From 1893b51a70abb385a09bb9525eecd0da28f5898f Mon Sep 17 00:00:00 2001
From: Emil Vissing <51100929+emilvissing@users.noreply.github.com>
Date: Wed, 12 Nov 2025 21:04:45 -0500
Subject: [PATCH 1/3] Fix non-ASCII characters in OpenSSHUtils.psm1

---
 contrib/win32/openssh/OpenSSHUtils.psm1 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/contrib/win32/openssh/OpenSSHUtils.psm1 b/contrib/win32/openssh/OpenSSHUtils.psm1
index 70f4af6e1b6..5cd7ba2c09b 100644
--- a/contrib/win32/openssh/OpenSSHUtils.psm1
+++ b/contrib/win32/openssh/OpenSSHUtils.psm1
@@ -841,8 +841,8 @@ Function Add-MachinePath {
         $machinePath = (Get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Session Manager\Environment' -Name PATH).Path
         if (-not ($machinePath.ToLower().Contains("$FilePath;".ToLower()) -or $machinePath.ToLower().Contains("$FilePath\;".ToLower())))
         {
-            $newPath = $FilePath + ’;’ + $machinePath 
-            Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Session Manager\Environment' -Name PATH –Value $newPath
+            $newPath = $FilePath + ';' + $machinePath 
+            Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Session Manager\Environment' -Name PATH -Value $newPath
             if ((Get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Session Manager\Environment' -Name PATH).Path -eq $newPath) {
                 Write-Host "Updated Machine PATH to include OpenSSH directory, restart/re-login required to take effect globally" -ForegroundColor Yellow
             }

From e3c37b97c33b44ce90a9968816bcbacf0332f222 Mon Sep 17 00:00:00 2001
From: Emil Vissing <51100929+emilvissing@users.noreply.github.com>
Date: Wed, 12 Nov 2025 21:29:17 -0500
Subject: [PATCH 2/3] Fix Add-MachinePath to preserve registry value type and
 unexpanded variables

Refactor Add-MachinePath to avoid unintended modifications to the PATH registry value:

- Use GetValue() with DoNotExpandEnvironmentNames to preserve unexpanded environment variables (e.g., %SystemRoot%)
- Preserve original registry value type (REG_SZ vs REG_EXPAND_SZ) using GetValueKind()
- Keep original PATH entry values unchanged; normalization (expansion + backslash trimming) only used for duplicate detection
- Improve ShouldProcess implementation with proper message/prompt/description parameters for better -WhatIf/-Confirm support
- Enhance duplicate detection to compare expanded values, catching duplicates like C:\Windows\System32 vs %SystemRoot%\System32
---
 contrib/win32/openssh/OpenSSHUtils.psm1 | 31 +++++++++++++++++++------
 1 file changed, 24 insertions(+), 7 deletions(-)

diff --git a/contrib/win32/openssh/OpenSSHUtils.psm1 b/contrib/win32/openssh/OpenSSHUtils.psm1
index 5cd7ba2c09b..0332f2cbd04 100644
--- a/contrib/win32/openssh/OpenSSHUtils.psm1
+++ b/contrib/win32/openssh/OpenSSHUtils.psm1
@@ -838,13 +838,30 @@ Function Add-MachinePath {
     )
 
     if (Test-Path $FilePath) {
-        $machinePath = (Get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Session Manager\Environment' -Name PATH).Path
-        if (-not ($machinePath.ToLower().Contains("$FilePath;".ToLower()) -or $machinePath.ToLower().Contains("$FilePath\;".ToLower())))
-        {
-            $newPath = $FilePath + ';' + $machinePath 
-            Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Session Manager\Environment' -Name PATH -Value $newPath
-            if ((Get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Session Manager\Environment' -Name PATH).Path -eq $newPath) {
-                Write-Host "Updated Machine PATH to include OpenSSH directory, restart/re-login required to take effect globally" -ForegroundColor Yellow
+        $regKey    = Get-Item -Path 'HKLM:\System\CurrentControlSet\Control\Session Manager\Environment'
+        $pathValue = $regKey.GetValue('PATH', '', 'DoNotExpandEnvironmentNames')
+        $pathType  = $regKey.GetValueKind('PATH')
+
+        # Normalize for comparison only (expand variables and trim trailing backslash)
+        $normalizedFilePath = $FilePath.TrimEnd('\')
+        $normalizedEntries  = $pathValue -split ';' | ForEach-Object {
+            [Environment]::ExpandEnvironmentVariables($_).TrimEnd('\')
+        }
+
+        if ($normalizedEntries -notcontains $normalizedFilePath) {
+            $newPath = $FilePath + ';' + $pathValue
+
+            $message     = "Need to add the path to the Machine PATH environment variable."
+            $prompt      = "Shall I add '$FilePath' to Machine PATH?"
+            $description = "Add '$FilePath' to Machine PATH."
+
+            if ($PSCmdlet.ShouldProcess($description, $prompt, $message)) {
+                Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Session Manager\Environment' -Name PATH -Value $newPath -Type $pathType
+
+                $verifyValue = (Get-Item -Path 'HKLM:\System\CurrentControlSet\Control\Session Manager\Environment').GetValue('PATH', '', 'DoNotExpandEnvironmentNames')
+                if ($verifyValue -eq $newPath) {
+                    Write-Host "Updated Machine PATH to include OpenSSH directory, restart/re-login required to take effect globally" -ForegroundColor Yellow
+                }
             }
         }
     }

From 501a2d4f7faf4e73898ccb624719f5a7a653ebc7 Mon Sep 17 00:00:00 2001
From: Emil Vissing <ehv@vissingcompany.com>
Date: Wed, 12 Nov 2025 22:29:04 -0500
Subject: [PATCH 3/3] address comments

---
 contrib/win32/openssh/OpenSSHUtils.psm1 | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/contrib/win32/openssh/OpenSSHUtils.psm1 b/contrib/win32/openssh/OpenSSHUtils.psm1
index 0332f2cbd04..2d843b3e786 100644
--- a/contrib/win32/openssh/OpenSSHUtils.psm1
+++ b/contrib/win32/openssh/OpenSSHUtils.psm1
@@ -829,7 +829,7 @@ function Enable-Privilege {
     $type[0]::EnablePrivilege($Privilege, $Disable)
 }
 
-Function Add-MachinePath {
+function Add-MachinePath {
     [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact="High")]
     param
     (
@@ -843,12 +843,12 @@ Function Add-MachinePath {
         $pathType  = $regKey.GetValueKind('PATH')
 
         # Normalize for comparison only (expand variables and trim trailing backslash)
-        $normalizedFilePath = $FilePath.TrimEnd('\')
-        $normalizedEntries  = $pathValue -split ';' | ForEach-Object {
-            [Environment]::ExpandEnvironmentVariables($_).TrimEnd('\')
-        }
+        $normalizedFilePath = [Environment]::ExpandEnvironmentVariables($FilePath).TrimEnd('\')
+        $normalizedEntries = $pathValue -split ';' |
+            Where-Object { -not [string]::IsNullOrWhiteSpace($_) } |
+            ForEach-Object { [Environment]::ExpandEnvironmentVariables($_.Trim()).TrimEnd('\') }
 
-        if ($normalizedEntries -notcontains $normalizedFilePath) {
+        if ($normalizedEntries.Where({ $_ -ieq $normalizedFilePath }, 'First').Count -eq 0) {
             $newPath = $FilePath + ';' + $pathValue
 
             $message     = "Need to add the path to the Machine PATH environment variable."