Fixlet to delete registry key - relevance issues

(imported topic written by routergirl91)

I’m trying to delete a registry key from a system, and failing, and I’m not sure why.

I ran this through the debugger and it worked perfectly against my system. I then used it and created a fixlet, but it never shows it’s relevant to any systems, although I am targeting another system I

know

has the key.

Relevance:

exists key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\43D9BCB568E039D073A74A71D8511F7476089CC3” of registry

Action:

For now the action is empty, since I’m debugging, but eventually it will be:

// clear previously used files

delete __appendfile

delete temp.reg

// create .reg file

appendfile REGEDIT4

appendfile

-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\43D9BCB568E039D073A74A71D8511F7476089CC3

move __appendfile temp.reg

// run .reg file

wait regedit -s temp.reg

Any suggestions? How do I get the fixlet to see the system with this registry key?

(imported comment written by routergirl91)

Oh, and for what it’s worth - I originally tried running it as a fixlet after confirming I had the key, and it said it wasn’t applicable to my system. Then I ran it from the debugger and it worked fine. Bizarre?

From debugger:

Q: exists key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\43D9BCB568E039D073A74A71D8511F7476089CC3” of registry

A: True

T: 0.049 ms

(imported comment written by NoahSalzman)

Is this a 64-bit system? Try that same expression with “of native registry” and “of x64 registry”

(imported comment written by routergirl91)

The system I’m targeting is not a 64 bit one. I tried native registry just in case, though, when I saw your post. It still shows “Not reported.” The weird thing is the client logs on that machine show it posting reports successfully, and if I click on “Send refresh” it updates almost right away.

(imported comment written by NoahSalzman)

First, very cool that you are going after that bogus certificate. It’s really criminal that we have to rely on such a fragile infrastructure to trust SSL-enabled sites.

Second… sounds like there is something simple that is wrong with the Fixlet. Can you try with a different reg key and different Fixlet just to troubleshoot?

(imported comment written by routergirl91)

Found the issue. It was a problem with the account the services were running as, not a problem with the fixlet itself.

Noah- Yeah, I only

just

finished the Tivoli content training, so it’s happening at a good time, I suppose. Had it been a month earlier I would have felt a bit more panicked. :slight_smile: