RunAsCurrent user

system · November 22, 2006, 11:13pm

I am trying to modify HKCU for some google toolbar settings.

download http://Server:52311/Uploads/4464429cb98506df286d1ce7a017a3d3ceabff16/big1F.tmp

continue if { (size of it = 574 and sha1 of it = “4464429cb98506df286d1ce7a017a3d3ceabff16”) of file “big1F.tmp” of folder “__Download”}

extract big1F.tmp

waithidden RunAsCurrentUser-1.1.exe regedit /s “{pathname of client folder of current site & “__Download\GT-buttons.reg”}”

I have uploaded RunAsCurrentUser-1.1.exe using BDE so this file exists in C:\Program Files\BigFix Enterprise\BES Client__BESData\MySIte

Thanks

system · November 22, 2006, 11:50pm

(imported comment written by jessewk)

Jr,

Can you tell us the symptoms you are experiencing? The action looks correct to me.

Is it possible the current user doesn’t have rights to modify the keys you are trying to modify?

Does the GT-Buttons.reg file appear in the __Download folder?

Have you tried running regedit without the /s so you can monitor any error messages?

system · November 26, 2006, 6:20pm

(imported comment written by jr6591)

The fixlet worked. I ran it on a user with admin rights and it was okay. Will this work on a user with no rights? We lock down our PC’s. If the fixlet is run via BF, shouldn’t that handle the admin rights and use the system account?

system · November 27, 2006, 8:17pm

(imported comment written by brolly3391)

Hello jr,

Yes, you appear to understand the system.

When you pass off control in action script to RunAsCurrentUser.exe, the target program will assume the security context of the user who is currently logged on. The program will assume the rights and restrictions of the currently logged on user both locally and network facing. If that user cannot modify that reg key then RunAsCurrentUser.exe will have the same restriction.

When you run something using a normal action script it will execute under the BES Client in the Local System security context. This context is privileged locally but unprivileged on the network. However, this process does not have the same visibility to some of the things that the CurrentUser has. HKCU is one of those examples.

Since you tested with a local admin logged on and your fixlet worked but with a user level account logged on it did not work that suggests that your user level account does not have the level of access required to make this change and so RunAsCurrentUser.exe will not work for you here.

Let’s take a step back. You want to modify some HKCU settings for a currently logged on user. There is a way to do this. First check out this post about accessing HKCU via the BigFix Client: http://forum.bigfix.com/viewtopic.php?id=11

We can use that technique in an action script using relevance substitution combined with the appendfile/reg hack method. This way you are still running under the coveted Local System security context while retaining the ability to touch the current user registry hive via the HKU hive. You might add in some relevance to see if the button settings are set. I did not look up the actual settings you might be trying to manipulate. You should be able to substitute in your own reg keys and values.

Relevance

exists current user

Action

delete __appendfile

delete temp.reg

appendfile {“REGEDIT4”}

appendfile {""}

appendfile “Button1”=“setting”

appendfile “Button2”=“setting2”

copy __appendfile temp.reg

wait regedit /s temp.reg

delete __appendfile

delete temp.reg

Cheers,

Brolly

system · November 27, 2006, 8:40pm

(imported comment written by jr6591)

Thanks brolly. I will try you’re suggestion.

system · November 27, 2006, 10:58pm

(imported comment written by jr6591)

Brolly,

I tried this.

delete __appendfile

delete temp.reg

appendfile {“REGEDIT4”}

appendfile {""}

appendfile PageRankQueryParams"=dword:00000001

appendfile RbbsBreak"=dword:00000000

appendfile KillPopupCount"=dword:00000008

appendfile PopupBlockerIntroSeen"=dword:00000001

appendfile PreOfferDS"=dword:00000001

appendfile UpdateToast"=dword:00000001

appendfile SearchWithGoogleStats"=dword:00000001

appendfile AutoFillIntroSeen"=dword:00000001

appendfile BrowseByNameIntroSeen"=dword:00000001

appendfile UsageStatsEnabled"=dword:00000000

appendfile AutoLucky"=dword:00000001

appendfile HoverDictionary"=dword:00000000

appendfile PopupSound"=dword:00000001

appendfile PopupCountHide"=dword:00000000

appendfile Verbosity"=dword:00000001

appendfile WordFind"=dword:00000001

appendfile ButtonAutoFill"=dword:00000000

appendfile ButtonAutoLink"=dword:00000000

appendfile ButtonHighlight"=dword:00000001

appendfile ButtonNextPrevious"=dword:00000000

appendfile ButtonPageRank"=dword:00000000

appendfile ButtonPopupKiller"=dword:00000000

appendfile ButtonSendTo"=dword:00000000

appendfile ButtonSpellcheck"=dword:00000000

appendfile ButtonBookmarks"=dword:00000000

appendfile ButtonVote"=dword:00000000

appendfile ButtonTranslate"=dword:00000000

appendfile ButtonUp"=dword:00000000

appendfile Hidden"=dword:00000000

appendfile ButtonNewsSearch"=dword:00000000

copy __appendfile temp.reg

wait regedit /s temp.reg

delete __appendfile

delete temp.reg

I replaced you’re keys and entries for mine, but I assume I am incorrect in the format of the registry location. Google Toolbar has the Options settings in -

http://HKEY_CURRENT_USER\Software\Google\Google Toolbar\4.0\Options

Any ideas?

system · November 27, 2006, 11:01pm

(imported comment written by brolly3391)

jr,

Almost there. You are just missing an opening " on each appendfile in the values sections…

appendfile PageRankQueryParams"=dword:00000001

should be

appendfile “PageRankQueryParams”=dword:00000001

Cheers,

Brolly

system · November 27, 2006, 11:04pm

(imported comment written by jr6591)

One more thing. I just did a test using this.

Q: value “HoverDictionary” of key “Software\Google\Google Toolbar\4.0\Options” of (key whose ((it = name of current user as lowercase OR it starts with name of current user as lowercase & “@” ) of (it as string as lowercase) of value “Logon User Name” of key “Software\Microsoft\Windows\CurrentVersion\Explorer” of it) of key “HKEY_USERS” of registry)

E: Singular expression refers to nonexistent object.

Q: value “HoverDictionary” of key “Software\Google\Google Toolbar\4.0\Options” of (key “HKEY_CURRENT_USER” of registry)

A: 0

So, needless to say, its confusing.

system · November 28, 2006, 4:40am

(imported comment written by brolly3391)

jr,

I think this is related to the issues that you have been pursuing with Paul in the local admin accounts thread here:

http://forum.bigfix.com/viewtopic.php?id=30

It seems that there is something funky going on with the Current User inspector on your test system.

If Name of Current User is failing then the trick with the HKCU branch will fail as well as it relies on it.

Get to the bottom of that issue and your fixlet should start working as written.

Cheers,

Brolly

system · January 31, 2008, 8:52pm

(imported comment written by ErinC91)

Fantastic, this worked a treat for me. I copied and pasted the code from Jr’s 4th post on this page, adjusted the specifics to suit my own registry additions and added the missing quotes. et voila as they say

thanks