DisabledByDefault and if statements

Hello Everyone,

I am working on a script for disabling TLS 1.0. I have a powershell script that is working in the main (95% of machines). But some machines (5%) seem to show that this is run, but the powershell disable commands are skipped, which we think maybe down to the script not being signed and being rejected.

So I am looking to combine what we currently have (Powershell) with the native commands (regeset) for Bigfix.

The new fixlet, will try the Powershell command first, then the script checks if a value is present and if this is false run the regset commands.

I can get this check to work, but as soon as I try to wrap an if statement around it, it gives a false reading. Please can someone take a look and see where I am going wrong ?

Basic working check :-
(exists key “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client” whose (value “DisabledByDefault” of it as string = “1”)of registry)
Result = True

Trying with an if wrapped around the statement :-

if (exists key “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client” whose (value “DisabledByDefault” of it as string = “1”)of registry) then
folder create "C:\TRUE"
else
folder create "C:\FALSE"
endif

Result = allways is False

Any comments or help greatly appreciated
Many thanks
Paul

In ActionScript, relevance needs to be wrapped in curly braces

https://developer.bigfix.com/action-script/reference/flow-control/if-elseif-else-endif.html

Thanks trn for the info.
I have tried these 3 changes but they all evaluate to False within QnA Debugger. The last one errors, If I change the brackets () around value . Am I missing something ?

if {(exists key “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client” whose (value “DisabledByDefault” of it as string = “1”)of registry)} then
folder create "C:\TRUE"
else
folder create "C:\FALSE"
endif

if {exists key “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client” whose (value “DisabledByDefault” of it as string = “1”)of registry} then
folder create "C:\TRUE"
else
folder create "C:\FALSE"
endif

Many Thanks
Paul

The syntax of

if {exists key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client" whose (value "DisabledByDefault" of it as string = "1")of registry}
//	folder create "C:\TRUE"
else
//	folder create "C:\FALSE"
endif

is correct (I commented out the folder creation, because I do not like to create folders in the root of C:, but I can still see the execution path in the debugger)

Time for some debugging - run the following:

q: exists key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client" whose (value "DisabledByDefault" of it as string = "1")of registry

q: (name of it, it) of values of key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client" of registry
1 Like

Many Thanks Trn.

The first piece of code is working perfectly for me.

Very much appreciated. Thanks again
Paul