Registry file not running

(imported topic written by Boomer91)

Hello

My action script below runs with completed status for each line but does not actually run the .reg file. I have verified that this runs from the command prompt. The fixlet states that it completed although with a failed status.

The regedit4 file is a self extracting zip file.

// deletes the HKEY_LOCAL_MACHINE\Software\Bigfixtest key

begin prefetch block

add prefetch item name=regedit4.exe sha1=680b0bf79968c02140addff3205b6eead743111b size=121344 url=http://bigfixswrepo.xxx.xxx/sw/xxx/regedit4.exe

end prefetch block

copy “__download\regedit4.exe” “c:\windows\temp\regedit4.exe”

run cmd.exe /c c:\windows\temp\Regedit4.exe /auto c:\windows\temp

run cmd.exe /c c:\windows\temp\Regedit4.reg

Is there another way to do this? Why doesn’t Bigfix process a reg file from a command line? I have verified that the registry change was not made.

Thanks in advance.

Boomer

(imported comment written by NoahSalzman)

Assuming the .reg file is only working on the HKLM branch (and not HKCU), you might try:

waithidden regedit /s c:\windows\temp\Regedit4.reg

(imported comment written by Boomer91)

If found what the problem was. I needed to use the wait command so that the self extracting zipped exe file could finish extracting before running the reg file as below:

// deletes the HKEY_LOCAL_MACHINE\Software\Bigfixtest key

begin prefetch block

add prefetch item name=regedit4.exe sha1=680b0bf79968c02140addff3205b6eead743111b size=121344 url=http://bigfixswrepo.xxx.xxx/sw/xxx/regedit4.exe

end prefetch block

copy “__download\regedit4.exe” “c:\windows\temp\regedit4.exe”

wait cmd.exe /c c:\windows\temp\Regedit4.exe /auto c:\windows\temp

run cmd.exe /c c:\windows\temp\Regedit4.reg

Boomer

(imported comment written by Boomer91)

noah

Assuming the .reg file is only working on the HKLM branch (and not HKCU), you might try:

waithidden regedit /s c:\windows\temp\Regedit4.reg

Thanks Noah, this also worked after I changed the previous line to use wait instead of run.

Boomer

(imported comment written by SystemAdmin)

How can I use the same code, but against the HKCU?

(imported comment written by SY57_Jim_Montgomery)

If I’m not mistaken, the BigFix Agent runs as local system on the machine. That means that he runs in a security context that is different than the user who may be logged into the computer. The BigFix Agent has no access to current user hive per se.

Now, you may be aware that the HKCU hive is actually a pointer towards one of the keys inside HKey_Users. If you can figure out which user is currently logged in, you could probably modify the appropriate HKey_Users subkey to get the desired effect.

But the BigFix agent does not “see” the HKCU key, since he runs in a different context than who is logged in. He should have permissions to modify the HKey_User location though.

Hope this helps,

–Jim

(imported comment written by JackCoates91)

If you use the registry wizard and check the run as user button, it’ll give you an example you can follow for using the runascurrentuser tool. This presumes that a user is logged on, it won’t work if no one’s logged on.