I’m having issues pulling the values from the HKEY_USERS*\Software\Microsoft\Office\15.0\Word\Security\Trusted Documents\TrustedRecords. Ideally we would like to build an analysis to pull the names and locations of macros enabled documents. I’ve been testing the following action in the fixlet debugger with no luck. Open to any suggestions.
if exists key “Software\Microsoft\Office\15.0\Word\Security\Trusted Documents\TrustRecords” of keys of key “HKEY_USERS” of registry then (names of it, it) of values of key “Software\Microsoft\Office\15.0\Word\Security\Trusted Documents\TrustRecords” of registry
I changed a few things here, please give this a try. I don’t have a computer handy to test though.
You can have plural results, so try if exists keys (the plural form), and also when retrieving the actual values it needs to be keys relative to HKEY_USERS, same as when checking existence…
if exists (keys “Software\Microsoft\Office\15.0\Word\Security\Trusted Documents\TrustRecords” of keys of key “HKEY_USERS” of registry) then (names of it, it) of values of keys “Software\Microsoft\Office\15.0\Word\Security\Trusted Documents\TrustRecords” of keys of key “HKEY_USERS” of registry
This will also only give results when there is a user logged on (HKEY_USERS registry hives are unloaded at logoff)
Jason’s relevance is giving an error because it uses if/then, which will require an else statement. Since you’re trying to report a tuple, an else statement for if the values don’t exist will have to match the types in the tuple. I don’t generally bother with that, so here’s a statement that just relies on plural relevance and should report no response if there’s nothing, and the tuple you’re looking for if there is.
(names of it, it) of values of keys "Software\Microsoft\Office\15.0\Word\Security\Trusted Documents\TrustRecords" of keys of keys "HKEY_USERS" of registry
