Disabling Loopbackcheck Programatically with PowerShell
In some versions of Exchange, some cmdlets such as Test-OutlookWebServices can generate a 401 error when run from the Exchange server itself. Microsoft released a KB article (896861) that details disabling via the reqistry the loopback check. Other applications such as Lync, SharePoint, or Symantec’s Enterprise Vault sometimes require this change as well to resolve issues. While it’s pretty easy to just create the registry entry in regedit (see the aforementioned KB article), if you’re putting together server-build scripts, or just like to use PowerShell to do the work, this method might be easier.
This little tidbit is broken down into two parts. The first part looks to see if the registry key exists, and if so, if it’s not set to the correct value (1). If it meets this criteria, we set the dword’s value to 1. The second part of the script determines if the dword exists at all, and if not, creates it and sets it to 1. If we make it all the way through, we know the dword exists and has the right value.
if ((Get-ItemProperty -Path HKLM:\System\CurrentControlSet\Control\Lsa -name DisableLoopbackCheck -ErrorAction SilentlyContinue) -and (((Get-ItemProperty -Path HKLM:\System\CurrentControlSet\Control\Lsa -name DisableLoopbackCheck -ErrorAction SilentlyContinue).DisableLoopbackCheck)-ne 1)){ Set-ItemProperty -Path HKLM:\System\CurrentControlSet\Control\Lsa -name DisableLoopbackCheck -value 1 }elseif (!(Get-ItemProperty -Path HKLM:\System\CurrentControlSet\Control\Lsa -name DisableLoopbackCheck -ErrorAction SilentlyContinue)){ New-ItemProperty HKLM:\System\CurrentControlSet\Control\Lsa -Name "DisableLoopbackCheck" -Value "1" -PropertyType dword }
Follow Me