Default fonts and styles for Outlook via Intune

I might be not the only one who thought it would be simple to configure default fonts and styles for Outlook, via Intune. There’s no default policy available who can configure this directly from Intune. I had to create a PowerShell script for this.

Note: When I wrote this blog, Proactive remediation did not exist yet. In the comments, Olivier published his remediation script. If you have the required licenses for Proactive Remediation I recommend to take a look at his comment here. Also, Raphaël Zimmermann wrote a new article about Outlook fonts via Proactive Remediation.

Users can change this setting on their device to anything they want. The company policy states that Outlook should use a specific font and styling. I had to figure out how to configure this setting every time over and over again.

I found the Intune Login script method by Nicola Suter (Nicolonsky Tech). This script creates a scheduled task in the endpoint which runs at every logon (in user context). It stores the actual PowerShell script in the endpoint in C:\ProgramData\…\. Yes, a very smart user could still modify this file, but Intune will overwrite it again so this one should be fine!.

Update 20-10-2022

Thanks to Raphaël Zimmermann, we now have a proactive remediation which configures the fonts in the endpoint. This is a way better approach then the logon script I wrote about before. I’ll steel some of his work and share it here with you :).

Steps to take:

  1. Create template in Outlook
  2. Export Data
  3. Create Detection Script
  4. Create Remediation Script
  5. Deploy with Intune

1. Create template in Outlook

Configure your required fonts. This one will be used as our template. These settings can be found via File Options Mail Stationery and Fonts.

Configure the required font/settings as you company requires them. It’s recommended to only use built-in (default) fonts. Custom fonts are not available on devices and thus the proactive remediation will fail.

2. Export Data

Once you have set your fonts as desired, you can find your settings in the “Registry Editor”. Just search for it on your PC and navigate to the following path:

Computer\HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\MailSettings

The configuration is stored in binary. These must be exported. You can export them under “File”, but that is not well formatted with backslashes in between and things like that. Raphael created a script to extract them in the right format:

$Path = "registry::HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\mailsettings"
$Name1 = "ReplyFontComplex"
$Name2 = "ComposeFontComplex"
$Name3 = "ReplyFontSimple"
$Name4 = "ComposeFontSimple"
$Name5 = "TextFontComplex"
$Name6 = "TextFontSimple"

(Get-ItemProperty -Path $Path -Name $Name1 -ErrorAction Stop | Select-Object -ExpandProperty $Name1 | ForEach-Object { '{0:X2}' -f $_ }) -join ','
(Get-ItemProperty -Path $Path -Name $Name2 -ErrorAction Stop | Select-Object -ExpandProperty $Name2 | ForEach-Object { '{0:X2}' -f $_ }) -join ','
(Get-ItemProperty -Path $Path -Name $Name3 -ErrorAction Stop | Select-Object -ExpandProperty $Name3 | ForEach-Object { '{0:X2}' -f $_ }) -join ','
(Get-ItemProperty -Path $Path -Name $Name4 -ErrorAction Stop | Select-Object -ExpandProperty $Name4 | ForEach-Object { '{0:X2}' -f $_ }) -join ','
(Get-ItemProperty -Path $Path -Name $Name5 -ErrorAction Stop | Select-Object -ExpandProperty $Name5 | ForEach-Object { '{0:X2}' -f $_ }) -join ','
(Get-ItemProperty -Path $Path -Name $Name6 -ErrorAction Stop | Select-Object -ExpandProperty $Name6 | ForEach-Object { '{0:X2}' -f $_ }) -join ','

3. Create Detection Script

Now we can create the “Detect” script. For the recognition I used only the complex strings, because they contain all the details like sizes and so on. The simple values only contain the font itself, so the complex value contains all the details from the simple value anyway.

All you have to do is copy the binary string for “ReplyFontComplex” into the field for $Value1 and the binary string for “ComposeFontComplex” into $Value2 in the following script:

$Path = "registry::HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\mailsettings"
$Name1 = "ReplyFontComplex"
$Name2 = "ComposeFontComplex"
$Value1 = "3c,68,74,..."
$Value2 = "3c,68,74,..."

Try {
    $Registry1 = (Get-ItemProperty -Path $Path -Name $Name1 -ErrorAction Stop | Select-Object -ExpandProperty $Name1 | ForEach-Object { '{0:X2}' -f $_ }) -join ','
    $Registry2 = (Get-ItemProperty -Path $Path -Name $Name2 -ErrorAction Stop | Select-Object -ExpandProperty $Name2 | ForEach-Object { '{0:X2}' -f $_ }) -join ','
    $Registry3 = Get-ItemProperty -Path $Path -Name ThemeFont -ErrorAction Stop | Select-Object -ExpandProperty ThemeFont
    If ($Registry1 -eq $Value1 -and $Registry2 -eq $Value2 -and $Registry3 -eq 2){
        Write-Output "Compliant"
        Exit 0
    } 
    Write-Warning "Not Compliant"
    Exit 1
} 
Catch {
    Write-Warning "Not Compliant"
    Exit 1
}

Save the script with a common name e.g., “DetectOutlookFont.ps1”.

4. Create Remediation Script

Next, we need to define what happens when the detection script ends with “Exit 1”. 

Again, just paste your strings into the correct fields in the script. You only need to insert the simple values once, as this is always the same for reply, compose and text. Not so the complex values, they differ slightly from each other even if they have the same font and size, so here you have to insert all the values in the right places.

$ValueSimple = "3c,00,00,..."
$ValueComposeComplex = "3c,68,74,..."
$ValueReplyComplex = "3c,68,74,..."
$ValueTextComplex = "3c,68,74,..."

$registryPath = 'HKCU:\SOFTWARE\Microsoft\Office\16.0\Common\mailsettings'
$Name1Simple = "ComposeFontSimple"
$Name1Complex = "ComposeFontComplex"
$Name2Simple = "ReplyFontSimple"
$Name2Complex = "ReplyFontComplex"
$Name3Simple = "TextFontSimple"
$Name3Complex = "TextFontComplex"

$hexSimple = $ValueSimple.Split(',') | % { "0x$_"}
$hexComposeComplex = $ValueComposeComplex.Split(',') | % { "0x$_"}
$hexReplyComplex = $ValueReplyComplex.Split(',') | % { "0x$_"}
$hexTextComplex = $ValueTextComplex.Split(',') | % { "0x$_"}

IF(!(Test-Path $registryPath))
{
New-Item -Path $registryPath -Force | Out-Null
New-ItemProperty -Path $registryPath -name NewTheme -PropertyType string
New-ItemProperty -Path $registryPath -Name $Name1Simple -Value ([byte[]]$hexSimple) -PropertyType Binary -Force
New-ItemProperty -Path $registryPath -Name $Name2Simple -Value ([byte[]]$hexSimple) -PropertyType Binary -Force
New-ItemProperty -Path $registryPath -Name $Name3Simple -Value ([byte[]]$hexSimple) -PropertyType Binary -Force
New-ItemProperty -Path $registryPath -Name $Name1Complex -Value ([byte[]]$hexComposeComplex) -PropertyType Binary -Force
New-ItemProperty -Path $registryPath -Name $Name2Complex -Value ([byte[]]$hexReplyComplex) -PropertyType Binary -Force
New-ItemProperty -Path $registryPath -Name $Name3Complex -Value ([byte[]]$hexTextComplex) -PropertyType Binary -Force
}

ELSE {
Set-ItemProperty -Path $registryPath -name NewTheme -value $null
Set-ItemProperty -Path $registryPath -name ThemeFont -value 2
Set-ItemProperty -Path $registryPath -Name $Name1Simple -Value ([byte[]]$hexSimple) -Force
Set-ItemProperty -Path $registryPath -Name $Name2Simple -Value ([byte[]]$hexSimple) -Force
Set-ItemProperty -Path $registryPath -Name $Name3Simple -Value ([byte[]]$hexSimple) -Force
Set-ItemProperty -Path $registryPath -Name $Name1Complex -Value ([byte[]]$hexComposeComplex) -Force
Set-ItemProperty -Path $registryPath -Name $Name2Complex -Value ([byte[]]$hexReplyComplex) -Force
Set-ItemProperty -Path $registryPath -Name $Name3Complex -Value ([byte[]]$hexTextComplex) -Force
}

Save the script with a common name e.g., “RemediateOutlookFont.ps1”.

5. Deploy with Intune

Now we are ready for deployment. Navigate to “Proactive Remediations” in the Endpoint Manager portal. You can use the search bar to find the files created previously.

