I am trying to determine if the console right-click options have been installed. I have the following relevance, but on Citrix systems with multiple users logged on it is returning “Singular Expression Refers to Nonexistent Object”.
not exists key ("HKEY_USERS\" & name of key whose (value "USERNAME" of key "Volatile Environment" of it as string as lowercase = name of logged on users as string as lowercase) of key "HKEY_USERS" of registry & "\Software\BigFix\Enterprise Console\Settings\ComputerListContextMenuExtensions") of registry
Also, I have tried the following relevance in the webui query, and it returns true, but not relevant when the fixlet is run.
not exists key "Software\BigFix\Enterprise Console\Settings\ComputerListContextMenuExtensions\Browse Computer" of current user keys (logged on users) of registry
Would it not be better to check for the existence of the parent key where the expect child key does not exist? I would expect user keys that do not have the “Enterprise Console\Settings” key would throw a non-existent object error.
Q: exists key "Software\BigFix\Enterprise Console\Settings" whose (not exists key "ComputerListContextMenuExtensions" of it) of current user keys (logged on users) of registry
A: True
T: 0.055 ms
I could see some edge-cases with each of those approaches.
If there is more than one logged-on user, and both have a “Software\BigFix\Enterprise Console\Settings\ComputerListContextMenuExtensions\Browse Computer”, you might get a “Singular expression refers to plural object” error.
If there is more than one logged-on user, and exactly one of them has the key, you might get a false-negative (fixlet returning False when only one of the logged-on users has the key present).
I would recommend starting instead from the user keys, and seeing whether any user keys exist where the extensions are missing…
q: exists current user keys (logged on users) of registry
A: True
T: 0.023 ms
q: pathnames of current user keys (logged on users) of registry
A: HKEY_USERS\S-1-5-21-123456789-123456789-123456789-10427
T: 0.017 ms
q: exists (current user keys (logged on users) of registry) whose (not exists keys "Software\BigFix\Enterprise Console\Settings\ComputerListContextMenuExtensions\Browse Computer" of it)
A: True
T: 0.023 ms
q: pathnames of (current user keys (logged on users) of registry) whose (not exists keys "Software\BigFix\Enterprise Console\Settings\ComputerListContextMenuExtensions\Browse Computer" of it)
A: HKEY_USERS\S-1-5-21-123456789-123456789-123456789-10427
T: 0.030 ms
In ActionScript, we could use the following in a createfile or appendfile command to build a batch file, containing the one or more REG commands we need to run to create the keys and values. Here’s the start of an example
q: concatenation "%0d%0a" of ("REG.EXE ADD %22" & it & "\Software\BigFix\Enterprise Console\Settings\ComputerListContextMenuExtensions\Browse Computer%22") of pathnames of (current user keys (logged on users) of registry) whose (not exists keys "Software\BigFix\Enterprise Console\Settings\ComputerListContextMenuExtensions\Browse Computer" of it)
A: REG ADD "HKEY_USERS\S-1-5-21-123456789-123456789-123456789-10427\Software\BigFix\Enterprise Console\Settings\ComputerListContextMenuExtensions\Browse Computer"
T: 0.174 ms
Oh Boy! This gets more complicated than I thought it would be. My current action script which follows does not work when multiple users are logged on. BESConsoleRightClickInstall.exe works from the Bigfix labs, but adding custom right-clicks is complicated. I will try the action code you suggest.
delete rightclick.reg
createfile until endoffile
Windows Registry Editor Version 5.00
[HKEY_USERS\{name of key whose (value "USERNAME" of key "Volatile Environment" of it as string as
lowercase = name of logged on user as string as lowercase) of key "HKEY_USERS" of
registry}\Software\BigFix\Enterprise Console\Settings\ComputerListContextMenuExtensions\Connect to C$]
"ShellCommandRelevance"="\"explorer \\\\\" & (value of property results whose (name of property of it =
\"DNS Name\" ) of current computer as string) & \"\\c$\""
"ComputerApplicabilityRelevance"="true"
"MaxComputerSetSize"=dword:00000005
"MenuDisplayName"="&Connect to C$"
endoffile
move __createfile rightclick.reg
override run
completion=job
hidden=true
run cmd.exe /C reg import rightclick.reg
Has anyone tried using reg.exe to add the following value to the registry?
“explorer \” & (value of property results whose (name of property of it = “Computer Name” ) of current computer as string) & “\c$”
Here is the correct answer. Use the registry export output to get all of the correct escape characters.
reg add “HKCU\Software\BigFix\Enterprise Console\Settings\ComputerListContextMenuExtensions\Connect to C$” /v “ShellCommandRelevance” /d ““explorer \\” & (value of property results whose (name of property of it = “DNS Name” ) of current computer as string) & “\c$””
Please be careful with this and ensure to add a safety check. There is the possibility that a computer does not have a DNS property value or could potentially contain shell-escaping content. In our environment, we require only ASCII alphanumeric/-/. characters so we add a ComputerApplicabilityRelevance value to any right-click menu entry that uses shell commands similar to this:
exists name whose (it is regex "^[a-zA-Z0-9\-\.]+$") of current computer
This ensures that the computer name does not contain any character that would cause an issue with the ShellCommandRelevance of:
"explorer.exe %22\\" & (name of current computer as uppercase) & "\c$%22"
Due diligence with these edge-cases is especially important since you will not see the full command before it is executed and (most likely) the user who would be triggering the command is logged into their desktop with elevated rights.