Simple registry key delete not working

(imported topic written by dlimanov)

Hello,

As a part of SCCM 2012 upgrade, I was asked to whack two registry keys. “Piece of cake!” said me, and was wrong. I used the following article:
http://www-01.ibm.com/support/docview.wss?uid=swg21506061
and created this very simple action:

delete __appendfile

delete sccm.reg

appendfile REGEDIT4

appendfile

appendfile [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CCMSetup]

appendfile [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS]

move __appendfile sccm.reg

waithidden regedit.exe -s sccm.reg

Running this in Relevance Debugger, I get the following “success”:

STATUS: Running action…

Command succeeded delete No ‘C:\Program Files (x86)\BigFix Enterprise\BES Client__appendfile’ exists to delete, no failure reported

Command succeeded delete No ‘C:\Program Files (x86)\BigFix Enterprise\BES Client\sccm.reg’ exists to delete, no failure reported

Command succeeded appendfile REGEDIT4

Command succeeded appendfile

Command succeeded appendfile [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CCMSetup]

Command succeeded appendfile [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS]

Command succeeded move __appendfile sccm.reg

Command started - wait regedit.exe -s sccm.reg

Command succeeded (Exit Code=0) wait regedit.exe -s sccm.reg

Command started - waithidden regedit.exe -s sccm.reg

Command succeeded (Exit Code=0) waithidden regedit.exe -s sccm.reg

— Result —

Evaluation completed successfully!

However, the key is still there. Running this as a fixlet completes successfully, but keys are not deleted. Importing the same reg file from the command line using regedit.exe -s sccm.reg deletes the keys just fine. BESClient service is running under Local System, and I’ve not had any issues with permissions installing software or patches with its current authority level. OS is Win7 x64 with UAC off.

Any thoughts? What am I missing here?

(imported comment written by jgstew)

Try using RegDelete64 instead: (assuming this is in the native registry of both 32bit and 64bit machines, the following will work for both)

regdelete64 “[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CCMSetup]”

regdelete64 “[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS]”

(imported comment written by jgstew)

If the registry keys are in the 32bit registry of a 64bit system & a 32bit system, then instead use the following:

regdelete “[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CCMSetup]”

regdelete “[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS]”

(imported comment written by d.limanov)

Hi jgstew,

Thank you for replying. Can regdelete (and its 64 variant) delete keys? My understanding that it can only delete values, not the actual keys, and when running this in Debugger, I get the following:

STATUS: Running action…

Command failed (Missing key or data) regdelete64 “[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CCMSetup]”

— Result —

Evaluation failed!

(imported comment written by jgstew)

I do use it to delete keys, not just values. If that did not work, then try this:

regdelete “[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CCMSetup]”

or maybe I have a syntax error? not sure.

(imported comment written by d.limanov)

Same with regdelete.

STATUS: Running action…

Command failed (Missing key or data) regdelete “[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CCMSetup]”

— Result —

Evaluation failed!

Maybe Fixlet Debugger can’t run this command? I know there are some commands that only work in a client, and not in debugger… Are you able to run this in your debugger?

(imported comment written by jgstew)

Let me give it a try. This does normally work in the debugger.

(imported comment written by jgstew)

I guess you’re correct, you can only delete values, not keys. I did not realize this limitation, seems like there should be a regdeletekey & regdeletekey64

From the documentation:

In order to delete a non-empty registry key and all its sub-keys, you need to create a file, say del.reg, that looks like this:

REGEDIT4
[-HKEY_CURRENT_USER\keep\removethisandbelow]

There should be three lines in this file: the last line must be a blank. Note the dash (-) in front of the registry path.

Now you can execute an action like this:

regedit /s del.reg

When this action is executed, the key named removethisandbelow, along with all its sub-keys, is deleted. You can use the
appendfile
command to build this .reg file.

(imported comment written by d.limanov)

Yep, and this was my original approach: do a reg file via appendfile and import it via regedit. However it doesn’t seem to work via TEM, but outside of TEM importing the same reg file works without any issues.

