I am trying to create a task that will export all of HKLM in the Windows registry to a file with the current date. When it creates the file, instead of creating it as 23.02.2023_HKLM_Backup.reg.bak, it creates it as “((first 2 of it &”."& (last 3 of first 6 of it as month as two digits) &"."& last 4 of first 11 of it) of (last 17 of first 22 of (now as string)))_HKLM_Backup.reg.bak". Can someone enlighten me on how to modify this action so that it only puts the actual date into the file name?
// Define the backup directory
parameter “backup_directory” = “C:\RegistryBackups”
// Create the backup directory if it doesn’t already exist
if {not exist folder (parameter “backup_directory”)}
waithidden cmd /c "mkdir {(parameter “backup_directory”)}"
endif
// Define the date as a file name
parameter “datefilename” = “(((first 2 of it &”."& (last 3 of first 6 of it as month as two digits) &"."& last 4 of first 11 of it) of (last 17 of first 22 of (now as string)))"
// Define the filename for the backup
parameter “backup_filename” = “{parameter “datefilename”}_HKLM_Backup.reg.bak”
// Define the full path for the backup file
parameter “backup_filepath” = “{parameter “backup_directory”}{parameter “backup_filename”}”
// Define the command to export the registry to the backup file
parameter “export_command” = “reg export HKEY_LOCAL_MACHINE %22{parameter “backup_filepath”}%22 /y”
// Run the export command
waithidden cmd.exe /C “{parameter “export_command”}”
The ‘parameter’ statement isn’t using a relevance substitution - you need the curly brackets.
parameter “datefilename” = “(((first 2 of it &”."& (last 3 of first 6 of it as month as two digits) &"."& last 4 of first 11 of it) of (last 17 of first 22 of (now as string)))"
Should be
parameter “datefilename” = “{(((first 2 of it &”."& (last 3 of first 6 of it as month as two digits) &"."& last 4 of first 11 of it) of (last 17 of first 22 of (now as string)))}"
(Also some doublequotes that need to be fixed, but I can’t tell on my phone)
Then the relevance statement itself has a problem (likely because you’re casting now as string and then trying to pull months out of it? Or maybe parentheses?
First try it (without curly brackets) in the ‘Single Clause’ tab of Fixlet Debugger; then (with curly brackets) in the Action tab with the parameter statement
YES!!! That and the squiggly brackets makes it functional. Thanks!
Now I can complicate it a little more. I’ll post my final script here in case it is useful to someone else that wants to back up the registry before making some OS hardening changes.
// Define the backup directory
parameter “backup_directory” = “C:\RegistryBackups”
// Create the backup directory if it doesn’t already exist
if {not exist folder (parameter “backup_directory”)}
waithidden cmd /c "mkdir {(parameter “backup_directory”)}"
endif
// Define the date as a file name
parameter “datefilename” = “{((first 2 of it &”."& (last 3 of first 6 of it as month as two digits) &"."& last 4 of first 11 of it &"_"& first 2 of it &"."& last 2 of last 5 of it) of (last 17 of first 22 of (now as string)))}"
// Define the filename for the backup
parameter “backup_filename” = “{parameter “datefilename”}_HKLM_Backup.reg.bak”
// Define the full path for the backup file
parameter “backup_filepath” = “{parameter “backup_directory”}{parameter “backup_filename”}”
// Define the command to export the registry to the backup file
parameter “export_command” = “reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\ %22{parameter “backup_filepath”}%22 /y”
// Run the export command
waithidden cmd.exe /C “{parameter “export_command”}”
// Define the filename for the backup
parameter “backup_filename2” = “{parameter “datefilename”}_SSL_Backup.reg.bak”
// Define the full path for the backup file
parameter “backup_filepath2” = “{parameter “backup_directory”}{parameter “backup_filename2”}”
// Define the command to export the registry to the backup file
parameter “export_command2” = “reg export HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\ %22{parameter “backup_filepath2”}%22 /y”
// Run the export command
waithidden cmd.exe /C “{parameter “export_command2”}”
So that works wonderfully in Fixlet Debugger when run from ‘Action’.
Getting it to run as a fixlet appears to be a new challenge. I’m seeing (Exit Code=1) in the BES Client log, for both of the “waithidden cmd.exe…” commands in my action script. No files generated whatsoever.
If it take it down to only one “waithidden cmd.exe…” commands, it does not help
Back to the drawing board. Any suggestions are welcome.
Nevermind… I had some %22 entries in my script. Fixlet debugger overlooks them, but they fail when included with the command that BigFix executes. Removed them and I’m good to go.
