Hello All,
I’m trying to delete the regkey value which are under Current User Hive … But My Bigfix is running on system account… I have tried all the possibilities below is my action script.
Action Script:
action uses wow64 redirection false@end_create_reg_file @end_create_reg_file
prefetch RunAsCurrentUser.exe sha1:ee47505ebfb2790b9da8a20ed70e67158e9753d0 size:342528 http://software.bigfix.com/download/bes/util/RunAsCurrentUser-2.0.3.1.exe sha256:1a9b518c775e2a85a7c47801e9b8221df338a65ad8df326485e4cd2aea22fe52
waithidden “__Download\RunAsCurrentUser.exe” regedit /s wizardedit.reg
Please Help Me… to get out from this situation…
Thanks in Advance…
DaveG
May 10, 2018, 3:35pm
2
I do this by setting a parameter to the current SID:
parameter “sid” = “{component string of sid of security account(SID of logged on user as string)}”
and then calling that:
[HKEY_USERS\{parameter “sid”}\Software\Microsoft\Windows\CurrentVersion" etc etc
1 Like
There are 2 inspectors, “Logged on user” and “current user” that are helpful here that return the “HKEY_USERS\SID value”. You can use them with native action script instead of writing a .BAT file if desired, or just insert them in your reg command:
regdelete “[{user key of logged on user}\Software\Microsoft\Windows\CurrentVersion\etc.]”
reg.exe delete {user key of logged on user}\Software\Microsoft\Windows\CurrentVersion\etc.
or
regdelete “[{user key of current user}\Software\Microsoft\Windows\CurrentVersion\etc.]”
reg.exe delete {user key of current user}\Software\Microsoft\Windows\CurrentVersion\etc.
However, bear in mind that there is a difference between “Logged on user” and “Current user”. “Current user” is the one logged in locally, sitting in front of the PC, “Logged on user” can be either locally or RDP.
3 Likes
Thanks For the reply DaveG…
Thanks JkJ1962 ,
When I open Fixlet deburger and tried below relevance. It shows below error.
Q: user key of current user
DaveG
May 11, 2018, 1:00pm
6
Venkata_Avinash:
user key of current user
Change to local client evaluator under Debug / Evalutate using.
Venkata_Avinash:
Tried using local client evaluator Only…
Tried using local client evaluator Only…
DaveG
May 11, 2018, 1:38pm
9
Weird, worked for me. Not sure
Hello DaveG,
When I tried in Fixlet Debugger in Local Evaluator
It shows "relevance clauses must be surrounded by { and } guards"
DaveG
May 13, 2018, 2:34pm
11
you can’t really set a parameter in the debugger, that’s the action script.
Just use component string of sid of security account(SID of logged on user as string) in the debugger to get the result.
What jkj1862 posted would probably be the better way to do it, although both get the same results.
trn
May 14, 2018, 7:20am
12
Hello DaveG,
When I tried in Fixlet Debugger in Local Evaluator
It shows “relevance clauses must be surrounded by { and } guards”
If I pare that back to
q: component string of sid of security account(SID of logged on user as string)
in a QnA tab in the debugger I get a Windows error 0x522
Changing it to
(component string of sid of security account (names of logged on users))
gives me my SID
Substituting that back into your action script gives
parameter "sid" = "{component string of sid of security account (names of logged on users)}"
which works - but it is plural (because you can have multiple logged on users.
For the singular locally logged on user use
parameter "sid" = "{component string of sid of security account (names of current user)}"
1 Like
My QnA Shows SID Perfectly …
My Action Script. always shows this error. Even it worked in QNA
You’re retrieving sid of logged on user but then switch to name of current user.
Is sid of current user a property you could try instead (I don’t have a console handy)?
1 Like
Thanks @JasonWalker , @trn , @DaveG & @jkj1962
For Responding…
Thanks A Lot…
