Hi all,
I have been working on this and thought I nailed it. Its to disable Skype for business from starting with windows (current user setting in registry).
It looked good last week, and I added it to a baseline we use. I’m finding that the baseline keeps running over and over. When checking the relevance with QNA today, I see that this time I get an error on my laptop. Can anyone help me with this? I think the relevance needs to see that the value doesnt exist and return a false, instead of an error. error: Error: Singular expression refers to nonexistent object.
Relevance
exists (value "Lync" of key "Software\Microsoft\Windows\CurrentVersion\Run" of (key whose (((it = name of current user as lowercase OR it starts with name of current user as lowercase & "@") of (it as string as lowercase) of (if (name of operating system = "Win10") then value "USERNAME" of key "Volatile Environment" of it else value "Logon User Name" of key "Software\Microsoft\Windows\CurrentVersion\Explorer" of it))) of key "HKEY_USERS" of registry) as string as lowercase)
In some ways, the “best” way to handle this kind of thing, especially if you want it always set for all users, even future users, is to use Local GPO deployed with BigFix to delete this.
A different option is to use relevance to get ALL of the user keys that have the unwanted value, then actually delete ALL of them using a BAT file or similar.
The other option, which is the one you are covering here, is to delete the value but only if a user is currently logged in that has that value, and only from that particular user.
The option in which you are deleting the value from only the currently logged in user is bad to put in a baseline for a few reasons. One is if a new user logs in with the value, then it will run again. The other is if the current user checks the box to set skype to start with windows themselves, then it will run again. The other is if the software itself puts the key back, then it will run again.
This kind of configuration is better done as it’s own action all by itself.
That said, if your actual goal is to prevent it from starting with windows for all users regardless of user preference. Then I would recommend the Local GPO option.
Thank you for your excellent suggestion!
Great point about current user. We don’t use Active Directory any longer, but I suppose local group policy should be a good tool still.
I looked at your github and the fixlet. quite complex it’s taking me a bit to go through it. I am inclined to try manually setting the registry settings that a local GPO would enforce, so as to avoid all the work of creating, downloading, unzipping a pol file.
I am not actually doing all that, I am using the create file command to create the file that then I apply with LGPO utilities. (you do have to download and unzip the LGPO utilities though)
The method I use is to set the value desired using Local Group Policy on the machine using either GUI or command. Then use Local GPO utilities to dump that to a Registry.pol file, then convert that into the text version. Then I just copy and paste the part of that I want to deploy into the createfile command to be used in the fixlet/task. You would basically only need to change that part in my GitHub example: (plus the relevance)
Also, I was looking for this, and finally found it. Here is relevance from 2016 to generate a BAT file to delete the skype start with windows for all users: https://bigfix.me/relevance/details/3006205
Again, bowing to the master here!
I understand what you’re saying about creating the pol file now, makes sense. I’m still hesitant to go that deep with vbscript and downloading utilities as well. Not that your work isn’t excellent, because it is. I’m trying to keep it simpler if possible as I play with this.
Originally the whole point of just disabling Skype (Lync) was to avoid reinstalling the o365 suite as per microsofts instructions. I have hundreds of people sheltering in place at home, and the very last thing to do is interrupt workflows at this time
I was trying to figure out how you turn that relevance into an action? I’m researching but i feel like I’m wearing sunglasses at night sometimes with Bigfix.
well, the one I linked you is current, so it should work as is.
Also, the reason I am using the VBScript is so that i don’t have to also download unzip.exe but I could just have easily used unzip.exe instead of the VBScript. The nice thing about the VBScript option is there is no download involved to do the unzipping, so it is one less thing to manage and update if the unzip.exe has a new version. I’m just using the built in Windows APIs to do the unzip.
The LocalGPO utilities are super useful, and I think my example puts them into the utility cache so that they should only be downloaded once per endpoint, and then be maintained on the endpoint for future uses. One thing to point out is if you create a policy action with BigFix and there are no downloads or the downloads are already cached, then the device does not need network connectivity for BigFix to run them.
regarding the download, we are playing with using Github as the source for downloads, have you checked out the CURL windows command line utility? if you generate an authorization token in your github you can invoke it this way.
regarding the relevance, yes, that one. if i could take that output and make it into an action it would be interesting.
ok, this is my latest version, i figured out how to use the relevance in the action.
action uses wow64 redirection false
//stop Skype for business from running.
dos taskkill /im lync.exe /t /f
//this should remove all mentions from current user and local machine startup.
run {concatenation "%0d%0a" of ("REG DELETE " & it & " /v Lync /f") of unique values of (it as string) of keys "SOFTWARE\Microsoft\Windows\CurrentVersion\Run" whose(exists values "Lync" of it) of ( (keys of keys "HKEY_USERS" of it) ; (keys "HKEY_LOCAL_MACHINE" of it) ) of (x64 registries; x32 registries)}
//this is to change the default chat client for current user to teams. need to change to above method when possible.
delete __createfile
delete wizardedit.reg
createfile until @end_create_reg_file
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\IM Providers]
"DefaultIMApp"="Teams"
@end_create_reg_file
move __createfile wizardedit.reg
prefetch RunAsCurrentUser.exe sha1:ee47505ebfb2790b9da8a20ed70e67158e9753d0 size:342528 http://software.bigfix.com/download/bes/util/RunAsCurrentUser-2.0.3.1.exe sha256:1a9b518c775e2a85a7c47801e9b8221df338a65ad8df326485e4cd2aea22fe52
utility __Download\RunAsCurrentUser.exe
waithidden "__Download\RunAsCurrentUser.exe" --w regedit /s "wizardedit.reg"
it is best to use a prefetch command so that downloads can go over the relay caching, but also downloads get validated in the process by hash. If you use CURL directly on the endpoint then you will not benefit from relay caching and may overwhelm your network, but also you need to validate the hash or signature of the file after it is downloaded to make sure it hasn’t been tampered with, which a prefetch would do automatically.
You could have a script that runs on the root server periodically and pulls files from a GIT repo periodically and populates the root servers Uploads directory or similar, but it would be better in some ways to just use a source that the root server can pull from directly using plain HTTP/HTTPS and instead have it populate the root servers web cache which it can roll over automatically as needed.
There is a bigfix custom repo feature that I haven’t used but might also be relevant to solving this use case.
it’s taking me a bit to go through it. I am inclined to try manually setting the registry settings that a local GPO would enforce, so as to avoid all the work of creating, downloading, unzipping a pol file.
