Tests.ps1 index df6a67db..c133893f 100644 --- a/jumpcloud-ADMU/Powershell/Tests/Public/Start-Migration.Acceptance.Tests.ps1 +++ b/jumpcloud-ADMU/Powershell/Tests/Public/Start-Migration.Acceptance.Tests.ps1 @@ -324,6 +324,171 @@ Describe "Start-Migration Tests" -Tag "Migration Parameters" { } } } + Context "Registry Load/Unload Recovery" { + # tests in this context will validate the Close/Process recovery functions in the Start-Migration function + # during migration it's possible some user will have a process that is loaded in memory and has a handle on the user's registry hive. The Close/Process recovery functions attempt to unload the registry hive by terminating processes that have a handle on the user's registry hive. + # Test Setup + BeforeEach { + # sample password + $tempPassword = "Temp123!Temp123!" + # username to migrate + $userToMigrateFrom = "ADMU_" + -join ((65..90) + (97..122) | Get-Random -Count 5 | ForEach-Object { [char]$_ }) + # username to migrate to + $userToMigrateTo = "ADMU_" + -join ((65..90) + (97..122) | Get-Random -Count 5 | ForEach-Object { [char]$_ }) + + # Initialize-TestUser + Initialize-TestUser -username $userToMigrateFrom -password $tempPassword + # get SIDs for UWP testing + $userToMigrateFromSID = (Get-LocalUser -Name $userToMigrateFrom | Select-Object SID).SID + # define test case input + $testCaseInput = @{ + JumpCloudUserName = $userToMigrateTo + SelectedUserName = $userToMigrateFrom + TempPassword = $tempPassword + LeaveDomain = $false + ForceReboot = $false + UpdateHomePath = $false + InstallJCAgent = $false + AutoBindJCUser = $false + BindAsAdmin = $false + SetDefaultWindowsUser = $true + AdminDebug = $false + # JumpCloudConnectKey = $null + # JumpCloudAPIKey = $null + # JumpCloudOrgID = $null + ValidateUserShellFolder = $true + } + # remove the log + $logPath = "C:\Windows\Temp\jcadmu.log" + if (Test-Path -Path $logPath) { + Remove-Item $logPath + New-Item $logPath -Force -ItemType File + } + # define a process to lock user registry hive + $userProfilePath = "C:\Users\$($userToMigrateFrom)" + # Start notepad.exe as the UserToMigrateFrom user, opening the NTUSER.DAT file to lock the registry hive + $securePassword = ConvertTo-SecureString $tempPassword -AsPlainText -Force + $credential = New-Object System.Management.Automation.PSCredential("$env:COMPUTERNAME\$userToMigrateFrom", $securePassword) + $scriptBlock = { + Start-Process -FilePath "notepad.exe" + } + } + It "When a user has a process locking their registry before migration, the Close/Process recovery function should unload the registry hive and allow migration to complete" { + # start the process that locks a users registry hive + $job = Start-Job -ScriptBlock $scriptBlock -Credential $credential + # validate that the user's registry hive is loaded + # validate we can load HKEY_USERS drive from powershell context + Set-HKEYUserMount + # validate the users registry hive is loaded + $regKeyPath = "HKEY_USERS:\$userToMigrateFromSID" + $regKey = Get-Item -Path $regKeyPath -ErrorAction SilentlyContinue + $regKey | Should -Not -Be $null + + # Migrate the initialized user to the second username + { Start-Migration @testCaseInput } | Should -Not -Throw + + # Stop the job + Stop-Job -Job $job + Remove-Job -Job $job + } + It "When a migration task is started and a process is loaded during migration, the Close/Process recovery function should unload the registry hive and allow migration to complete" { + # run start-migration in a job that starts a process during migration + $MigrationScriptBlock = { + param ($moduleLocation, $testCaseInput) + # import the Module + Import-Module $moduleLocation -Force + # run migration from testCaseInput + Start-Migration @testCaseInput + } + $devADMUPath = "$PSScriptRoot\..\..\..