All workstations showing up. Relevance ignored by Console?

(imported topic written by Xiurzeph91)

I am creating a relevance task to check for the MS11-021 patch bug causing Microsoft Excel to open slowly and or crash, but I cant seem to get the workstations in our environment to show up even though the test environment answers to the relevance below:

Q: name OF operating system AS lowercase is “WinXP” AS lowercase

A: True

Q: EXISTS regapp “EXCEL.EXE”

A: True

Q: Exists value “EnableOnLoad” OF key “HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\11.0\Excel\Security\FileValidation” OF registry

A: False

Q: EXISTS value “UninstallString” OF key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall{90140000-2005-0000-0000-0000000FF1CE}” OF registry

A: True

Q: NOT EXISTS key “HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\11.0\Excel\Security\FileValidation” whose (value “EnableOnLoad” of it as string is “0” as string) OF registry

A: True

When I put it all together and test a system using the debugger, the answer will change to true when the registry key is not present and will change to false when the registry key is present, but when I pass this relevance to TEM, all the workstations show up. Its as if the “registry” part of this relevance is being ignored completely:

(name OF operating system AS lowercase is “WinXP” AS lowercase) AND (EXISTS regapp “EXCEL.EXE”) AND (EXISTS value “UninstallString” OF key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall{90140000-2005-0000-0000-0000000FF1CE}” OF registry) AND NOT (EXISTS key “HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\11.0\Excel\Security\FileValidation” whose (value “EnableOnLoad” of it as string is “0” as string) OF registry)

A: True

Also, we just upgraded to Just upgraded to Console Version 8.1., but I don’t know if that makes a significant difference.

(imported comment written by Xiurzeph91)

Update: Trying the following:

(name OF operating system AS lowercase is “WinXP” AS lowercase) AND (EXISTS regapp “EXCEL.EXE”) AND (EXISTS value “UninstallString” OF key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall{90140000-2005-0000-0000-0000000FF1CE}” OF registry) AND (NOT EXISTS key “HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\11.0\Excel\Security\FileValidation” whose (value of it is 0) of registry)

Update: Same results.

Update: Attempting:

(name OF operating system AS lowercase is “WinXP” AS lowercase) AND (EXISTS regapp “EXCEL.EXE”) AND (EXISTS value “UninstallString” OF key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall{90140000-2005-0000-0000-0000000FF1CE}” OF registry) AND NOT (EXISTS keys “Software\Policies\Microsoft\Office\11.0\Excel\Security\FileValidation” whose (value of it is 0) of current user keys (logged on users) of registry)

Update: Same results.

(imported comment written by jeremylam)

When you run the Fixlet Debugger, it uses the logged in user context to evaluate relevance, unless you have selected the menu option Debug->Evaluate Using->Local Client Evaluator (which is not the default). When the client evaluates relevance, it uses the system user context, which has a different HKEY_CURRENT_USER branch.

(imported comment written by Xiurzeph91)

Switching that just shows the following for everything:

E: Windows Error: The system cannot find the file specified.

(imported comment written by BenKus)

FYI: https://www.ibm.com/developerworks/mydeveloperworks/wikis/home?lang=en#/wiki/Tivoli%20Endpoint%20Manager/page/Relevance%20Tips

(and I like the BigFix/Dr.Dre Beats icon you are using).

Ben

(imported comment written by Xiurzeph91)

Thanks. I’m going to try:

EXISTS key “Software\Policies\Microsoft\Office\11.0\Excel\Security\FileValidation” WHOSE (value of it is 0) of current user keys (logged on users) of registry

Ben Kus

FYI: https://www.ibm.com/developerworks/mydeveloperworks/wikis/home?lang=en#/wiki/Tivoli%20Endpoint%20Manager/page/Relevance%20Tips

(and I like the BigFix/Dr.Dre Beats icon you are using).

Ben

…and yeah, i can’t believe how similar the logos are!

(imported comment written by coh_is91)

I seem to be having some issues with the “current user keys” inspector. I’ve got applicable and success relevance checks that need to check the HKEY_CURRENT_USERS reg keys:

Applicable checks:

#1 (exists current user)   #2 

if (exists key 
"HKEY_CURRENT_USER\Control Panel\PowerCfg\PowerPolicies" whose (exists key whose (value 
"Name" of it as string as lowercase contains 
"somevalue") of it) of current user keys (logged on users) of registry) AND (((value 
"CurrentPowerPolicy" of it as integer) of key 
"HKEY_CURRENT_USER\Control Panel\PowerCfg" of current user keys (logged on users) of registry) = (name of key whose (value 
"Name" of it as string as lowercase contains 
"somevalue") of key 
"HKEY_CURRENT_USER\Control Panel\PowerCfg\PowerPolicies"of current user keys (logged on users)  of registry) as integer) then 

false 

else 

true   #3 not exists settings whose (name of it contains 
"PowerManagement_LastManStanding" AND value of it = 
"1") of client)

Success:

if (exists key 
"HKEY_CURRENT_USER\Control Panel\PowerCfg\PowerPolicies" whose (exists key whose (value 
"Name" of it as string as lowercase contains 
"somevalue") of it) of current user keys (logged on users) of registry) AND (((value 
"CurrentPowerPolicy" of it as integer) of key 
"HKEY_CURRENT_USER\Control Panel\PowerCfg" of current user keys (logged on users) of registry) = (name of key whose (value 
"Name" of it as string as lowercase contains 
"somevalue") of key 
"HKEY_CURRENT_USER\Control Panel\PowerCfg\PowerPolicies" of current user keys (logged on users) of registry) as integer) then 

false 

else 

true

There may be a better way to construct these, but it’s the best I could do with the information I gathered from existing fixlets, and this site.

I checked and rechecked using the relevance debugger, and all checks past. When I ran the fixlet, it was discovered that the client uses the System account when checking relevance, as each deployment failed the successful relevancy check. Bummer!! Thankfully, I was able to find this thread and the IBM Relevance Tips.

The problem I’m having now is checking using the debugger. Do I include the “current user keys” inspector when debugging, or is this only relevant when the fixlet runs? I’ve switched between both Evaluate options (Local Fixlet Evaluator and Local Client Evaluator), but the results are not returning as expected.

For example: When checking to see if the key exists, with the initial EXISTS statement of the success code (#2 above), it evaluates to False, no matter what I change the string to. When I remove “current user keys” from the evaluation, it evaluates to true, until I change the string to a value that does not exist. The remainder of the code results in similar problems, particularly in reporting a nonexistent object when just retrieving the current value of the CurrentPowerPolicy. It’s gonna be a little hard to compare the two values, when one of the is reporting as nonexistent.

This is making it a little difficult to create a successful relevancy check for both applicability and successful deployment.

Any help would be greatly appreciated.

Thanks in advance,

Ethan