Upload your scripts and set the settings as desired:

Assign the script to your desired Azure AD group. Wait for the proactive remediation to apply and verify the settings in the endpoints and or in the proactive remediation blades.

I want to thank Raphael for converting my previous script to a proactive remediation script. This is a way better approach for your devices. Make sure you are allowed to use proactive remediation scripts. License requirements can be found here.

Related Posts

16 thoughts on “Default fonts and styles for Outlook via Intune

  1. In my test environment, this only changed the font for a new e-mail to Arial 10; ReplyFontComplex and TextFontComplex were set to Calibri. I found that both values needed slightly different binary data. Also, I used Proactive Remediations for executing the script:

    Detect:

    Try {
    if (Test-Path -Path registry::HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\mailsettings) {
    1
    }
    else {
    0
    }
    }
    catch {
    $errMsg = $_.Exception.Message
    Write-Error $errMsg
    }

    Remediate:

    $ValueSimple = “3c,00,00,00,…”
    $ValueComposeComplex = “3c,68,74,6d,…”
    $ValueReplyComplex = “3c,68,74,6d,…”
    $ValueTextComplex = “3c,68,74,6d,…”

    $registryPath = ‘HKCU:\SOFTWARE\Microsoft\Office\16.0\Common\mailsettings’
    $Name1Simple = “ComposeFontSimple”
    $Name1Complex = “ComposeFontComplex”
    $Name2Simple = “ReplyFontSimple”
    $Name2Complex = “ReplyFontComplex”
    $Name3Simple = “TextFontSimple”
    $Name3Complex = “TextFontComplex”

    $hexSimple = $ValueSimple.Split(‘,’) | % { “0x$_”}
    $hexComposeComplex = $ValueComposeComplex.Split(‘,’) | % { “0x$_”}
    $hexReplyComplex = $ValueReplyComplex.Split(‘,’) | % { “0x$_”}
    $hexTextComplex = $ValueTextComplex.Split(‘,’) | % { “0x$_”}

    IF(!(Test-Path $registryPath))
    {
    New-Item -Path $registryPath -Force | Out-Null
    New-ItemProperty -Path $registryPath -name NewTheme -PropertyType string
    New-ItemProperty -Path $registryPath -Name $Name1Simple -Value ([byte[]]$hexSimple) -PropertyType Binary -Force
    New-ItemProperty -Path $registryPath -Name $Name2Simple -Value ([byte[]]$hexSimple) -PropertyType Binary -Force
    New-ItemProperty -Path $registryPath -Name $Name3Simple -Value ([byte[]]$hexSimple) -PropertyType Binary -Force
    New-ItemProperty -Path $registryPath -Name $Name1Complex -Value ([byte[]]$hexComposeComplex) -PropertyType Binary -Force
    New-ItemProperty -Path $registryPath -Name $Name2Complex -Value ([byte[]]$hexReplyComplex) -PropertyType Binary -Force
    New-ItemProperty -Path $registryPath -Name $Name3Complex -Value ([byte[]]$hexTextComplex) -PropertyType Binary -Force
    }

    ELSE {
    Set-ItemProperty -Path $registryPath -name NewTheme -value $null
    Set-ItemProperty -Path $registryPath -Name $Name1Simple -Value ([byte[]]$hexSimple) -Force
    Set-ItemProperty -Path $registryPath -Name $Name2Simple -Value ([byte[]]$hexSimple) -Force
    Set-ItemProperty -Path $registryPath -Name $Name3Simple -Value ([byte[]]$hexSimple) -Force
    Set-ItemProperty -Path $registryPath -Name $Name1Complex -Value ([byte[]]$hexComposeComplex) -Force
    Set-ItemProperty -Path $registryPath -Name $Name2Complex -Value ([byte[]]$hexReplyComplex) -Force
    Set-ItemProperty -Path $registryPath -Name $Name3Complex -Value ([byte[]]$hexTextComplex) -Force
    }

    I recommend setting the font and font size in Outlook and exporting the whole mailsettings key – in there, you’ll find the correct binary code.

    1. Hi Oliver,

      That’s true. And yes, the binary example should be changed to your needs. Also, proactive remediations would be better but at the time i was figuring out this issue it did not exists or was quite new. Few months ago someone mentioned that the script modified the registry keys in the endpoint but the application (Outlook) did not pick up the values from the registry. I was able to reproduce that in my environment. Probably a bug back then.