\JumpCloud.ADMU.psd1" # CI/CD relative path + $devADMUPath = "C:\Users\jworkman\Desktop\jumpcloud-ADMU\JumpCloud.ADMU.psd1" # Local testing override + $migrationJob = Start-Job -ScriptBlock $MigrationScriptBlock -ArgumentList @($devADMUPath, $testCaseInput) + + # check the registry path in a loop until we see it loaded + $regKeyPath = "HKEY_USERS:\$($userToMigrateFromSID)_admu" + # wait until the registry hive is loaded + Set-HKEYUserMount + do { + $regKey = Get-Item -Path $regKeyPath -ErrorAction SilentlyContinue + } while ($regKey -eq $null) + # write the last 10 lines of the log + Write-Host "Migration Log so far:" + Get-Content -Path C:\windows\temp\jcadmu.log -Tail 10 | ForEach-Object { Write-Host $_ } + # once the backup is done, start a process that locks the user's registry hive + $job = Start-Job -ScriptBlock $scriptBlock -Credential $credential + + # wait for the migration job to complete or fail: + do { + Start-Sleep -Seconds 2 + $migrationJob = Get-Job -Id $migrationJob.Id + } while ($migrationJob.State -eq "Running" -or $migrationJob.State -eq "NotStarted") + # the migration job should complete successfully and not have thrown an error + $migrationJob.State | Should -Not -Be "Failed" + # Stop the job + foreach ($job in @($migrationJob, $job)) { + Stop-Job -Job $job + Remove-Job -Job $job + } + } + It "When a migration task is started and a system owned process is loaded during migration as the migration user, the Close/Process recovery function should unload the registry hive and allow migration to complete" { + # run start-migration in a job that starts a process during migration + $MigrationScriptBlock = { + param ($moduleLocation, $testCaseInput) + # import the Module + Import-Module $moduleLocation -Force + # run migration from testCaseInput + Start-Migration @testCaseInput + } + $devADMUPath = "$PSScriptRoot\..\..\..\JumpCloud.ADMU.psd1" # CI/CD relative path + $devADMUPath = "C:\Users\jworkman\Desktop\jumpcloud-ADMU\JumpCloud.ADMU.psd1" # Local testing override + $migrationJob = Start-Job -ScriptBlock $MigrationScriptBlock -ArgumentList @($devADMUPath, $testCaseInput) + + # check the registry path in a loop until we see it loaded + Set-HKEYUserMount + $regKeyPath = "HKEY_USERS:\$($userToMigrateFromSID)_admu" + # wait until the registry hive is loaded + do { + $regKey = Get-Item -Path $regKeyPath -ErrorAction SilentlyContinue + } while ($regKey -eq $null) + # write the last 10 lines of the log + Write-Host "Migration Log so far:" + Get-Content -Path C:\windows\temp\jcadmu.log -Tail 10 -ErrorAction SilentlyContinue | ForEach-Object { Write-Host $_ } + + # Create a script block that runs as SYSTEM and continuously accesses the user's registry hive + # This simulates what an antivirus or system scanner would do - keep a handle open on the registry + $registryAccessBlock = { + param($userSID) + $regPath = "Registry::HKEY_USERS\$userSID`_admu" + # Keep accessing the registry to hold a handle open (simulating antivirus scanning) + while ($true) { + try { + Get-Item -Path $regPath -ErrorAction SilentlyContinue | Out-Null + Get-ChildItem -Path $regPath -Recurse -ErrorAction SilentlyContinue | Out-Null + Start-Sleep -Milliseconds 500 + } catch { + # If the hive is unloaded, exit the loop + break + } + } + } + + # Start a SYSTEM process that continuously reads the user's registry hive + $systemJob = Start-Job -ScriptBlock $registryAccessBlock -ArgumentList @($userToMigrateFromSID) -RunAs32:$false + + # wait for the migration job to complete or fail: + do { + Start-Sleep -Seconds 2 + $migrationJob = Get-Job -Id $migrationJob.Id + } while ($migrationJob.State -eq "Running" -or $migrationJob.State -eq "NotStarted") + # the migration job should complete successfully and not have thrown an error + $migrationJob.State | Should -Not -Be "Failed" + # Stop the jobs + foreach ($job