KB282402 Fixlet

system · February 12, 2014, 10:55pm

(imported topic written by Heath-TitanIT)

I am currently building a fixlet that will make the appropriate Registry fixes to the keys specified by the following KB article:

http://support.microsoft.com/kb/282402

I need the following Relevance to evaluate to False after my action script has run. However, even with the registry in place, it still evaluated to True on my test system:

not exist key “HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server” of registry

I am running this on my test machine directly, local debugger and local client give me the same answers. This always evaluate to True.

To make matters worse I have the following action script"

delete __createfile

delete c:\setup.reg

Createfile until end-reg-edit-commands

  REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

“MaxConnectionsPer1_0Server”=dword:0000000a

“MaxConnectionsPerServer”=dword:0000000a

end-reg-edit-commands

move __createfile c:\setup.reg

waithidden regedit.exe /s c:\setup.reg

When run on the test machine directly, this works fine, but when I run it through the fixlet on the server to the same test machine, no keys are generated.

This is my first post so if I have missed some information let me know!

Thanks all!

Noah · February 28, 2014, 3:19am

(imported comment written by NoahSalzman)

HKCU can be tricky. Please see this thread:

https://www.ibm.com/developerworks/community/forums/html/topic?id=77777777-0000-0000-0000-000014750206#77777777-0000-0000-0000-000014750214

jgstew · March 1, 2014, 7:26am

(imported comment written by jgstew)

If possible, it is always best to edit HKLM to enforce settings through BigFix / IEM. I’m not sure about in this case, but it could be worth a try to see if setting this in HKLM enforces the setting for all users.

The next best option is to create relevance / actionscript that will progressively iterate through all user registry hives and set the setting on all that do not have it set. ( it will take at least 15 min per user hive )

The last native option is to find the current user registry hive using relevance and edit it with the full path, but this method requires a logged on user and will affect that user and that user alone. For this method I recommend adding the relevance (exists current user)

In many cases using a GPO is an easier option in the case of an endpoint in BigFix / IEM as well as Active Directory to enforce user settings.