Apologies for going over old ground but I have read the posts on inspecting Current (logged on) user registry keys but am having no success.
I can evaluate the key successfully:
values “DisablePst” of keys “Software\Microsoft\Office\11.0\Outlook” of current user keys (logged on users) of registry
But when I am compiling the relevance in order to target and ammend the key I’m hitting problems. When testing, the relevance is returning false which is incorrect:
Relevance below:
(exists current user) AND (value “DisablePst” of key “Software\Microsoft\Office\11.0\Outlook” of (key whose ((it = name of current user as lowercase OR it starts with name of current user as lowercase & “@” ) of (it as string as lowercase) of value “Logon User Name” of key “Software\Microsoft\Windows\CurrentVersion\Explorer” of it) of key “HKEY_USERS” of registry) = “dword:000000001”)
I’ve probably made a simple mistake but any assistance would be appreciated.
exists value “DisablePst” whose (it as integer = 1) of keys “Software\Microsoft\Office\11.0\Outlook” of current user keys (logged on users) of registry
Note I didn’t test and it might not work quite right…
hey all, I know the (current user key) topic has been flogged to death but I cannot for the love of money get it to work. When i submit the following in a logged in PC (AD domain) using relevance debugger…
q: exists (current user key (logged on user) of registry)
A: False
not quite i expected which explains why the following action of mine is not working…
——
if {exists current user}
if {exists keys whose ((it contains “TRIM”) of (name of it as lowercase)) of keys “Software\Tower Software” of current user keys (logged on users) of registry}
createfile until END_CREATE
Windows Registry Editor Version 5.00
-HKEY_CURRENT_USER\Software\Tower Software
END_CREATE
delete __Download\removetrim.reg
move __createfile __Download\removetrim.reg
wait __Download\RunAsCurrentUser.exe --w “{pathname of windows folder & “\regedit.exe”}” /s __Download\removetrim.reg
endif
endif
—</action script>—
The registry hack by itself works on the current user but the relevance
never
evaluates to true, and hence never runs .
I’m running 8.0.67. Any assistance would be greatly appreciated!
Try running the Relevance Debugger as the SYSTEM account for your testing: http://support.bigfix.com/cgi-bin/kbdirect.pl?id=1681 because as a user (even an admin user) of Windows, I don’t think you have access to run this query…
running that query from the console (ie running an action) yields no results either. As mentioned, the action works (using runasuser), but not the relevance.
Hi Ben, ran it as system user but still no success even tho I can see the key in regedit…
q: exists keys whose ((it contains “TRIM”) of (name of it as lowercase)) of keys “Software\Tower Software” of current user keys (logged on users) of registry
q: exists keys whose ((it contains “trim”) of (name of it as lowercase)) of keys “Software\Tower Software” of current user keys (logged on users) of registry
related to the current user topic (again), the following script runs without errors but doesnt do what I expect it to do, namely to delete a particular value “OPEN2631”. The relevance debugger was running under the system user and the relevance below evaluated false, even tho the value exists. Where did I go wrong?..
if {exists current user}
if {exists keys “Software\Microsoft\Office\10.0\Excel\Options” of current user keys (logged on users) whose ((value “open2631” of it as string as lowercase) of it = ("%22" & “C:\Program Files (x86)\TRIM Context\tsjExcel10Callback.xla” & “%22”) of (rope (value “open2631” of it as string as lowercase) as string)) of registry}
exists ((values “OPEN2631” of it) of keys whose ( (value “open2631” of it as string as lowercase) contains “test” as lowercase) of keys (“Software\Microsoft\Office\10.0\Excel\Options” as string as lowercase) of current user keys (logged on users) of registry)
but this does:
exists ((values “OPEN2631” of it) of keys (“Software\Microsoft\Office\10.0\Excel\Options” as string as lowercase) of current user keys (logged on users) of registry)
…I’m not able to test against data in values when using relevance with “current user keys (logged on users) of registry”.
hey Ben, the relevances were executed using the system account (as per ‘at’ command), but as mentioned one works but not the other…
Works:
exists ((values “OPEN2631” of it) of keys (“Software\Microsoft\Office\10.0\Excel\Options” as string as lowercase) of current user keys (logged on users) of registry)
Does not Work:
exists ((values “OPEN2631” of it) of keys whose ( (value “open2631” of it as string as lowercase) contains “test” as lowercase) of keys (“Software\Microsoft\Office\10.0\Excel\Options” as string as lowercase) of current user keys (logged on users) of registry)
Is my test for a key value correctly executed for a logged on user?
You might be trying to look at too many subkeys in your second expression… Try this:
exists (keys “Software\Microsoft\Office\10.0\Excel\Options” whose ( exists value “open2631” of it AND value “open2631” of it as string as lowercase contains “test” as lowercase) of current user keys (logged on users) of registry)
The final part of the key is a unique value which will change on each machine - hence I cannot build it into the relevance but need to use “keys of keys of” if it is at all possible?
