Detecting Enable / Disable status of Windows Components

system · December 29, 2010, 9:09pm

(imported topic written by sawozny91)

Hello BigFix gurus,

I’m not entirely certain if this is the right forum for this question, so if I have it wrong, please let me know where I should post this.

I won’t go into infinite detail on why I’m in this position, but basically I need to find all servers in my deployment where the Windows Component “Update Root Certificates” is enabled. The only way I’ve been able to find this data is to log in to each server, lanuch Add/Remove Programs, choose Add/Remove Windows Components and look which isn’t terribly efficient. This would be a great use for BigFix and if I could find anything in the registry or under Installed Applications that would indicate the state of this component I could test for relevance in my own custom criteria and I’d have the data I need, but I can’t find this anywhere.

Does anyone know how to test for enabled / disabled state of a Windows Component in BigFix?

Thanks,

Scott

Noah · December 29, 2010, 10:39pm

(imported comment written by NoahSalzman)

Didn’t know how to do this myself… but I did a little searching and it looks like you can read this key (at least on Windows Server 2003, YMMV):

q: (value “rootautoupdate” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OC Manager\Subcomponents” of registry) = 1

A: True

You get a 1 when “Update Root Certificates” is enabled and a 0 when it is disabled. If you need to automate an install you are going to have to mess with .inf files and sysocmgr.exe. Search for “unattended” on this page:

http://technet.microsoft.com/en-us/library/cc738920(WS.10).aspx

system · December 30, 2010, 6:33pm

(imported comment written by sawozny91)

Thank very much, Noah! Just added a custom property for that key and it works like a charm.

Scott