Remove a Registry Key
-
hmm, sadly REGED doesn’t seem to like it.
The error:
import_reg: WARNING: found key <-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments> not matching prefix <HKEY_LOCAL_MACHINE\SOFTWARE> Customer.Script: Line 24: 17695 Aborted reged -C SOFTWARE -I HKEY_LOCAL_MACHINE\\SOFTWARE $RegKey
The code:
mkdir /WinC #create folder to mount C dir to ntfs-3g -o -force,rw /dev/mmcblk0p3 /WinC #mount windows disk cd /WinC/Windows/System32/config #here is where the registry is kept RegKey="RemoveElements.reg" #file that will remove a regkey touch $RegKey echo "Windows Registry Editor Version 5.00" >> $RegKey echo "[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments]" >> $RegKey #notice: The - in front of "HKEY..." is to remove the entry. reged -C SOFTWARE -I HKEY_LOCAL_MACHINE\\SOFTWARE $RegKey #change the registry (notice the \\ instead of \) rm $RegKey umount -l /WinC
Is there something I’m doing wrong? Importing a key this way does work
also: importing this key in Windows does also remove the key; so this might be a REGED related issue?– On another note:
How can I stop the Script execution and intervene in FOS? (if at all possible), this image takes > 60 minutes to deploy; making troubleshooting quite the struggle -
I know this method works, I have used it in the past. I would start by troubleshooting the script on a client machine that is already imaged, tweaking the script to work, then leaving the script in the drive someplace and calling it through a snapin or some how (first time log in, (There is a registry value for the default user hive that is labeled as “run once” you could try including your script in the user hive))
just a quick question, in your reg file you didn’t write the code like this did you? “<-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Elements>”
not < >.you can probably still use your script above, but you will need to look at the reg file. The easiest way to solve this is to export the reg key from another machine and edit the .reg file by adding the
-
after the first bracket[
Deleting Registry Keys and Values
To delete a registry key with a .reg file, put a hyphen (-) in front of the RegistryPath in the .reg file. For example, to delete the Test subkey from the following registry key:
HKEY_LOCAL_MACHINE\Software
put a hyphen in front of the following registry key in the .reg file:
HKEY_LOCAL_MACHINE\Software\Test
The following example has a .reg file that can perform this task.
[-HKEY_LOCAL_MACHINE\Software\Test]
To delete a registry value with a .reg file, put a hyphen (-) after the equals sign following the DataItemName in the .reg file. For example, to delete the TestValue registry value from the following registry key:
HKEY_LOCAL_MACHINE\Software\Test
put a hyphen after the “TestValue”= in the .reg file. The following example has a .reg file that can perform this task.
HKEY_LOCAL_MACHINE\Software\Test
"TestValue"=-
To create the .reg file, use Regedit.exe to export the registry key that you want to delete, and then use Notepad to edit the .reg file and insert the hyphen. -
The RegKey works perfect in Windows, it appears that the REGED program in FogOS is the one having issues with the notation.
I was looking for any documentation on the subject, but Google refuses to think that I really do not wish results for REGEDIT, but for REGED.That is why I wanted to boot to FogOS without actually deploying an image, so I could actually try to find a manual for REGED
-
@abos_systemax OHH, okay, I get you! sorry for the misunderstanding there.
I don’t have any experience with this yet, but I will get to
playing“working” and see if I can’t figure something out in my free time! -
Hello everybody,
I made a .bat file to delete a registry key.
I use it in a snappin with Batch Script but it does not work, I have an error code 1reg delete "HKLM\SOFTWARE\TightVNC" /f
Someone can help me please ?!
Thanks you
-
@maouu Does the key actually exist on the machine?
The error code you received is from the reg delete command itself. If the command runs it only returns two codes.
0 = Success
1 = FailureThere isn’t any information as to why there would be an error so I’m just guessing the key simply doesn’t exist on the machine the snapin is running on.
-
Yes the key exist !
Does FOG have system rights to delete a registry key?How can I use the .reg file to delete the key ?!
Thanks
-
@maouu The FOG Client runs as the SYSTEM user, so yes, it has systems rights to delete a registry key, I would think.
Are you sure that is the location of the key, or is it in HKLM\SOFTWARE\WOW6432Node\TightVNC
I’m not questioning your expertise, but the information would seem to indicate something else.
I suppose you could create the reg, create a batch script to load/run the reg key, and use a “snapinpack” to run on the machine.
There’s too many things to think about here though.
-
@maouu said in Remove a Registry Key:
How can I use the .reg file to delete the key ?!
regedit.exe /s "mykey.reg"
Then in your mykey.reg file you need this syntax with all of the other normal prefix settings
[-HKEY_LOCAL_MACHINE\SOFTWARE\TightVNC]
Also know that the short name
hklm
may not be what reg is looking for, you may need the full name there. I have not tried it only offering a suggestion. The FOG Client/snapins run as SYSTEM so it should have full access to the registry even with UAC enabled. -
@Tom-Elliott said in Remove a Registry Key:
Are you sure that is the location of the key, or is it in HKLM\SOFTWARE\WOW6432Node\TightVNC
Oh yeah, depending on what version of VNC is installed (32 or 64 bit) the key path will be different. Good catch on that Tom.
-
@george1421 Thanks, I’ll already test with the full name but it’s same issues.
I’m on W10 64bits system
I’ll test with: regedit.exe /s “mykey.reg”@Tom-Elliott Thanks you too but my registry key is in HKLM\SOFTWARE\TightVNC
On HKLM\SOFTWARE\WOW6432Node\ i’ve nothingThanks you
-
@maouu Can you run the reg delete from the command line as is?