in @($migrationJob, $systemJob)) { + Stop-Job -Job $job -ErrorAction SilentlyContinue + Remove-Job -Job $job -ErrorAction SilentlyContinue + } + } + } } Describe "Start-Migration Tests" -Tag "InstallJC" { # Import Functions From f26fa3587c887e5e5f5104cc8aaa3ee0cb7de81f Mon Sep 17 00:00:00 2001 From: Joe Workman Date: Mon, 29 Dec 2025 14:21:40 -0700 Subject: [PATCH 2/4] remove local path for testing --- .../Tests/Public/Start-Migration.Acceptance.Tests.ps1 | 2 -- 1 file changed, 2 deletions(-) diff --git a/jumpcloud-ADMU/Powershell/Tests/Public/Start-Migration.Acceptance.Tests.ps1 b/jumpcloud-ADMU/Powershell/Tests/Public/Start-Migration.Acceptance.Tests.ps1 index c133893f..c8639614 100644 --- a/jumpcloud-ADMU/Powershell/Tests/Public/Start-Migration.Acceptance.Tests.ps1 +++ b/jumpcloud-ADMU/Powershell/Tests/Public/Start-Migration.Acceptance.Tests.ps1 @@ -401,7 +401,6 @@ Describe "Start-Migration Tests" -Tag "Migration Parameters" { Start-Migration @testCaseInput } $devADMUPath = "$PSScriptRoot\..\..\..\JumpCloud.ADMU.psd1" # CI/CD relative path - $devADMUPath = "C:\Users\jworkman\Desktop\jumpcloud-ADMU\JumpCloud.ADMU.psd1" # Local testing override $migrationJob = Start-Job -ScriptBlock $MigrationScriptBlock -ArgumentList @($devADMUPath, $testCaseInput) # check the registry path in a loop until we see it loaded @@ -440,7 +439,6 @@ Describe "Start-Migration Tests" -Tag "Migration Parameters" { Start-Migration @testCaseInput } $devADMUPath = "$PSScriptRoot\..\..\..\JumpCloud.ADMU.psd1" # CI/CD relative path - $devADMUPath = "C:\Users\jworkman\Desktop\jumpcloud-ADMU\JumpCloud.ADMU.psd1" # Local testing override $migrationJob = Start-Job -ScriptBlock $MigrationScriptBlock -ArgumentList @($devADMUPath, $testCaseInput) # check the registry path in a loop until we see it loaded From d869ba2f9c201e6166b22e008b058eb1c081916a Mon Sep 17 00:00:00 2001 From: shashisinghjc Date: Fri, 9 Jan 2026 20:04:45 +0530 Subject: [PATCH 3/4] For test --- .../Close-ProcessBySid.ps1 | 115 ++++++++++++++++++ .../RegistryKey/Set-UserRegistryLoadState.ps1 | 40 +++--- 2 files changed, 139 insertions(+), 16 deletions(-) create mode 100644 jumpcloud-ADMU/Powershell/Private/ProcessIdentification/Close-ProcessBySid.ps1 diff --git a/jumpcloud-ADMU/Powershell/Private/ProcessIdentification/Close-ProcessBySid.ps1 b/jumpcloud-ADMU/Powershell/Private/ProcessIdentification/Close-ProcessBySid.ps1 new file mode 100644 index 00000000..0da9bf91 --- /dev/null +++ b/jumpcloud-ADMU/Powershell/Private/ProcessIdentification/Close-ProcessBySid.ps1 @@ -0,0 +1,115 @@ +function Close-ProcessesBySid { + [CmdletBinding()] + param ( + [Parameter(Mandatory = $true)] + [ValidatePattern("^S-\d-\d+-(\d+-){1,14}\d+$")] + [string]$Sid, + + # sihost.exe, svchost.exe, WidgetService.exe, dllhost.exe, ctfmon.exe, svchost.exe + [Parameter()] + [string[]]$Blacklist = @( + "ShellExperienceHost.exe" + ), + + [Parameter()] + [switch]$Force + ) + + $summary = [ordered]@{ + Total = 0 + Blocked = 0 + Closed = 0 + FailedClose = 0 + } + + Write-ToLog -Message "Close-ProcessesBySid start: SID=$Sid Force=$Force Blacklist=$($Blacklist -join ',')" -Level Verbose -Step "Close-ProcessesBySid" + + $resultList = New-Object System.Collections.ArrayList + $processes = Get-CimInstance Win32_Process + if (-not $processes -or $processes.Count -eq 0) { + Write-ToLog -Message "No processes running on the system" -Level Verbose -Step "Close-ProcessesBySid" + return $resultList + } + + foreach ($proc in $processes) { + if (-not $proc.ProcessId -or -not $proc.Name) { + continue + } + + try { + $ownerSid = (Invoke-CimMethod -InputObject $proc -MethodName GetOwnerSid -ErrorAction Stop).Sid + } catch { + continue + } + + if ($ownerSid -ne $Sid) { + continue + } + + $summary.Total++ + + $blockedFound = $false + $closedResult = $false + $blockedNames = @() + + if ($Blacklist -contains $proc.Name) { + $blockedFound = $true + $blockedNames += $proc.Name + $summary.Blocked++ + Write-ToLog -Message "Blocked (blacklist): $($proc.Name) pid=$($proc.ProcessId)" -Level Verbose -Step "Close-ProcessesBySid" + } else { + try { + $defaultArgs = @('/PID', $proc.ProcessId.ToString(), '/T') + if ($Force) { $defaultArgs += '/F' } + + $process = Start-Process -FilePath 'taskkill.exe' ` + -ArgumentList $defaultArgs ` + -NoNewWindow ` + -PassThru ` + -Wait ` + -ErrorAction Stop + + $closedResult = ($process.ExitCode -eq 0) + + # Re-check to confirm the process is actually gone + try { + $stillRunning = Get-Process -Id $proc.ProcessId -ErrorAction SilentlyContinue + } catch { + $stillRunning = $null + } + if ($stillRunning) { + $closedResult = $false + } + if ($closedResult) { + $summary.Closed++ + Write-ToLog -Message "Closed: $($proc.Name) pid=$($proc.ProcessId)" -Level Verbose -Step "Close-ProcessesBySid" + } else { + $summary.FailedClose++ + Write-ToLog -Message "Close failed (exit $($process.ExitCode)): $($proc.Name) pid=$($proc.ProcessId)" -Level Warning -Step "Close-ProcessesBySid" + } + } catch { + $closedResult = $false + $summary.FailedClose++ + Write-ToLog -Message "Close threw: $($proc.Name) pid=$($proc.ProcessId) error=$($_.Exception.Message)" -Level Warning -Step "Close-ProcessesBySid" + } + } + + $resultList.Add( + [PSCustomObject]@{ + ProcessName = $proc.Name + ProcessID = $proc.ProcessId + Closed = if ($blockedFound) { $false } else { $closedResult } + WasBlockedByBlacklist = $blockedFound + BlacklistedProcessesFound = if ($blockedFound) { $blockedNames -join ',' } else { '' } + } + ) | Out-Null + } + + Write-ToLog -Message "Close-ProcessesBySid summary: total=$($summary.Total) blocked=$($summary.Blocked) closed=$($summary.Closed) failed=$($summary.FailedClose)" -Level Verbose -Step "Close-ProcessesBySid" + + if ($summary.Total -eq 0) { + Write-ToLog -Message "No processes running for SID: $Sid" -Level Verbose -Step "Close-ProcessesBySid" + } + + return $resultList +} diff --git a/jumpcloud-ADMU/Powershell/Private/RegistryKey/Set-UserRegistryLoadState.ps1 b/jumpcloud-ADMU/Powershell/Private/RegistryKey/Set-UserRegistryLoadState.ps1 index 13846d17..c74bae20 100644 --- a/jumpcloud-ADMU/Powershell/Private/RegistryKey/Set-UserRegistryLoadState.ps1 +++ b/jumpcloud-ADMU/Powershell/Private/RegistryKey/Set-UserRegistryLoadState.ps1 @@ -48,10 +48,12 @@ function Set-UserRegistryLoadState { if ($results) { Write-ToLog "Load Successful: $results" -Level Verbose -Step "Set-UserRegistryLoadState" } else { - $processList = Get-ProcessByOwner -username $username - if ($processList) { - Show-ProcessListResult -ProcessList $processList -domainUsername $username - # $CloseResults = Close-ProcessByOwner -ProcessList $processList -force $ADMU_closeProcess + $closeResults = Close-ProcessesBySid -Sid $UserSid -Force + if ($closeResults) { + Show-ProcessListResult -ProcessList $closeResults -domainUsername $username + if ($closeResults | Where-Object { $_.WasBlockedByBlacklist }) { + throw "Registry Load $key blocked by active session for $UserSid" + } } Set-UserRegistryLoadState -op Load -ProfilePath $ProfilePath -UserSid $UserSid -counter $counter -hive root } @@ -62,10 +64,12 @@ function Set-UserRegistryLoadState { if ($results) { Write-ToLog "Load Successful: $results" -Level Verbose -Step "Set-UserRegistryLoadState" } else { - $processList = Get-ProcessByOwner -username $username - if ($processList) { - Show-ProcessListResult -ProcessList $processList -domainUsername $username - # $CloseResults = Close-ProcessByOwner -ProcessList $processList -force $ADMU_closeProcess + $closeResults = Close-ProcessesBySid -Sid $UserSid -Force + if ($closeResults) { + Show-ProcessListResult -ProcessList $closeResults -domainUsername $username + if ($closeResults | Where-Object { $_.WasBlockedByBlacklist }) { + throw "Registry Load $key blocked by active session for $UserSid" + } } Set-UserRegistryLoadState -op Load -ProfilePath $ProfilePath -UserSid $UserSid -counter $counter -hive classes } @@ -84,10 +88,12 @@ function Set-UserRegistryLoadState { Write-ToLog "Unload Successful: $results" -Level Verbose -Step "Set-UserRegistryLoadState" } else { - $processList = Get-ProcessByOwner -username $username - if ($processList) { - Show-ProcessListResult -ProcessList $processList -domainUsername $username - # $CloseResults = Close-ProcessByOwner -ProcessList $processList -force $ADMU_closeProcess + $closeResults = Close-ProcessesBySid -Sid $UserSid -Force + if ($closeResults) { + Show-ProcessListResult -ProcessList $closeResults -domainUsername $username + if ($closeResults | Where-Object { $_.WasBlockedByBlacklist }) { + throw "Registry Unload $key blocked by active session for $UserSid" + } } Set-UserRegistryLoadState -op "Unload" -ProfilePath $ProfilePath -UserSid $UserSid -counter $counter -hive root } @@ -100,10 +106,12 @@ function Set-UserRegistryLoadState { Write-ToLog "Unload Successful: $results" -Level Verbose -Step "Set-UserRegistryLoadState" } else { - $processList = Get-ProcessByOwner -username $username - if ($processList) { - Show-ProcessListResult -ProcessList $processList -domainUsername $username - # $CloseResults = Close-ProcessByOwner -ProcessList $processList -force $ADMU_closeProcess + $closeResults = Close-ProcessesBySid -Sid $UserSid -Force + if ($closeResults) { + Show-ProcessListResult -ProcessList $closeResults -domainUsername $username + if ($closeResults | Where-Object { $_.WasBlockedByBlacklist }) { + throw "Registry Unload $key blocked by active session for $UserSid" + } } Set-UserRegistryLoadState -op "Unload" -ProfilePath $ProfilePath -UserSid $UserSid -counter $counter -hive classes } From f2918e86d7d2bce2f7aeb5c3bedfe16dd01edd1a Mon Sep 17 00:00:00 2001 From: shashisinghjc Date: Tue, 13 Jan 2026 20:44:04 +0530 Subject: [PATCH 4/4] Updating for internal testing --- .../RegistryKey/Backup-RegistryHive.ps1 | 23 +++++++++++++++---- .../Private/RegistryKey/Set-RegistryExe.ps1 | 11 ++++++++- .../RegistryKey/Set-UserRegistryLoadState.ps1 | 4 ---- 3 files changed, 28 insertions(+), 10 deletions(-) diff --git a/jumpcloud-ADMU/Powershell/Private/RegistryKey/Backup-RegistryHive.ps1 b/jumpcloud-ADMU/Powershell/Private/RegistryKey/Backup-RegistryHive.ps1 index b1b9a2ab..be4e54f6 100644 --- a/jumpcloud-ADMU/Powershell/Private/RegistryKey/Backup-RegistryHive.ps1 +++ b/jumpcloud-ADMU/Powershell/Private/RegistryKey/Backup-RegistryHive.ps1 @@ -18,14 +18,27 @@ Function Backup-RegistryHive { Copy-Item -Path "$profileImagePath\NTUSER.DAT" -Destination "$profileImagePath\NTUSER.DAT.BAK" -ErrorAction Stop Copy-Item -Path "$profileImagePath\AppData\Local\Microsoft\Windows\UsrClass.dat" -Destination "$profileImagePath\AppData\Local\Microsoft\Windows\UsrClass.dat.bak" -ErrorAction Stop } catch { - $processList = Get-ProcessByOwner -username $domainUsername - if ($processList) { - Show-ProcessListResult -ProcessList $processList -domainUsername $domainUsername - # $CloseResults = Close-ProcessByOwner -ProcessList $processList -force $ADMU_closeProcess + $closeResults = Close-ProcessesBySid -Sid $SID -Force + if ($closeResults) { + $closedCount = ($closeResults | Where-Object { $_.Closed } | Measure-Object).Count + $blockedCount = ($closeResults | Where-Object { $_.WasBlockedByBlacklist } | Measure-Object).Count + $totalCount = ($closeResults | Measure-Object).Count + Write-ToLog -Message "Closed processes: $closedCount, blocked: $blockedCount, total scanned: $totalCount" -Level Verbose -Step "Backup-RegistryHive" } + + try { + Set-RegistryExe -op