This is my remediation script, this will only be run manually output works in local powershell session but does not output in activity reports as expected any advice would be helpful not sure why its not working properly
# Define the registry key path to check
$keyPath = "Software\Zscaler\App"
# Get a list of all user SIDs in the HKEY_USERS hive
$userSids = Get-ChildItem "Registry::HKEY_USERS" | ForEach-Object {$_.PSChildName}
# Loop through each user SID and check if the registry key exists
$foundUsers = @()
foreach ($sid in $userSids) {
$regKey = "Registry::HKEY_USERS\$sid\$keyPath"
if (Test-Path $regKey) {
$user = New-Object -TypeName PSObject -Property @{
UserSID = $sid
RegistryKey = $keyPath
Present = $true
}
$foundUsers += $user
}
}
# Output to Automox activity report
if ($foundUsers.Count -gt 0) {
Write-Output "The following users have registry key $keyPath in HKEY_USERS hive:"
$foundUsers | Format-Table UserSID, RegistryKey, Present
} else {
Write-Output "Registry key $keyPath not found in HKEY_USERS hive for any users."
}