Get a value from the Registry and set as parameter, not working

ericmartcr 2022-05-20 19:39:46 UTC #1

Hello,

When I try to set a parameter as a registry value it’s empty, any idea why?

parameter “wallpaper” = “{values “WallPaper” of keys “HKEY_CURRENT_USER\Control Panel\Desktop” of registry}”

it works in the fixlet debugger but it does not work in the client.

any idea?

D.Dean 2022-05-20 20:28:05 UTC #2

parameter "wallpaper" = "{value whose (name of it is "WallPaper") of key "HKEY_CURRENT_USER\Control Panel\Desktop” of registry" }"

You may want to use a “continue if” to make sure the key exists before you run that.

continue if {exists (value "WallPaper" of keys "HKEY_CURRENT_USER\Control Panel\Desktop" of registry)}
parameter "wallpaper" = "{value whose (name of it is "WallPaper") of key "HKEY_CURRENT_USER\Control Panel\Desktop” of registry"}"

However, I think the issue you are having is the “HKEY_CURRENT_USER”, BigFix runs as the system user and would pull from the registry as the System User. This is why it works in the Fixlet Debugger and not the client. I am sure there are ways to pull the data you want but not that familiar with the process. There was a content post a month or so ago about this, you may want search for that.

Mike 2022-05-23 08:05:08 UTC #3

As @D.Dean pointed out, HKEY_CURRENT_USER works as expected using Fixlet Debugger since that is running under your user context and the BES Client runs under the System user which may or may not have this key. If a user is logged in then the registry hive for that user is also loaded and you can access it, just not as direct as this statement.

If you can post what the goal of this action is we may be able to assist in providing the relevance needed as there are a couple of different ways to do it.

ericmartcr 2022-05-23 15:57:23 UTC #4

You are right, I think it’s the issue when I run this as a system but I need to run it as the current user, I know how to run as the user when I use waithidden but I’m not sure how to run the fixlet as user instead of as a system, any idea?

Mike 2022-05-23 16:17:12 UTC #5

So without knowing more, you can use the following:

value "WallPaper" of key "Control Panel\Desktop" of user key of logged on user as string | ""

If there is more than 1 user logged in or no user is logged in then the result will be empty. I would put a test for this empty condition before using it.

Also, set the action criteria so that it only runs if a user is logged in. Personally, I would also add something like the following to the relevance:

(number of logged on users | 0) = 1

This way, you can ensure it will only run when a single user is logged in. There can be other ways of dealing with this condition but I would need to know what your doing with this to provide those options.

brolly33 2022-05-24 12:23:48 UTC #6

You can use the Override command in action script to have your action adopt the user’s security context, and current user hive.

https://developer.bigfix.com/action-script/reference/execution/override.html