I try to create new properties for report the size inbox.dbx file for Outlook Express. The file located in C:\Documents and Settings{Current User}\Local Settings\Application Data\Identities{GUUID}\Microsoft\Outlook Express. I already create new properties and check it with fixlet debugger, but when I import on BES Console, it show not reported value. Maybe it’s because BigFix run on SYSTEM account.
The properties look like this:
((size of file (“C:\Documents and Settings” & (name of current user as string) & “\Local Settings\Application Data\Identities” & (name of keys of key “HKEY_CURRENT_USER\Identities” of registry) & “\Microsoft\Outlook Express\deleted items.dbx”))/ (1024 * 1024)) as string & “MB”
The problem is probably related to the fact the agent runs as the SYSTEM account and the HKCU branch is not the logged in user, but the SYSTEM account…
Try something like this:
((size of it /(1024*1024)) as string & " MB") of files (“Microsoft\Outlook Express\deleted items.dbx” of folders of folders “\Local Settings\Application Data\Identities” of folders of folders “C:\Documents and Settings”)
I have tried your relevance, but it shows nothing at relevance debugger and BES Console. Maybe because it lacks of two folder name; username and GUUID. I have tried other approach using HKU branch. But I’m still stuck for show result the GUUID number.
Q:value “Default User ID” of key “HKEY_USERS\S-1-5-21-206663291-2748077916-171281597-1005\Identities” of registry as string
A: {E49DBF85-48DC-42AF-8F45-2F48C0FEA9DE} -> GUUID that i want
so i try using this relevance:
Q:name of key whose ((it = name of current user as lowercase OR it starts with name of current user as lowercase & “@”) of (it as string as lowercase) of value “Logon User Name” of key “Software\Microsoft\Windows\CurrentVersion\Explorer” of it) of key “HKEY_USERS” of registry
A: S-1-5-21-206663291-2748077916-171281597-1005
but when i use this:
Q:value “Default User ID” of (key “HKEY_USERS”&(name of key whose ((it = name of current user as lowercase OR it starts with name of current user as lowercase & “@”) of (it as string as lowercase) of value “Logon User Name” of key “Software\Microsoft\Windows\CurrentVersion\Explorer” of it) of key “HKEY_USERS” of registry)&"\Identities" of registry) as string
I think it is easier to use the iterated folder approach… but I don’t have outlook express installed… can you let me the full path to one of these files and I can help fix my relevance…
My folder path for outlook express looks like this:
C:\Documents and Settings\Heru\Local Settings\Application Data\Identities{E49DBF85-48DC-42AF-8F45-2F48C0FEA9DE}\Microsoft\Outlook Express\inbox.dbx
Folder Heru is for current username, and {E49DBF85-48DC-42AF-8F45-2F48C0FEA9DE} is for GUUID, which means every machine has different value, but in same machine it always shows same value. By using my above relevance it can show the result of the value of GUUID. But it show error when combine the two relevance that I create. Please help me for this problem?
My earlier relevance had some issues… try this with the modified approach:
((size of it /(1024*1024)) as string & " MB") of files “inbox.dbx” of folders “Microsoft\Outlook Express” of folders of folders “Local Settings\Application Data\Identities” of folders of folders “C:\Documents and Settings”
Now it works. maybe it can be modified to see which file on that folder who has size that bigger than 1.5 GB, because on outlook express, if any of file size (.dbx) already bigger than 2 GB, outlook express will hang and we must manually delete that file.
Can you help me with that relevance to create that property?
(pathname of it, (size of it /(1024*1024)) as string & " MB") of files “inbox.dbx” of folders “Microsoft\Outlook Express” of folders of folders “Local Settings\Application Data\Identities” of folders of folders “C:\Documents and Settings”
How to retrieve this information from Registry, because the store folder in Outlook Express can be change to other drive or folder, so when user change to other than C:\Documents and Settings, the result will not return any value
The location for Outlook Express in Registry is :
HKEY_USERS\S-1-5-21-466040969-3019942160-365623475-13219\Identities{94A51D90-350B-49FA-A2A9-279F4A4EECDC}\Software\Microsoft\Outlook Express\5.0 Value name : Store Root
HKEY_USERS\S-1-5-21-466040969-3019942160-365623475-1432367\Identities{141673D9-32B0-4C3F-A50E-E74895711457}\Software\Microsoft\Outlook Express\5.0 Value name : Store Root
HKEY_USERS\S-1-5-21-466040969-3019942160-365623475-1432367\Identities{A3A45CAE-7607-44A2-A476-E73E8B10435A}\Software\Microsoft\Outlook Express\5.0 Value name : Store Root
HKEY_USERS\S-1-5-21-466040969-3019942160-365623475-1468607\Identities{ECF1B1E7-46F9-4A2F-A50E-593F04455ACA}\Software\Microsoft\Outlook Express\5.0 Value name : Store Root
How to retrieve and check the existence of key Store Root, because not every branch has this registry key
To get the key for Outlook Express from Registry, I’m using :
((“HKEY_USERS” & it & “\Identities”) of (substrings separated by “” whose (it contains “S-1-5-21”) of (names of values of key “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\hivelist” of registry) whose (it contains “S-1-5-21” and it does not contain “Classes”)))
((value “Default User ID” of it) of keys ((“HKEY_USERS” & it & “\Identities”) of (substrings separated by “” whose (it contains “S-1-5-21”) of (names of values of key “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\hivelist” of registry) whose (it contains “S-1-5-21” and it does not contain “Classes”))) of registry as string)
It will return :
{5583FBDB-F8FB-42FB-AA1A-50B7CC6B9612}
{F215AD6F-567C-49A9-AC4D-5F8FECB11B3E}
The full key for Outlook Express is :
HKEY_USERS\S-1-5-21-466040969-3019942160-365623475-1521224\Identities{5583FBDB-F8FB-42FB-AA1A-50B7CC6B9612}\Software\Microsoft\Outlook Express\5.0 in the key Store Root
The question : is it possible to join the result of those 2 query and must check first if key Store Root exist, because not every user using Outlook Express