Delete GUID-based registry key

Shannon · January 10, 2022, 10:32pm

Good evening, I was hoping someone could lend me hand on figuring out how to write the action script needed to delete registry keys that have a specific IP address in the value data?

In short I want to remove any values in
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ConSecRules"
whose value data contains eg. “192.168.1.1”

I’ve got this to work to detect its presence
exists values of (it;keys of it) whose (exist value whose (it as string as lowercase contains "192.168.1.1") of it) of keys "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ConSecRules" of registry

but I can’t seem to make the leap to getting the matching values deleted in action script.

I lifted this from another part of the forum to try without success so any help would be much appreciated!

if{exists values of (it;keys of it) whose (exist value whose (it as string as lowercase contains "192.168.1.1") of it) of keys "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ConSecRules" of registry}
	parameter "keys1" = "{"%22" & (concatenation "%22,%22" of (pathnames of keys "SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ConSecRules" whose (exists value "192.168.1.1" of it) of keys of key "HKLM" of registry)) & "%22"}"
	waithidden cmd.exe /c "for %a in ({parameter "keys1"}) do (reg delete %a /v "192.168.1.1" /f)"
endif

For further explanation the values of the keys in question are GUIDs so the systems we’re trying to run this on will all have different value names like this.

q:(names of it) of values of keys "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ConSecRules" of registry
A: {F39264DF-B57E-49A2-A7E2-851A5F54BDDC}
A: {98497B52-6FAE-4734-B145-3C8EFAC1F217}
T: 0.625 ms
I: plural string

Alright so I’ve got this working to provide the command I need even though its a singular expression for what will be a non unique object I could always run it twice I suppose. My problem now is how to make this work in action script?

q: concatenation "%0d%0a" of ("reg delete %22" & "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ConSecRules" & "%22 /f") & (name of it) of value of (it;key of it) whose (exist value whose (it as string as lowercase contains "192.168.1.1") of it) of keys "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ConSecRules" of registry
A: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ConSecRules" /f{F39264DF-B57E-49A2-A7E2-851A5F54BDDC}
E: Singular expression refers to non-unique object.

SLB · January 11, 2022, 11:18pm

Try

parameter "MyValues" = "{(concatenation " " of names of values whose (it as string = "192.168.1.1") of keys "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ConSecRules" of registry)}"

waithidden cmd.exe /c "for %a in ({parameter "MyValues"}) do (reg delete HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ConSecRules /v %a /f)"

Your method was trying to pass the pathname of the value to /v instead of the value name

Shannon · January 12, 2022, 4:39pm

Thanks mate, I was definitely over complicating the issue, your method worked perfectly!