Unload -hive root -UserSid $SID -ProfilePath $profileImagePath -ThrowOnFailure | Out-Null + } catch { + Write-ToLog -Message "Unload root failed after process close: $($_.Exception.Message)" -Level Warning -Step "Backup-RegistryHive" + } + try { + Set-RegistryExe -op Unload -hive classes -UserSid $SID -ProfilePath $profileImagePath -ThrowOnFailure | Out-Null + } catch { + Write-ToLog -Message "Unload classes failed after process close: $($_.Exception.Message)" -Level Warning -Step "Backup-RegistryHive" + } + try { Write-ToLog -Message("Initial backup was not successful, trying again...") -Level Verbose -Step "Backup-RegistryHive" - Write-ToLog $CloseResults -Level Verbose -Step "Backup-RegistryHive" Start-Sleep 1 # retry: Copy-Item -Path "$profileImagePath\NTUSER.DAT" -Destination "$profileImagePath\NTUSER.DAT.BAK" -ErrorAction Stop diff --git a/jumpcloud-ADMU/Powershell/Private/RegistryKey/Set-RegistryExe.ps1 b/jumpcloud-ADMU/Powershell/Private/RegistryKey/Set-RegistryExe.ps1 index 7860b545..dea0d7a5 100644 --- a/jumpcloud-ADMU/Powershell/Private/RegistryKey/Set-RegistryExe.ps1 +++ b/jumpcloud-ADMU/Powershell/Private/RegistryKey/Set-RegistryExe.ps1 @@ -12,7 +12,9 @@ function Set-RegistryExe { # User Security Identifier [Parameter(Mandatory = $true)] [ValidatePattern("^S-\d-\d+-(\d+-){1,14}\d+$")] - [System.String]$UserSid + [System.String]$UserSid, + [Parameter()] + [switch]$ThrowOnFailure ) begin { switch ($hive) { @@ -38,6 +40,13 @@ function Set-RegistryExe { } } $status = Get-RegistryExeStatus $results + + if (-not $status -and $ThrowOnFailure.IsPresent) { + $resultText = if ($results) { ($results | Out-String).Trim() } else { "No output" } + $errorMessage = "Set-RegistryExe $op $key failed. Details: $resultText" + Write-ToLog -Message $errorMessage -Level Warning -Step "Set-RegistryExe" + throw [System.InvalidOperationException]::new($errorMessage) + } } end { # Status here will be either true or false depending on whether or not the tool was able to perform the registry action requested diff --git a/jumpcloud-ADMU/Powershell/Private/RegistryKey/Set-UserRegistryLoadState.ps1 b/jumpcloud-ADMU/Powershell/Private/RegistryKey/Set-UserRegistryLoadState.ps1 index c74bae20..12920acd 100644 --- a/jumpcloud-ADMU/Powershell/Private/RegistryKey/Set-UserRegistryLoadState.ps1 +++ b/jumpcloud-ADMU/Powershell/Private/RegistryKey/Set-UserRegistryLoadState.ps1 @@ -50,7 +50,6 @@ function Set-UserRegistryLoadState { } else { $closeResults = Close-ProcessesBySid -Sid $UserSid -Force if ($closeResults) { - Show-ProcessListResult -ProcessList $closeResults -domainUsername $username if ($closeResults | Where-Object { $_.WasBlockedByBlacklist }) { throw "Registry Load $key blocked by active session for $UserSid" } @@ -66,7 +65,6 @@ function Set-UserRegistryLoadState { } else { $closeResults = Close-ProcessesBySid -Sid $UserSid -Force if ($closeResults) { - Show-ProcessListResult -ProcessList $closeResults -domainUsername $username if ($closeResults | Where-Object { $_.WasBlockedByBlacklist }) { throw "Registry Load $key blocked by active session for $UserSid" } @@ -90,7 +88,6 @@ function Set-UserRegistryLoadState { } else { $closeResults = Close-ProcessesBySid -Sid $UserSid -Force if ($closeResults) { - Show-ProcessListResult -ProcessList $closeResults -domainUsername $username if ($closeResults | Where-Object { $_.WasBlockedByBlacklist }) { throw "Registry Unload $key blocked by active session for $UserSid" } @@ -108,7 +105,6 @@ function Set-UserRegistryLoadState { } else { $closeResults = Close-ProcessesBySid -Sid $UserSid -Force if ($closeResults) { - Show-ProcessListResult -ProcessList $closeResults -domainUsername $username if ($closeResults | Where-Object { $_.WasBlockedByBlacklist }) { throw "Registry Unload $key blocked by active session for $UserSid" }