I am trying to delete a specific registry key under HKCU. I don’t want to use RunAsCurrentUser as I’ve used the following action script before:
delete __appendfile
appendfile {concatenation "%0d%0a" of ("reg add %22HKEY_USERS\" & it & "\Software\Microsoft\Windows\CurrentVersion\Internet Settings%22 /v %22SecureProtocols%22 /t REG_DWORD /d 00000a80 /f") of names of keys of key "HKEY_USERS" of registry}
delete delreg.bat
move __appendfile delreg.bat
waithidden delreg.bat
Now if I run just the relevance (concatenation "%0d%0a" of ("reg add %22HKEY_USERS\" & it & "\Software\Microsoft\Windows\CurrentVersion\Internet Settings%22 /v %22SecureProtocols%22 /t REG_DWORD /d 00000a80 /f") of names of keys of key "HKEY_USERS" of registry) it will return a long string of the REG DELETE command for each entry, but it doesn’t inser LFs it simply shows a literal presentation of %0d%0a.
With 9.2 I’ve heard we can use commands such as “of current user keys or registry” but I am not familiar with the context, and my attempts have failed.
Would someone please be willing to provide a more efficent way to deleting a registry key in HKCU of the current user?
This is only in the debugger, it does return LF correctly when put into the file.
Did you check the contents of the file?
Also, don’t italicize everything. Select the text and hit the </> button instead.
If you want to make sure that the value is always set, or always deleted for all users, then you should use LocalGPO instead. That is the best method to handle HKCU.
If you just want to delete or set a value once, but let the user change it after, then what you describe is a good method, but ideally you’d only attempt to change the user keys that have the value that needs deleted, rather than all user hives.
Somehow I knew you were going to be the first to respond jgstew
I know GPO would be a better choice for some items. but the process of implementing GPO changes in our environment is very cumbersome, and we’re just looking to fix those who need remediation. The majority of them are already correct.
I used a sample key to show my example. That said, I did find the issues involved, they were:
Don’t trust the debugger! - It doesn’t show the results correctly (as you pointed out)
When dealing with a RegKey with a curly bracket in it you most escape the relevance clause (add another } to the end of your relevance clause)
I’ll also watch my formatting in the future. I honestly thought I only encapsulated the code.
Now I’ve tested the output, and the process should work from the console. Another BigFix mystery solved.
You misunderstand me. I was not suggesting that you use Network/AD GPO. I was suggesting you use Local GPO deployed by BigFix.
I do not actually like using AD GPO in most cases because it is so cumbersome and problematic when you have multiple ADs and machines not on AD at all.
You can deploy local GPO through BigFix. If there is a conflicting Network/AD GPO then it takes precedence, which is exactly what I want to happen. This allows you to transition to GPOs deployed through BigFix slowly without consequence.
I’m working on something similar but the script does not seem to be working on w2008r2 servers. Its only removes the current logged on user reg key. Tested on w7 box and tested ok. Is there any suggestion for the script to work on servers?
