Why

Content Authoring
1

(imported topic written by bearandy91)

I do it in debugger is OK,but I copy it to a fixlet and it return failed.

Do I miss something?

Action:

Createfile until end-reg-edit-commands

REGEDIT4

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

“DisallowRun”=dword:00000000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun

“1”=“notepad.exe”

“2”=“notepad.exe”

end-reg-edit-commands

delete setup.reg

move __createfile setup.reg

wait regedit /s setup.reg

Thanks for help!

2

(imported comment written by BenKus)

What is the failure?

Note that HKEY_CURRENT_USER will set the SYSTEM account’s current user rather than the logged in user’s current user.

Ben

3

(imported comment written by bearandy91)

Fixlet’s failed is just on the status.

I change to do a custom action. The status is completed, but the regset didn’t write into the registry.

bearandy

4

(imported comment written by bearandy91)

I try to take a simple regset custom action.

regset "

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

" “DisallowRun”=dword:00000000

The status showed completed. But DisallowRun didn’t add.

I don’t know why it runs perfect in debugger, but it doesn’t work in console.

5

(imported comment written by BenKus)

If you set this with the BigFix Agent, it will set it in the SYSTEM accounts current user branch (which is different from your current user branch).

Ben

6

(imported comment written by bearandy91)

Do you mean I can’t use HKEY_CURRENT_USER?

How could I do then?

7

(imported comment written by jeremylam)

KB Article:

How can I use runascurrentuser.exe to run commands?

8

(imported comment written by bearandy91)

Thanks for help

But I still don’t know how to solve my problem.

9

(imported comment written by SystemAdmin)

HKCU is equivalent to HKEY_USERS<the id of the current user>\

There are a few different ways to manipulate HKCU using actions outside of the debugger. It is important for any action doing this that you have the following relevance:

exists current user AND (1 = number of logged on users)​

or a variation of it, otherwise there is no single HKCU to manipulate.

One way to get the needed HKEY_USERS<the id of the current user>\ is the following:

(“HKEY_USERS” & (name of key whose (((it = name of current user as lowercase OR it starts with name of current user as lowercase & “@”) of (it as string as lowercase) of (if (name of operating system = “Win7” OR name of operating system = “WinVista”) then value “USERNAME” of key “Volatile Environment” of it else value “Logon User Name” of key “Software\Microsoft\Windows\CurrentVersion\Explorer” of it))) of key “HKEY_USERS” of registry))

10

(imported comment written by SystemAdmin)

regset “” “DisallowRun”=dword:00000000

11

(imported comment written by bearandy91)

Thanks for help!!

It works!

So the way change user to the computer’s current user and write into the HKCU. Right?

Thanks!

bearandy

12

(imported comment written by bearandy91)

I have another question:

I have a list for disallowrun. And could I change the “1”=“notepad.exe”

“2”=“notepad.exe”

to a test.txt file direct add all .exe list?

Then if I change the list and I just have to change the file instead changing the relevance.

13

(imported comment written by SystemAdmin)

bearandy

I have another question:

I have a list for disallowrun. And could I change the “1”=“notepad.exe”
“2”=“notepad.exe”

to a test.txt file direct add all .exe list?

Then if I change the list and I just have to change the file instead changing the relevance.

For future reference, the answer to this is here: http://forum.bigfix.com/viewtopic.php?id=9323

… Assuming that link works in the near future…