How to modify "Windows Registry" trhow BigFix

Hello All,

I’ve created a Powershell (PS) script to modifiy regedit records on Windows. Here is an example:

$rg = “HKLM:\SOFTWARE\Candle\KOQ\610\PRIVICHOF1\Environment”
$Name = “CT_CMSLIST”
$value = "IP.PIPE:#9.8.8.2"
New-ItemProperty -Path $rg -Name $name -Value $value -PropertyType String -Force | out-null

This PS script works well when I executed it locally. However, if I send it as a “Task” nothing happens

Here is the Task:

// Enter your action script here
delete "c:\Windows\Temp\inn_Update_Registry.ps1"
delete “c:\Windows\Temp\inn_Update_Registry.bat”

prefetch inn_Update_Registry.ps1 sha1:07c02cb387e13f515a087fb0cbdedb3867545686 size:644 http://x.x.x.x:52311/bfmirror/downloads/ActiveDownloads/Scripts/inn_Update_Registry.ps1

move __Download\inn_Update_Registry.ps1 “c:\Windows\Temp\inn_Update_Registry.ps1”

createfile until end
@echo off
powershell -ExecutionPolicy Bypass -Windowstyle hidden -file c:\Windows\Temp\inn_Update_Registry.ps1
end

move __createfile "C:\Windows\temp\inn_Update_Registry.bat"
waithidden “C:\Windows\temp\inn_Update_Registry.bat”

Could you tell me if you have this issue?

PD: The task completes without error. Also, the script needs to be in Powershell because later it will be modified to do a loop for searching records and change their values.

Regards

José Osorio R.

Remember we are running as a 32 bit process so it might be updating the Wow6432Node of the Software hive.

You could also use the native commands for manipulating the registry https://developer.bigfix.com/action-script/reference/registry/

Helo AlanM,

It’s not working (there is no registry key on Wow6432Node also)

I won’t use “native commands” because i need the script to do “for earch” methods based on some queries (something that action script can’t do).

it seems that scritpts on Powershell to modify “registry” settings on windows don’t work through bigfix.

Any ideas?

Regards

José Osorio R.

We’ve seen Powershell work from Bigfix before, so there must be a way. I think @AlanM is right with the wow64 observation.

In Powershell, what happens if the registry parent key doesn’t exist (which it will not, as it is redirected to wow6432node)?

Try out the 32-bit Powershell from \windows\syswow64\powershell.exe manually and check the result. If that also fails, change the action script to run in 64-bit mode by using
action uses wow64 redirection false
anywhere before you execute the waithidden command.

you might also try
waithidden cmd.exe /c "C:\Windows\temp\inn_Update_Registry.bat"

Also, you should ensure the files do not already exist in c:\windows\temp, by deleting them before the move statements.

Hi Jason,

Thanks for your help.

It’s quite strange. As i said it works well when i executed on powershell console.

I figure it out how to make it to work using “DoS Comands” on the powershell script:

$key32 = Invoke-Expression "reg query HKLM\SOFTWARE\Candle\KOQ\610\$itcam\Environment /v CT_CMSLIST" 2>&1
$key64 = Invoke-Expression "reg query HKLM\SOFTWARE\Candle\KOQ\610\$itcam\Environment /v CT_CMSLIST /reg:64" 2>&1

if someone needs the script, contact me @ josorior@pe.ibm.com

Regards

Jose Osorio R.