Cannot delete registry entries using fixlet, tried several methods

I’m trying to delete statically set KMS server names in the Windows registry on our computers. I’ve never had an issue deleting registry entries, but it seems every method I attempt to use for deleting the entries simply doesn’t work in the fixlet. Sorry if this is a little long, I’ve tried to give the essentials of what I’ve done.

I’ve tried:

1. This method (which I’ve used in past fixlets): http://www-01.ibm.com/support/docview.wss?uid=swg21506061
Action Script:
delete __appendfile
delete regdel.reg
appendfile REGEDIT4
appendfile [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform]
appendfile “KeyManagementServiceName”=-
appendfile [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform]
appendfile “KeyManagementServiceName”=-
move __appendfile regdel.reg
wait regedit /s regdel.reg
waithidden cmd.exe /c cscript c:\Windows\System32\slmgr.vbs /ckms

After lots of tweaking (trying dos, etc) I still couldn’t get this to work. Even though the cscript slmgr.vbs command would work at the end successfully, the registry entries would not delete.

2. Next I tried using a .reg and a .cmd:
%~d0
cd %~dp0
regedit /s delete_kms_names.reg
cscript c:\Windows\System32\slmgr.vbs /ckms

and the reg file (delete_kms_names.reg):
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform]
“KeyManagementServiceName”=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform]
“KeyManagementServiceName”=-

Clicking the batch script on the computer would delete the registry entries no problem, but as a fixlet it would not work (just used a generated actionscript through software distribution). It runs the cscript slmgr.vbs command, but the registry entries aren’t deleted.

3. Finally, I tried using REG DELETE command instead of regedit /s and a .reg file. This is what the cmd batch script looks like:
REG DELETE “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform” /v KeyManagementServiceName /f
REG DELETE “HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform” /v KeyManagementServiceName /f
cscript c:\Windows\System32\slmgr.vbs /ckms

Once again, clicking the cmd on the computer and the reg entries disappear (with a ‘successfully deleted’ message), but as a fixlet it fails to delete the entries and only runs the cscript slmgr.vbs command. Interestingly, converting this method to an actionscript and redirecting the output to a log file, the log file shows the REG DELETE commands running, but there is no ‘success’ or ‘failure’ message or output of any kind like there is when the cmd is clicked. Of course, the cscript slmgr.vbs command always works (with the same output as clicking the cmd), just the attempts to delete the registry entries fail. For reference, here is what the actionscript looks like:
waithidden cmd.exe /c REG DELETE “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform” /v KeyManagementServiceName /f > C:\kms.log
waithidden cmd.exe /c REG DELETE “HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform” /v KeyManagementServiceName /f >> c:\kms.log
// Clear the server and set to auto-discovery through DNS
waithidden cmd.exe /c cscript c:\Windows\System32\slmgr.vbs /ckms >> C:\kms.log

We are currently utilizing all of these methods to create and delete registry entries in working fixlets in our environment, so I’m at a loss to explain how this situation is different and why running these commands through BigFix have no effect.

Any help or insight would be greatly appreciated.

The usual reason that something like this doesn’t work is either it brings up a dialog or it is trying to do something with a user context and the client runs as Local System so doesn’t have a user context. This is an activation key so its possible something is interacting.

Have you tried running as a current user (of course you need to know one is logged in… )

 <set up your .reg file>
 override wait
    completion=job
    hidden=true
    runas=currentuser
 wait regedit /s regdel.reg

Thanks for the reply Alan.

The /s is silent for regedit, so no dialog should come up, and nothing does with the cmd batch scripts which work fine when clicked on the computer (as admin). Also, it can’t be getting hung up because the last command (the cscript slmgr.vbs) always successfully runs in the fixlet. That’s not to say that something isn’t interrupting the registry commands and causing them not to run, but it seems unlikely to be a dialog or anything hung up or it would never make it to the last command which always succeeds just fine.

Also, this can’t run in the current user context since none of our users have admin rights and thus couldn’t modify HKLM. But, that is fine, there is nothing that depends on the user context, unless suddenly system doesn’t have registry access, which I definitely haven’t encountered that issue using other fixlets.

That’s what makes it all the more perplexing is this is a very simple fixlet, delete to registry values and run a vbs script, never had this much trouble getting something like this working.

Thanks again for the input.

@stupac

Have you tried running the actionscript statements above in fixlet debugger? If so, what are your results?

I would try to isolate the registry deletion in fixlet debugger and ensure it works prior to the slmgr.vbs.

Also, I have seen in the past instances where the registry commands run too fast and you could come across racing conditions in your actionscript. I think it is a good idea to always add something like this:

pause while {(exists value "KeyManagementServiceName" of key "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" of registry)}

Good luck!

This issue might be due to WOW64 redirection.

Try this actionscript:

regdelete "[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform]" "KeyManagementServiceName"

regdelete64 "[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform]" "KeyManagementServiceName"