Most physical machines I can get this relevance to work:
Q: component string of sid of security account (name of users)
A: S-1-5-21-2628464361-4195941632-696843433-500
But on a lot of our VDI I get:
Q: component string of sid of security account (name of current user)
E: Singular expression refers to nonexistent object.
Created an analysis to prove that BigFix can’t get to these keys:
What could block BigFix from seeing the user sids?
‘current user’ returns the local, console user only, which likely doesn’t exist in a VDI deployment. See https://developer.bigfix.com/relevance/reference/logged-on-user.html#current-user-logged-on-user
For RDP users, you’d need to loop through ‘logged on users’, see https://developer.bigfix.com/relevance/reference/logged-on-user.html#logged-on-user-logged-on-user
Thank you, I’ll check that.
How would I rewrite this relevance to get logged on user?
/* IE set as default */ exists value whose (name of it as string as lowercase is “ProgId” as lowercase and it as string as lowercase is “IE.HTTP” as lowercase) of key (“HKEY_USERS” & (name of key whose ((it = name of current user as lowercase OR it starts with name of current user as lowercase & “@”) of (it as string as lowercase) of value “USERNAME” of key “Volatile Environment” of it) of key “HKEY_USERS” of registry) & “\SOFTWARE\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice”) of native registry
Got it:
Q: “HKEY_USERS” & component string of sid of security account (name of logged on user) & "\SOFTWARE\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice"
A: HKEY_USERS\S-1-5-21-484763869-1972579041-1801674531-309885\SOFTWARE\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice
T: 2.636 ms
Q: exists value whose (name of it as string as lowercase is “ProgId” as lowercase and it as string as lowercase is “IE.HTTP” as lowercase) of key (“HKEY_USERS” & component string of sid of security account (name of logged on user) & “\SOFTWARE\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice” as string) of registry
A: False
T: 1.583 ms
I’m glad you got a solution that works for you! Since you’re dealing with the Registry, I’d point out that we also have a native inspector to get there - user keys of logged on users
q: pathnames of user keys of logged on users
A: HKEY_USERS\S-1-5-21-43832465-3787473372-2335918448-500
T: 0.031 ms
q: pathnames of keys "SOFTWARE\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice" of user keys of logged on users
A: HKEY_USERS\S-1-5-21-43832465-3787473372-2335918448-500\SOFTWARE\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice
T: 0.044 ms
q: values "ProgId" of keys "SOFTWARE\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice" of user keys of logged on users
A: ChromeHTML
T: 0.029 ms
q: exists values "ProgId" whose (it as string as lowercase is "IE.HTTP" as lowercase) of keys "SOFTWARE\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice" of user keys of logged on users
A: False
T: 0.058 msThank you for the examples. Good teacher.