I have a support case open, so far with not much progress either…

(imported comment written by jgstew)

So back to the original issue, My guess is this is a 64bit system you are running this on, and it is not finding the keys to delete because it is using WOW64 redirection and is trying to delete these keys from the 32bit registry. You need to disable redirection first, then your original code should work.

(imported comment written by jgstew)

par
http://pic.dhe.ibm.com/infocenter/tivihelp/v26r1/index.jsp?topic=%2Fcom.ibm.tem.doc_8.2%2FPlatform%2FAction%2Fc_action_uses_wow64_redirection.html

// store filename in parameter

parameter “RegEditFileName” = “delSCCMkeys.reg”

// disable wow64 redirection if x64 OS

if{x64 of operating system}

action uses wow64 redirection false

endif

// remove existing files, if any

delete __appendfile

delete {parameter “RegEditFileName”}

// create regedit script

appendfile REGEDIT4

appendfile

appendfile [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CCMSetup]

appendfile [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS]

// rename file

move __appendfile {parameter “RegEditFileName”}

// edit the registry (delete keys)

waithidden regedit.exe -s {parameter “RegEditFileName”}

(imported comment written by d.limanov)

I just tried this with redirection true/false, and sadly in both cases registry keys are still there:

action uses wow64 redirection true

delete appendfile

delete sccm.reg

appendfile REGEDIT4

appendfile [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CCMSetup]

appendfile [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS]

appendfile

move __appendfile sccm.reg

wait regedit.exe -s sccm.reg

Hell, I’ve tried using regedt32.exe with Wow64 redirection disabled for good measure; nothing. This is the craziest simplest action I’ve been unable to do!

(imported comment written by jgstew)

Have you tried doing this through the console? Perhaps it is a permissions issue that the System Account / PSEXEC would get around?

(imported comment written by d.limanov)

Hi jgstew,

Amazingly enough, your code with parameters worked via TEM fixlet. Running the same code via Fixlet Debugger through PSExec under System (psexec.exe -s -i fixletdebugger.exe) does not do anything.

But at any rate, this seems to work when sent via TEM, and this gets it done for me. Thank you so much for your help!

P.S. Don’t know if you’re a TEM employee or not, but if you are, you guys might want to update the article that I referenced originally, to include the x64 redirection caveat. TEM support had no idea about this, and still have not responded with anything remotely resembling the solution you’ve provided.

(imported comment written by jgstew)

You’re very welcome, glad it worked.

I am not an IBM employee, just a BigFix/TEM/IEM user. You can follow my work here:
http://bigfix.me/user/jgstew

I would recommend filing an RFE with links to the documentation that needs updated as well as what needs changed and links to the correct stuff if possible. File RFE’s here:
http://www.ibm.com/developerworks/rfe/

I think you can still correct things on the IEM Wiki yourself if you want to do so. I have not tried editing it for a while.

I’m honestly not sure why one would work and another would not other than permissions if it is the same code. It is always a good idea to test things in the console if you hit a wall like this.

If you do file an RFE, post it here so I can take a look and vote on it.

Here is an example RFE:
http://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe&CR_ID=36037

(imported comment written by d.limanov)

I’ve sent this link to my support case, let’s see what they say. Maybe it’s a defect that requires some kind of a patch, I don’t know, but I’ll file RFE as soon as they respond back.

Thanks again for your help, much appreciate it!

(imported comment written by d.limanov)

RFE generated:
http://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe&CR_ID=43612

(imported comment written by 979050)

It works because of the final APPENDFILE with no content. That causes a write of a blank line - it is part of the spec for a .reg file, although additions seem to work OK without it.

(imported comment written by d.limanov)

Honestly, I’ve tried every single combination of APPENDFILE at the end, in the beginning and right after REGEDIT4. I’ve also tried MICROSOFT WINDOWS REGISTRY 5 instead of REGEDIT, none made any difference.

The issue, as jgstew identified, had nothing to do with the reg file itself (after all, the same reg file worked fine from a command line outside of TEM), but with wow64 redirection in TEM.

(imported comment written by d.limanov)

The original TEM article was updated to illustrate the issue and solution:

http://www-01.ibm.com/support/docview.wss?uid=swg21506061

jgstew for president!