      If the proactive remediation works for you this would be way better and I’m very glad you shared it here 🙂

    2. I’m not very experienced in writing scripts, but isn’t the only thing this detection script does, checking if the path “HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\mailsettings” exist?

      So there will always be a “1” answer, because this path always exist?

      Would explain why the remediation script works perfectly when I execute it on the device, but not when I roll it out thru intune…

      It always says that there weren’t any problems at the detection status and that it hasn’t done anything in the remediation status. When I check the device the fonts doesn’t have changed…

      1. True. I would go for a different approach. Probably check for the binary value of the registry setting. This one probably forces the font to apply which will do the trick but it’s not perfect.

        1. That’s exactly what I did now:

          Detect:

          $Path = “registry::HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\mailsettings”
          $Name1 = “ReplyFontComplex”
          $Name2 = “ComposeFontComplex”
          $Value1 = “3c,68,74,…”
          $Value2 = “3c,68,74,…”

          Try {
          $Registry1 = (Get-ItemProperty -Path $Path -Name $Name1 -ErrorAction Stop | Select-Object -ExpandProperty $Name1 | ForEach-Object { ‘{0:X2}’ -f $_ }) -join ‘,’
          $Registry2 = (Get-ItemProperty -Path $Path -Name $Name2 -ErrorAction Stop | Select-Object -ExpandProperty $Name2 | ForEach-Object { ‘{0:X2}’ -f $_ }) -join ‘,’
          $Registry3 = Get-ItemProperty -Path $Path -Name ThemeFont -ErrorAction Stop | Select-Object -ExpandProperty ThemeFont
          If ($Registry1 -eq $Value1 -and $Registry2 -eq $Value2 -and $Registry3 -eq 2){
          Write-Output “Compliant”
          Exit 0
          }
          Write-Warning “Not Compliant”
          Exit 1
          }
          Catch {
          Write-Warning “Not Compliant”
          Exit 1
          }

          Remediation:

          $ValueSimple = “3c,00,00,…”
          $ValueComposeComplex = “3c,68,74,…”
          $ValueReplyComplex = “3c,68,74,…”
          $ValueTextComplex = “3c,68,74,…”

          $registryPath = ‘HKCU:\SOFTWARE\Microsoft\Office\16.0\Common\mailsettings’
          $Name1Simple = “ComposeFontSimple”
          $Name1Complex = “ComposeFontComplex”
          $Name2Simple = “ReplyFontSimple”
          $Name2Complex = “ReplyFontComplex”
          $Name3Simple = “TextFontSimple”
          $Name3Complex = “TextFontComplex”

          $hexSimple = $ValueSimple.Split(‘,’) | % { “0x$_”}
          $hexComposeComplex = $ValueComposeComplex.Split(‘,’) | % { “0x$_”}
          $hexReplyComplex = $ValueReplyComplex.Split(‘,’) | % { “0x$_”}
          $hexTextComplex = $ValueTextComplex.Split(‘,’) | % { “0x$_”}

          IF(!(Test-Path $registryPath))
          {
          New-Item -Path $registryPath -Force | Out-Null
          New-ItemProperty -Path $registryPath -name NewTheme -PropertyType string
          New-ItemProperty -Path $registryPath -Name $Name1Simple -Value ([byte[]]$hexSimple) -PropertyType Binary -Force
          New-ItemProperty -Path $registryPath -Name $Name2Simple -Value ([byte[]]$hexSimple) -PropertyType Binary -Force
          New-ItemProperty -Path $registryPath -Name $Name3Simple -Value ([byte[]]$hexSimple) -PropertyType Binary -Force
          New-ItemProperty -Path $registryPath -Name $Name1Complex -Value ([byte[]]$hexComposeComplex) -PropertyType Binary -Force
          New-ItemProperty -Path $registryPath -Name $Name2Complex -Value ([byte[]]$hexReplyComplex) -PropertyType Binary -Force
          New-ItemProperty -Path $registryPath -Name $Name3Complex -Value ([byte[]]$hexTextComplex) -PropertyType Binary -Force
          }

