Registry Value with DWORD

Hello everyone,

Attempting to get a value from the registry, however I believe the fact that it’s a DWORD is tripping me up.

I tried using the examples from this thread,“If-then-else reg_dword” however I keep getting “singular expressions refers to non existent object”

I first tried this

value “BOH_Service” of key “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList” of registry

However since the value is DWORD I changed it up to

exist value “BOH_Service” whose (it = hexadecimal integer(“1”)) of key > “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList” of registry

exist value “BOH_Service” whose (it as integer = 0) of key “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList” of registry

Bother of these failed with a “singular expression refers to non existent object”

The key path and name is correct.

Feel like i’m missing something simple here…

Never mind… someone at my work already made something for this.

exists key whose (name of it = “UserList” AND value “BOH_Service” of it as string as version = “1”) of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts” of native registry

Great. Did you understand the issue?

The BigFix Client is a 32-bit application, and by default it’s subject to the Wow6432 redirection (HKLM\Software -> HKLM\Software\Wow6432Node, \Windows\System32 -> \Windows\SysWOW64, and \Program Files -> \Program Files (x86))

If you look for a property “of registry”, by default that uses the 32-bit redirected path; so when you query for key "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts" of registry, it actually gets redirected to “HKLM\Software\ Wow3264Node \Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts”

Change the query to “of native registry” tells the client to bypass the 32-bit redirection and look at the real registry path.

Likewise, there are objects for “native system folder”, “x32 system folder”, and “x64 system folder” to specify whether to look at the “real” \Windows\System32 folder vs the redirected \Windows\SysWOW64, and “native program files folder”, “x32 program files folder” and “x64 program files folder” to do the same for C:\Program Files vs C:\Program Files (x86).

In Action Script, you should use the directive
action uses wow64 redirection false
when you need to run the native 64-bit executables for things like “cmd.exe”, “cscript.exe”, “powershell.exe”, etc.