Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

removing specific hkcu key for all users on boot


  • Please log in to reply
5 replies to this topic

#1 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,236 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:03:15 AM

Posted 18 January 2017 - 08:19 PM

I'm scripting an install of an application which needs a HKLM config key installed. Unfortunately on many machines the software has been run on an earlier version and there is a HKCU key that takes precedence.

 

What's the best way to remove all user keys that translate to the hkcu key, when the script runs on boot?

 

Thanks in advance.


Edited by TsVk!, 18 January 2017 - 10:05 PM.


BC AdBot (Login to Remove)

 


#2 x64

x64

  • Members
  • 352 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London UK
  • Local time:06:15 PM

Posted 21 January 2017 - 07:01 AM

I suppose it depends on whether the user accounts are local or domain (with roaming profiles etc), and some infrequent issues (custom ACLs set on the key) as to which avenues are available,. However to my mind anything other than running a script on user logon (rather than a script running on boot), or using group policy user preferences would be overly complicated.

 

The issue is that the user registry hives are not always mounted on the PC. A particular users HKCU key is in fact a link to a key (named as a SID) under HKEY_USERS onto which a users own registry hive is mounted when the user logs on (and probably unmounted when they log off). As such the users registry keys of logged off users are probably not directly available.In a local user scenario you could scrip mounting/unmounting hives and doing a point in time 'super cleanup' when your boot script runs by scripting the deletion of the key whilst each user hive was mouted, but that's a massive palava, and then what about domain acounts/roaming profiles etc??.

 

Therefore the best thing would be to either set script to run on user logon or by a schedued task running at user logon to delete the key, or (id on a domain) use group policy user preferences to remove the key (I think the group policy user prefs would be the cleanest solution - logon scripts are sooooo '90s!).

 

x64



#3 KingDavidlll

KingDavidlll

  • Members
  • 297 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:15 AM

Posted 22 January 2017 - 05:39 AM

Yeah, create the HKLM key as per usual for each computer. Then create a logon script that removes the HKCU whenever a user logs in.

If you can't create login scripts and just leave them there, then I guess writing a powershell script to do it for you. This link provides a decent way of doing it for logged in/non-logged in users (I didn't test but it looks like it should work in principle.
http://www.adminarsenal.com/admin-arsenal-blog/modifying-the-registry-users-powershell/

#4 TsVk!

TsVk!

    penguin farmer

  • Topic Starter

  • Members
  • 6,236 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:03:15 AM

Posted 22 January 2017 - 05:50 AM

Yeah, I ended up scripting powershell... I'll update the thread tomorrow with my code.



#5 JohnnyJammer

JohnnyJammer

  • Members
  • 1,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:03:15 AM

Posted 22 January 2017 - 07:40 PM

I still love and do most work in batch, love it and always will LOL.

Personally o would use a GPO if they ere all x64 bit machines but you need to rememebr about the wow6432node key and sub trees.

Something like @if %PROCESSOR_ARCHITECTURE% == AMD64 (blah blah) would do it.

Also being HKLM i would set the batch file to Machine so it wouldnt matter whos snug the pc.



#6 TsVk!

TsVk!

    penguin farmer

  • Topic Starter

  • Members
  • 6,236 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:03:15 AM

Posted 22 January 2017 - 10:06 PM

On further inspection I found it wasn't a HKCU key but a %username%\appdata\roaming\file that was causing the issue.

 

So I called a powershell script from my boot batch

SET ThisScriptsDirectory=%~dp0
SET PowerShellScriptPath=%ThisScriptsDirectory%MyPowerShellScript.ps1
PowerShell -NoProfile -ExecutionPolicy Bypass -Command "& '%PowerShellScriptPath%'";

then targeted the files with the powershell

Get-ChildItem -Path "C:\Users\*\AppData\Roaming\problem_folder1" | Foreach-Object {Remove-Item $_ -Force}
Get-ChildItem -Path "C:\Users\*\AppData\Roaming\problem_folder2" | Foreach-Object {Remove-Item $_ -Force}

The new HKLM entry then fetches the data I want from a server and puts it in place when the user logs in.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users