          ELSE {
          Set-ItemProperty -Path $registryPath -name NewTheme -value $null
          Set-ItemProperty -Path $registryPath -name ThemeFont -value 2
          Set-ItemProperty -Path $registryPath -Name $Name1Simple -Value ([byte[]]$hexSimple) -Force
          Set-ItemProperty -Path $registryPath -Name $Name2Simple -Value ([byte[]]$hexSimple) -Force
          Set-ItemProperty -Path $registryPath -Name $Name3Simple -Value ([byte[]]$hexSimple) -Force
          Set-ItemProperty -Path $registryPath -Name $Name1Complex -Value ([byte[]]$hexComposeComplex) -Force
          Set-ItemProperty -Path $registryPath -Name $Name2Complex -Value ([byte[]]$hexReplyComplex) -Force
          Set-ItemProperty -Path $registryPath -Name $Name3Complex -Value ([byte[]]$hexTextComplex) -Force
          }

  2. Hi there,
    I’m not sure where I’m going wrong but I’m using the right binary I think but every time I set the registry via the script I can get the New e-mail working with right font but reply will be Calibri but if i click on the reg for reply it shows lato font which is what im trying to have work yet its still calibri.. what am i doing wrong?

    1. Hi Trevis,

      At this moment i would recommend to use a Proactive Remediation for this. See Olivier’s comment below this blog post. I’ll recommend to configure a outlook client with all the fonts you prefer and then export the registry key. In the past i had the same issue as you had. I see the registry settings being modified to the ones i needed but the outlook client it self did not pick these settings.

  3. Hello,

    When I try to run the RemediateOutlookFont script manually in my test environment, I get the following error:

    Cannot convert value “0x7
    0” to type “System.Byte”. Error: “Additional non-parsable characters are at the end of the string.”
    At C:\Users\….\Documents\RemediateOutlookFont.ps1:63 char:1
    + Set-ItemProperty -Path $registryPath -Name $Name1Complex -Value ([byt …
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidArgument: (:) [], RuntimeException
    + FullyQualifiedErrorId : InvalidCastFromStringToInteger

    Cannot convert value “0x2
    0” to type “System.Byte”. Error: “Additional non-parsable characters are at the end of the string.”
    At C:\Users\…..\Documents\RemediateOutlookFont.ps1:64 char:1
    + Set-ItemProperty -Path $registryPath -Name $Name2Complex -Value ([byt …
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidArgument: (:) [], RuntimeException
    + FullyQualifiedErrorId : InvalidCastFromStringToInteger

    Cannot convert value “0x7
    3” to type “System.Byte”. Error: “Additional non-parsable characters are at the end of the string.”
    At C:\Users\…..\Documents\RemediateOutlookFont.ps1:65 char:1
    + Set-ItemProperty -Path $registryPath -Name $Name3Complex -Value ([byt …
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidArgument: (:) [], RuntimeException
    + FullyQualifiedErrorId : InvalidCastFromStringToInteger

    Any suggestions?

      1. Hey! I’m also running into this error.. The detection is working correctly because it shows the “Not Compliant” warning. But in the remediation something is going wrong. I’ve created the files but it returns this error:

        , RuntimeException + FullyQualifiedErrorId : InvalidCastFromStringToInteger Cannot convert value “0x 00” to type “System.Byte”. Error: “Could not find any recognizable digits.” At C:\WINDOWS\IMECache\HealthScripts\b4e6997c-f852-45b0-a6b9-c894342357ee_1\remediate.ps1:62 char:1 + Set-ItemProperty -Path $registryPath -Name $Name3Simple -Value ([byte … +

        My remediation file looks like this:

