I need to check whether the last user who used a PC is part of a list of specific users. I created a relevance using the “set of” but it doesn’t work for me.
In the registry key I have the following value:
Q: (value “LastLoggedOnUser” of keys “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI” of (x32 registry; x64 registry) as string as lowercase)
A: mydom\giorgio
I need to create a relevance that checks whether the content of the key contains one of the following values: “giorgio” or “stefano” or “paolo”.
The relevance I created is the following but it always comes back to me as false even if “giorgio” is in the registry key:
Q: (exists true whose (if true then (set of (“giorgio”;“stefano”;“paolo”) contains (value “LastLoggedOnUser” of keys “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI” of (x32 registry; x64 registry) as string as lowercase)) else false))
A: False
Can anyone help me?
Thank you
Giorgio
Try this -
exists value "LastLoggedOnUser" whose (it as string as lowercase contains "giorgio" as lowercase OR it as string as lowercase contains "stefano" as lowercase OR it as string as lowercase contains "paolo" as lowercase) of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI" of (x32 registry; x64 registry)
1 Like
Hi khuvara,
Thanks for the advice it works.
But how could I do it using the “set of” ?
The reason is that the relevance would be more readable because the list of users I have to check is long so it would be more convenient to have the:
set of (“one”;“two”;“three”;…;“ten”)
You should be able to do something like:
exists ((it as string) of value "LastLoggedOnUser" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI" of (x32 registry; x64 registry), set of (“one”;“two”;“three”;…;“ten”)) whose (item 0 of it is contained by item 1 of it)
1 Like
Hi Ageorgiev,
Thank you very much.
I made a few more changes to what you suggested. The correct relevance is as follows:
exists (((it) of (following text of first “\” of (value “LastLoggedOnUser” of keys “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI” of (x32 registry; x64 registry) as string as lowercase)), set of (“one”;“two”;“three”;“ten”))) whose (item 0 of it is contained by item 1 of it)
Thank you all
Giorgio
1 Like