Regedit execution on windows server 2008 r2

(imported topic written by SystemAdmin)

Hello,

I am trying to apply weak chipers fix for set of servers by creating a bigfix task, however it is failing to execute regedit action:

Completed delete temp.reg

Completed delete __createfile

Completed Createfile until end-reg-edit-commands

Completed Windows Registry Editor Version 5.00

Completed http://HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server

Completed “Enabled”=dword:00000000

Completed

Completed http://HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0\Server

Completed “Enabled”=dword:00000000

Completed

Completed HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 56/56

Completed “Enabled”=dword:00000000

Completed

Completed HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\NULL

Completed “Enabled”=dword:00000000

Completed

Completed HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 128/128

Completed “Enabled”=dword:00000000

Completed

Completed HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 40/128

Completed “Enabled”=dword:00000000

Completed

Completed HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 56/128

Completed “Enabled”=dword:00000000

Completed

Completed HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128

Completed “Enabled”=dword:ffffffff

Completed

Completed HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128

Completed “Enabled”=dword:00000000

Completed

Completed HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128

Completed “Enabled”=dword:00000000

Completed

Completed HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 64/128

Completed “Enabled”=dword:00000000

Completed

Completed HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168/168

Completed “Enabled”=dword:ffffffff

Completed end-reg-edit-commands

Completed move __createfile temp.reg

Failed wait regedit -s temp.reg

If I run created file manually it works.

Can you please help me to understand why command wait “regedit -s temp.reg” is failing and how to fix it?

(imported comment written by SystemAdmin)

It looks basically correct except for the “http://” on the first two key names?

Also generally it is better to put the key names in []

Such as:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 40/128

“Enabled”=dword:00000000

The only other issue is to make sure that the keys you are using this way are available to a 32 bit application (which means it is using wow64 redirection) but I believe your keys are OK here (see link below) and if they aren’t you have to use wow64 redirection actionscript.

http://msdn.microsoft.com/en-us/library/windows/desktop/aa384253(v=vs.85).aspx

Also not sure if there is a format difference, but every time I have used it I have started the file with “REGEDIT4” and not “Windows Registry Editor Version 5.00”

(imported comment written by SystemAdmin)

Sorry the example got changed by the wiki software

REGEDIT4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 40/128]
"Enabled"=dword:00000000

(imported comment written by SystemAdmin)

if I run a command from cmd:

regedit -s temp.reg

it works

via bigfix it does not.

(imported comment written by SystemAdmin)

If you post the actual actionscript it might be clearer

Again though, we are running as the user “SYSTEM” as a 32 bit application which may have different requirements or issues than the user you are running the script as.