        $ValueSimple = “3C,00,00,00,1F,00,00,F8,00,00,00,40,C8,00,00,00,00,00,00,00,00,00,00,FF,00,22,41,72,69,61,6C,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
        00,00,00”
        $ValueComposeComplex = “3C,68,74,6D,6C,3E,0D,0A,0D,0A,3C,68,65,61,64,3E,0D,0A,3C,73,74,79,6C,65,3E,0D,0A,0D,0A,20,2F,2A,20,53,74,79,6C,65,20,44,65,66,69,6E,69,74,69,6F,6E,73,20,2A,2F,0D,0A,20,73,
        70,61,6E,2E,50,65,72,73,6F,6F,6E,6C,69,6A,6B,65,6F,70,6D,61,61,6B,73,74,69,6A,6C,0D,0A,09,7B,6D,73,6F,2D,73,74,79,6C,65,2D,6E,61,6D,65,3A,22,50,65,72,73,6F,6F,6E,6C,69,6A,
        6B,65,20,6F,70,6D,61,61,6B,73,74,69,6A,6C,22,3B,0D,0A,09,6D,73,6F,2D,73,74,79,6C,65,2D,74,79,70,65,3A,70,65,72,73,6F,6E,61,6C,2D,63,6F,6D,70,6F,73,65,3B,0D,0A,09,6D,73,6F,
        2D,73,74,79,6C,65,2D,6E,6F,73,68,6F,77,3A,79,65,73,3B,0D,0A,09,6D,73,6F,2D,73,74,79,6C,65,2D,75,6E,68,69,64,65,3A,6E,6F,3B,0D,0A,09,6D,73,6F,2D,61,6E,73,69,2D,66,6F,6E,74,
        2D,73,69,7A,65,3A,31,30,2E,30,70,74,3B,0D,0A,09,6D,73,6F,2D,62,69,64,69,2D,66,6F,6E,74,2D,73,69,7A,65,3A,31,31,2E,30,70,74,3B,0D,0A,09,66,6F,6E,74,2D,66,61,6D,69,6C,79,3A,
        22,41,72,69,61,6C,22,2C,73,61,6E,73,2D,73,65,72,69,66,3B,0D,0A,09,6D,73,6F,2D,61,73,63,69,69,2D,66,6F,6E,74,2D,66,61,6D,69,6C,79,3A,41,72,69,61,6C,3B,0D,0A,09,6D,73,6F,2D,
        68,61,6E,73,69,2D,66,6F,6E,74,2D,66,61,6D,69,6C,79,3A,41,72,69,61,6C,3B,0D,0A,09,6D,73,6F,2D,62,69,64,69,2D,66,6F,6E,74,2D,66,61,6D,69,6C,79,3A,22,54,69,6D,65,73,20,4E,65,
        77,20,52,6F,6D,61,6E,22,3B,0D,0A,09,6D,73,6F,2D,62,69,64,69,2D,74,68,65,6D,65,2D,66,6F,6E,74,3A,6D,69,6E,6F,72,2D,62,69,64,69,3B,0D,0A,09,63,6F,6C,6F,72,3A,77,69,6E,64,6F,
        77,74,65,78,74,3B,7D,0D,0A,2D,2D,3E,0D,0A,3C,2F,73,74,79,6C,65,3E,0D,0A,3C,2F,68,65,61,64,3E,0D,0A,0D,0A,3C,2F,68,74,6D,6C,3E,0D,0A”
        $ValueReplyComplex = “3C,68,74,6D,6C,3E,0D,0A,0D,0A,3C,68,65,61,64,3E,0D,0A,3C,73,74,79,6C,65,3E,0D,0A,0D,0A,20,2F,2A,20,53,74,79,6C,65,20,44,65,66,69,6E,69,74,69,6F,6E,73,20,2A,2F,0D,0A,20,73,
        70,61,6E,2E,50,65,72,73,6F,6F,6E,6C,69,6A,6B,65,61,6E,74,77,6F,6F,72,64,73,74,69,6A,6C,0D,0A,09,7B,6D,73,6F,2D,73,74,79,6C,65,2D,6E,61,6D,65,3A,22,50,65,72,73,6F,6F,6E,6C,
        69,6A,6B,65,20,61,6E,74,77,6F,6F,72,64,73,74,69,6A,6C,22,3B,0D,0A,09,6D,73,6F,2D,73,74,79,6C,65,2D,74,79,70,65,3A,70,65,72,73,6F,6E,61,6C,2D,72,65,70,6C,79,3B,0D,0A,09,6D,
        73,6F,2D,73,74,79,6C,65,2D,6E,6F,73,68,6F,77,3A,79,65,73,3B,0D,0A,09,6D,73,6F,2D,73,74,79,6C,65,2D,75,6E,68,69,64,65,3A,6E,6F,3B,0D,0A,09,6D,73,6F,2D,61,6E,73,69,2D,66,6F,
