Registry Modification don't work

rweiss · August 30, 2016, 2:42pm

Hello everyone,

I’ve tried to add to a remote desktop 2 Desktop-Icons (Computer & Network)
I’ve tried with a .bat or with a .reg file or directy with Bigfix script but nothing work… It’s working with Fixlet Debug tool in my Computer but not remotely with a Fixlet…
wit Reg file I’ve tried this command :
wait regedit /s REGfile.reg or waithidden cmd.exe /C "regedit /s “REGfile.reg”
**My REGfile.reg contains this : **

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=dword:00000000
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=dword:00000000

with Batch file : run BatchFile.bat as administrator or waithidden cmd.exe /C “BatchFile.bat”
**My BatchFile.bat contains this : **
REG ADD “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel” /v “{20D04FE0-3AEA-1069-A2D8-08002B30309D}” /t REG_DWORD /d 0 /f
REG ADD “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel” /v “{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}” /t REG_DWORD /d 0 /f

and the last one , thought BIG FIX Script, I’ve tried this one:
regset “[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]” “{{20D04FE0-3AEA-1069-A2D8-08002B30309D}”=dword:00000000
regset “[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]” “{{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}”=dword:00000000

How can I do to make this work on a remote computer ?
And if I launch the .bat or the .reg files direct on the computer, it’s worrking fine…

Thanks for help

rweiss · August 30, 2016, 2:55pm

More infos :
UAC deactivated
FIREWALL deactivated
and the registry key is not modified.

Aram · August 30, 2016, 3:32pm

I believe the challenge you are facing here has to do with the fact that you are trying to modify keys under HKEY_CURRENT_USER. Since the BigFix Client process runs as Local SYSTEM, the user context is different.

Please see the following technote for some information and suggestions on how to approach this:
http://www-01.ibm.com/support/docview.wss?uid=swg21505908

There are a lot of other posts on the forum related to this that might help to explore as well, such as:

mjohnson2469 · August 30, 2016, 3:40pm

Once caveat is that when you use the action script I provided in that post it will make the change in ALL USERS that have profiles on the device. As of now, I don’t have a way to limit to the logged on user.

rweiss · August 30, 2016, 3:55pm

OK, thanks for reply !

I will try this and will come back later if I can’t make it work

Thanks

rweiss · September 1, 2016, 3:59pm

Hello,

I’ve used the code from the post you give me but it doesn’t work with a key who have braces. And for the Desktop Icon or Network Icon the Registry key is {20D04FE0-3AEA-1069-A2D8-08002B30309D} and {F02C1A0D-BE21-4350-88B0-7367FC96EF3C}

delete __appendfile
appendfile {concatenation “%0d%0a” of ("reg add %22HKEY_USERS" & it & “\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel%22 /v %22{20D04FE0-3AEA-1069-A2D8-08002B30309D}%22 /t REG_DWORD /d 00000000 /f”) of names of keys of key “HKEY_USERS” of registry}
delete delreg.bat
move __appendfile delreg.bat
waithidden delreg.bat

Thx

jgstew · September 14, 2016, 12:04am

You have to escape the } or { braces in actionscript because otherwise they are used for relevance substitution.

You can add an extra at the beginning or the end and I don’t remember when one works better than the other, so you just make it {{blah} or {blah}}

You could also do something like { "{" } which is a bit more complicated, but should also work.

rweiss · September 20, 2016, 1:24pm

Thanks for you reply ! I have used RunAsCurrentUser.exe and It was working fine.

I tried what You Said with the 2 braces at end like {blah}} and it work fine too !

I have seen that sometimes the 2 braces must be at beginninb for some reason and other times it must be at the end… Don’t know why

Thanks a lot jgstew

ciao

rweiss · September 20, 2016, 2:13pm

Owww… I have an other question : Do you have any Idea how to delete a registry data with this syntax ?

Thanks ^^

JasonWalker · September 20, 2016, 5:09pm

The short version:

If you are not in a Relevance Substition, and you want to begin one, use a single open curly like appendfile {computer name}
If you are not in a Relevance Substition, and you do not want to begin one, use two open curly like appendfile {{20D04FE0-3AEA-1069-A2D8-08002B30309D}. Because we didn’t actually open a Relevance Substition, the close curly is a literal character and nothing special.
If you are in a Relevance Substition and want to close it, use a single close curly like appendfile {computer name}
If you are in a Relevance Substition and do not want to close it, use two close curly like appendfile {value "DisplayVersion" of keys "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{20D04FE0-3AEA-1069-A2D8-08002B30309D}}" as string}. Because we are inside a Relevance Substition, the open curly of the GUID is just part of the relevance string, but we need the close curly of the GUID to not end the Relevance.