I don’t know what I’m doing wrong here. I’m composing a task and its objective is to make sure an Outlook 2003 client has the following registry key set:
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\11.0\Outlook\RPC and the DWORD value “EnableRPCEncryption” =1.
((if( name of operating system starts with “Win” ) then platform id of operating system != 3 else false) AND ((language of version block of file “kernel32.dll” of system folder contains “English”) OR (exists key “HKLM\System\CurrentControlSet\Control\Nls\MUILanguages” whose (exists value of it) of registry)) AND (exists regapp “outlook.exe” whose (version of it >= “11.0.8169.0” AND version of it < "))) AND (NOT exists key “HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\11.0\Outlook\RPC” whose (value “EnableRPCEncryption” of it = 1) of registry)
—end of relevance—
After the task runs, the status shows completed. I then use the QNA tool and check the relevance for this test Outlook 2003 client that received the successful action. The QNA results are now showing false. Also, the registry settings are where they should be.
Despite the above, the weird parts are:
The PC that received the above action is still showing relevant.
I tried running the task again against this same OL2003 client and it successfully runs again (when I’m expect a “not relevant” status).
OK - Based on that 1909 article, I’m giving HKCU keys very special treatment. Massaging it, feeding it pizza and ice cream on demand, making dinner for it, etc. Unfortunately, these HKCU keys are still not detecting my site’s endpoint’s properly even though I run the QNA tool and get a true/false result back.
Here’s what I came up with on top of the above relevance:
Attempt #2 —> ((exists current user) AND (((not exists value “EnableRPCEncryption” whose (hexadecimal integer “1” = it) of key “SOFTWARE\Policies\Microsoft\Office\11.0\Outlook\RPC” of it)) of key “HKEY_CURRENT_USER” of registry))
Attempt #3 —> (not exists value “EnableRPCEncryption” whose (it = 1) of key “Software\Policies\Microsoft\Office\11.0\Outlook\RPC” of (key “HKEY_CURRENT_USER” of registry))
As mentioned before, my goal is to figure out if the cliients has the following registry key set to:
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\11.0\Outlook\RPC and the DWORD value “EnableRPCEncryption” = 1.
Despite the above, the weird parts are:
The one PC that became relevant based on the above relevance received the above action successfully (read: completed status) but is still showing relevant.
For some reason, only one PC (my test machine) is the only that is showing up relevant among the 10’s of thousands of endpoints here. I have read through all the HKCU-related pages but I still can’t figure out what I’m doing wrong.
Any other ideas? I might have to resort to bribery soon.
If you take a look at posting 1909, you’ll see that Ben’s relevance uses…
of current user keys (logged on users) of registry
rather than…
of key “HKEY_CURRENT_USER” of registry
Your relevance is running under the context of the local system account and thus any HKCU is relative to the system account’s settings and not of the users. That’s why it’s a bit tricky.
We ended up using this relevance, which takes a different approach, but was better suited to our particular short-term need (and which reflects the fact that we’re using a utility written in C to handle the actual configuration of the targets):
name of operating system as lowercase starts with “win” and exists regapp “outlook.exe” whose (version of it >= “11.0.8169.0” and version of it < ") and (not exists key “HKEY_LOCAL_MACHINE\SOFTWARE\Stanford\EnableRPCEncryption” whose (exists value “value” of it and value “value” of it = “1”) of x32 registry or (not exist keys “Software” whose (exists key “Policies” whose (exists key “Microsoft” whose (exists key “Office” whose (exists key “11.0” of it and exists key “12.0” of it and exists key “14.0” of it) of it) of it) of it) of it of keys of key “HKEY_USERS” of registry or exist keys whose (name of it ends with regex (“11.0|12.0|14.0”) and not exists key “Outlook” whose (exists key “RPC” of it) of it) of keys “Office” of keys “Microsoft” of keys “Policies” of keys “Software” of keys of key “HKEY_USERS” of registry or exist keys “RPC” whose (not exists value “EnableRPCEncryption” of it or value “EnableRPCEncryption” of it != 1) of keys “Outlook” of keys whose (name of it ends with regex (“11.0|12.0|14.0”)) of keys “Office” of keys “Microsoft” of keys “Policies” of keys “Software” of keys of key “HKEY_USERS” of registry))
While I was at it, I wrote an analysis property that performs the same check for currently logged-on users only:
if (not exist logged on users) then “N/A” else (if (not exist keys “Software\Policies\Microsoft\Office” of current user keys (logged on users) of registry or exist keys “Software\Policies\Microsoft\Office” whose (not exists key “11.0” of it or not exists key “12.0” of it or not exists key “14.0” of it) of current user keys (logged on users) of registry or exist keys whose (name of it ends with regex (“11.0|12.0|14.0”) and not exists key “Outlook” whose (exists key “RPC” of it) of it) of keys “Software\Policies\Microsoft\Office” of current user keys (logged on users) of registry or exist keys “RPC” whose (not exists value “EnableRPCEncryption” of it or value “EnableRPCEncryption” of it != 1) of keys “Outlook” of keys whose (name of it ends with regex (“11.0|12.0|14.0”)) of keys “Software\Policies\Microsoft\Office” of current user keys (logged on users) of registry) then “False” else “True”)