        6E,74,2D,73,69,7A,65,3A,31,30,2E,30,70,74,3B,0D,0A,09,6D,73,6F,2D,62,69,64,69,2D,66,6F,6E,74,2D,73,69,7A,65,3A,31,31,2E,30,70,74,3B,0D,0A,09,66,6F,6E,74,2D,66,61,6D,69,6C,
        79,3A,22,41,72,69,61,6C,22,2C,73,61,6E,73,2D,73,65,72,69,66,3B,0D,0A,09,6D,73,6F,2D,61,73,63,69,69,2D,66,6F,6E,74,2D,66,61,6D,69,6C,79,3A,41,72,69,61,6C,3B,0D,0A,09,6D,73,
        6F,2D,68,61,6E,73,69,2D,66,6F,6E,74,2D,66,61,6D,69,6C,79,3A,41,72,69,61,6C,3B,0D,0A,09,6D,73,6F,2D,62,69,64,69,2D,66,6F,6E,74,2D,66,61,6D,69,6C,79,3A,22,54,69,6D,65,73,20,
        4E,65,77,20,52,6F,6D,61,6E,22,3B,0D,0A,09,6D,73,6F,2D,62,69,64,69,2D,74,68,65,6D,65,2D,66,6F,6E,74,3A,6D,69,6E,6F,72,2D,62,69,64,69,3B,0D,0A,09,63,6F,6C,6F,72,3A,77,69,6E,
        64,6F,77,74,65,78,74,3B,7D,0D,0A,2D,2D,3E,0D,0A,3C,2F,73,74,79,6C,65,3E,0D,0A,3C,2F,68,65,61,64,3E,0D,0A,0D,0A,3C,2F,68,74,6D,6C,3E,0D,0A”
        $ValueTextComplex = “3C,68,74,6D,6C,3E,0D,0A,0D,0A,3C,68,65,61,64,3E,0D,0A,3C,73,74,79,6C,65,3E,0D,0A,0D,0A,20,2F,2A,20,53,74,79,6C,65,20,44,65,66,69,6E,69,74,69,6F,6E,73,20,2A,2F,0D,0A,20,70,
        2E,4D,73,6F,50,6C,61,69,6E,54,65,78,74,2C,20,6C,69,2E,4D,73,6F,50,6C,61,69,6E,54,65,78,74,2C,20,64,69,76,2E,4D,73,6F,50,6C,61,69,6E,54,65,78,74,0D,0A,09,7B,6D,73,6F,2D,73,
        74,79,6C,65,2D,6E,6F,73,68,6F,77,3A,79,65,73,3B,0D,0A,09,6D,73,6F,2D,73,74,79,6C,65,2D,70,72,69,6F,72,69,74,79,3A,39,39,3B,0D,0A,09,6D,73,6F,2D,73,74,79,6C,65,2D,6C,69,6E,
        6B,3A,22,54,65,6B,73,74,20,7A,6F,6E,64,65,72,20,6F,70,6D,61,61,6B,20,43,68,61,72,22,3B,0D,0A,09,6D,61,72,67,69,6E,3A,30,63,6D,3B,0D,0A,09,6D,73,6F,2D,70,61,67,69,6E,61,74,
        69,6F,6E,3A,77,69,64,6F,77,2D,6F,72,70,68,61,6E,3B,0D,0A,09,66,6F,6E,74,2D,73,69,7A,65,3A,31,30,2E,30,70,74,3B,0D,0A,09,6D,73,6F,2D,62,69,64,69,2D,66,6F,6E,74,2D,73,69,7A,
        65,3A,31,30,2E,35,70,74,3B,0D,0A,09,66,6F,6E,74,2D,66,61,6D,69,6C,79,3A,22,41,72,69,61,6C,22,2C,73,61,6E,73,2D,73,65,72,69,66,3B,0D,0A,09,6D,73,6F,2D,66,61,72,65,61,73,74,
        2D,66,6F,6E,74,2D,66,61,6D,69,6C,79,3A,43,61,6C,69,62,72,69,3B,0D,0A,09,6D,73,6F,2D,66,61,72,65,61,73,74,2D,74,68,65,6D,65,2D,66,6F,6E,74,3A,6D,69,6E,6F,72,2D,6C,61,74,69,
        6E,3B,0D,0A,09,6D,73,6F,2D,62,69,64,69,2D,66,6F,6E,74,2D,66,61,6D,69,6C,79,3A,22,54,69,6D,65,73,20,4E,65,77,20,52,6F,6D,61,6E,22,3B,0D,0A,09,6D,73,6F,2D,62,69,64,69,2D,74,
        68,65,6D,65,2D,66,6F,6E,74,3A,6D,69,6E,6F,72,2D,62,69,64,69,3B,0D,0A,09,6D,73,6F,2D,66,61,72,65,61,73,74,2D,6C,61,6E,67,75,61,67,65,3A,45,4E,2D,55,53,3B,7D,0D,0A,2D,2D,3E,
        0D,0A,3C,2F,73,74,79,6C,65,3E,0D,0A,3C,2F,68,65,61,64,3E,0D,0A,0D,0A,3C,2F,68,74,6D,6C,3E,0D,0A”

