We are having some issues with old legacy WPAD registry entries under user registry location.
Just wondering if it is possible to create a fixlet to remove a registry key if there is a value in that key that contains a certain text?
I,E.- “HKEY_USERS\S-1-5-21-3745562329-1491854618-3635562980-47852\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad” contains a key with a GUID that is unique to each PC that then contains certain text.
I want to know if you can delete that unique GUID key if the text is there.
Also something I can’t seem to get around is the GUID for each user is different.
Can you have this search everything under “HKEY_USERS” and remove?
There is a way to do this using relevance but it can effect performance if there are lot of keys under the “HKEY_USERS” hive.
If you’re looking for the specific key, try this:
if exists keys whose (it contains "INSERT-GUID-HERE") of keys "Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad" of keys of key "HKEY_USERS" of registry then true else false
Don’t use the curly brackets when you replace my placeholder.
In your action script, you can use the same kind of statement but you can use the regdelete command to remove it. Note that your key should not have any values in it for the regdelete command to work. Otherwise you’ll need to create something on the fly to remove it.
Perfect thanks for that.
I can get the relevance working fine, however IEM dos not seem to be able to delete a registry key.
The command I use is: regdelete {keys whose (value “WpadDetectedUrl” of it as string contains “http://wolvapap01.as.valmont.com/wpad.dat”) of keys “Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad” of keys of key “HKEY_USERS” of registry}
In the client logs, the command is fine: Command succeeded regdelete HKEY_USERS\S-1-5-21-3745562329-1491854618-3635562980-37840\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad{A3DA29F8-D18C-4404-B1F4-4F11BCC94AF5} (action:13355)
However the key still exists… any idea?
In the Relevance, you need to use “of native registry” rather than “of registry”. BigFix is a 32-bit application, and by default its registry access is redirected like any other 32-bit application - to HKCU\Software\Wow6432Node.
In the Action Script, somewhere before your registry delete issue the command
Thanks JasonWalker.
The command still succeeds as it did before, however still does not remove the actual registry key.
It shows the command ran fine but nothing actually happens:
Just come into one more issue, that I thought you guys might be able to assist with…
Since the action script looks for keys whos value of “WpadDetectedUrl” = “TEXT”, there are issues with trying to remove off PC’s that it finds multiple entries, so the action script variable to delete contains multiple registry locations rather than just one.
Is there a way to have IEM stop after finding the first match?
For this kind of thing, the best bet would likely be the create a batch script on the fly based on the keys found. As I’m not sure of your request completely, here is an example of a batch file my script creates based off what versions of Office 2010 components is found by the action. This batch file is then run to uninstall them.
//Create a batch file that will uninstall all versions of Office 2010
if {exists names of keys whose (name of it contains "0FF1CE" AND exists value "DisplayName" whose (it as string contains "Microsoft" AND it as string contains "2010") of it) of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of registry}
appendfile {"msiexec /x " & concatenation "%0d%0amsiexec /x " of (names of keys whose (name of it contains "0FF1CE" AND exists value "DisplayName" whose (it as string contains "Microsoft" AND it as string contains "2010") of it) of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of registry)}
endif
You can use this kind of relevance construct to create your “regdelete” entries in an appendfile and run it as a batch script.