        $registryPath = ‘HKCU:\SOFTWARE\Microsoft\Office\16.0\Common\mailsettings’
        $Name1Simple = “ComposeFontSimple”
        $Name1Complex = “ComposeFontComplex”
        $Name2Simple = “ReplyFontSimple”
        $Name2Complex = “ReplyFontComplex”
        $Name3Simple = “TextFontSimple”
        $Name3Complex = “TextFontComplex”

        $hexSimple = $ValueSimple.Split(‘,’) | % { “0x$_”}
        $hexComposeComplex = $ValueComposeComplex.Split(‘,’) | % { “0x$_”}
        $hexReplyComplex = $ValueReplyComplex.Split(‘,’) | % { “0x$_”}
        $hexTextComplex = $ValueTextComplex.Split(‘,’) | % { “0x$_”}

        IF(!(Test-Path $registryPath))
        {
        New-Item -Path $registryPath -Force | Out-Null
        New-ItemProperty -Path $registryPath -name NewTheme -PropertyType string
        New-ItemProperty -Path $registryPath -Name $Name1Simple -Value ([byte[]]$hexSimple) -PropertyType Binary -Force
        New-ItemProperty -Path $registryPath -Name $Name2Simple -Value ([byte[]]$hexSimple) -PropertyType Binary -Force
        New-ItemProperty -Path $registryPath -Name $Name3Simple -Value ([byte[]]$hexSimple) -PropertyType Binary -Force
        New-ItemProperty -Path $registryPath -Name $Name1Complex -Value ([byte[]]$hexComposeComplex) -PropertyType Binary -Force
        New-ItemProperty -Path $registryPath -Name $Name2Complex -Value ([byte[]]$hexReplyComplex) -PropertyType Binary -Force
        New-ItemProperty -Path $registryPath -Name $Name3Complex -Value ([byte[]]$hexTextComplex) -PropertyType Binary -Force
        }

        ELSE {
        Set-ItemProperty -Path $registryPath -name NewTheme -value $null
        Set-ItemProperty -Path $registryPath -name ThemeFont -value 2
        Set-ItemProperty -Path $registryPath -Name $Name1Simple -Value ([byte[]]$hexSimple) -Force
        Set-ItemProperty -Path $registryPath -Name $Name2Simple -Value ([byte[]]$hexSimple) -Force
        Set-ItemProperty -Path $registryPath -Name $Name3Simple -Value ([byte[]]$hexSimple) -Force
        Set-ItemProperty -Path $registryPath -Name $Name1Complex -Value ([byte[]]$hexComposeComplex) -Force
        Set-ItemProperty -Path $registryPath -Name $Name2Complex -Value ([byte[]]$hexReplyComplex) -Force
        Set-ItemProperty -Path $registryPath -Name $Name3Complex -Value ([byte[]]$hexTextComplex) -Force
        }

        Did I forget to set a value somewhere? I’m in doubt about the registry path, because in the detection script it’s different?

        Any help would be appreciated!

        1. Hi Sebastian,

          I’m now able to reproduce the issue. This was not the case when writing the blog.

          Errors shown here:
          – Value was either too large or too small for an unsigned byte.
          – Additional non-parsable characters are at the end of the string.

          Probably the way we’re filling the parameters is not recognizable for PowerShell. When I run the $HexSimple parameter I see a blank space in the output which is probably leading to the issue. I need to find spare time to investigate.

          1. Sorry for my late reply, I understand that finding the time to investigate is hard.. If you could I would be very pleased, but if you don’t find the time i’d also understand.
            Thanks in advance.

Leave a Reply

Your email address will not be published. Required fields are marked *

10 + 18 =