-
@Tom-Elliott Yes it’s work perfectly ^^
-
@maouu said in Remove a Registry Key:
On HKLM\SOFTWARE\WOW6432Node\ i’ve nothing
FWIW then you have the 64 bit version of tightvnc installed otherwise this key would be populated.
-
@Tom-Elliott It work from the commande line but when i made a snappin it’s not work.
I have a code 0 but my registry key is not update…My snappin :
regedit.exe /s “http://192.168.1.6/fog/package/FOG/Key_TightVNC.reg”My key.reg :
[HKEY_LOCAL_MACHINE\SOFTWARE\TightVNC]
[HKEY_LOCAL_MACHINE\SOFTWARE\TightVNC\Server]
“ExtraPorts”=“”
“QueryTimeout”=dword:0000001e
“QueryAcceptOnTimeout”=dword:00000001
“LocalInputPriorityTimeout”=dword:00000003
“LocalInputPriority”=dword:00000000
“BlockRemoteInput”=dword:00000000
“BlockLocalInput”=dword:00000000
“IpAccessControl”=“192.168.2.0-192.168.2.255:2,192.168.3.0-192.168.3.255:2,192.168.4.0-192.168.4.255:2,192.168.7.0-192.168.7.255:2,192.168.8.0-192.168.8.255:2”
“RfbPort”=dword:0000170c
“HttpPort”=dword:000016a8
“DisconnectAction”=dword:00000000
“AcceptRfbConnections”=dword:00000001
“UseVncAuthentication”=dword:00000001
“UseControlAuthentication”=dword:00000001
“RepeatControlAuthentication”=dword:00000001
“LoopbackOnly”=dword:00000000
“AcceptHttpConnections”=dword:00000001
“LogLevel”=dword:00000000
“EnableFileTransfers”=dword:00000001
“RemoveWallpaper”=dword:00000001
“UseMirrorDriver”=dword:00000001
“EnableUrlParams”=dword:00000001
“Password”=hex:58,34,c1,bd,a2,5d,20,a0
“ControlPassword”=hex:62,77,1e,20,2d,c1,2a,b6
“AlwaysShared”=dword:00000000
“NeverShared”=dword:00000000
“DisconnectClients”=dword:00000001
“PollingInterval”=dword:000003e8
“AllowLoopback”=dword:00000000
“VideoRecognitionInterval”=dword:00000bb8
“GrabTransparentWindows”=dword:00000001
“SaveLogToAllUsersPath”=dword:00000000
“RunControlInterface”=dword:00000001
“IdleTimeout”=dword:00000000
“VideoClasses”=“”
“VideoRects”=“” -
@maouu I know tightvnc, so I’m going to ask what is your goal here. Do you want to preset these values using regedit? If so there is a different way to go about this that we use.
-
@george1421 At the beginning I just wanted to make a script to uninstall VNC completely and cleanly so I could reinstall it with the right settings on my computer park.
I realized that just by editing the registry [HKEY_LOCAL_MACHINE \ SOFTWARE \ TightVNC \ Server] it worked.I want to add the following elements:
“IpAccessControl” = “192.168.2.0-192.168.2.255: 2,192.168.3.0-192.168.3.255: 2,192.168.4.0-192.168.4.255: 2,192.168.7.0-192.168.7.255: 2,192.168.8.0-192.168.8.255: 2”
“QueryTimeout” = dword: 0000001e
“QueryAcceptOnTimeout” = dword: 00000001
When I run my script:
regedit.exe / s “http://192.168.1.6/fog/package/FOG/Key_TightVNC.reg” I get a code 0 in Host Snapin History but the registry is not changed -
@maouu Here is how we deploy with PDQ Deploy (sorry I don’t use snapins but the install function is similar:
@Echo Off start /wait dfmirage-setup-2.0.301.exe /verysilent /norestart REM Hack to determine arch of this system IF EXIST C:\Windows\SysWOW64\diskpart.exe GOTO :x64 :x86 msiexec /i tightvnc-2.7.10-setup-32bit.msi /qn /norestart ADDLOCAL="Server" SERVER_REGISTER_AS_SERVICE=1 SERVER_ADD_FIREWALL_EXCEPTION=1 SERVER_ALLOW_SAS=1 SET_USEVNCAUTHENTICATION=1 VALUE_OF_USEVNCAUTHENTICATION=1 SET_PASSWORD=1 VALUE_OF_PASSWORD=<SetMe!!> SET_USECONTROLAUTHENTICATION=1 VALUE_OF_USECONTROLAUTHENTICATION=1 SET_CONTROLPASSWORD=1 VALUE_OF_CONTROLPASSWORD=<SetMe2!!> SET_IPACCESSCONTROL=1 VALUE_OF_IPACCESSCONTROL="192.168.0.0-192.168.255.255:2,0.0.0.0-192.167.255.255:1,192.169.0.0-255.255.255.255:1" SET_REMOVEWALLPAPER=1 VALUE_OF_REMOVEWALLPAPER=1 :x64 msiexec /i tightvnc-2.7.10-setup-64bit.msi /qn /norestart ADDLOCAL="Server" SERVER_REGISTER_AS_SERVICE=1 SERVER_ADD_FIREWALL_EXCEPTION=1 SERVER_ALLOW_SAS=1 SET_USEVNCAUTHENTICATION=1 VALUE_OF_USEVNCAUTHENTICATION=1 SET_PASSWORD=1 VALUE_OF_PASSWORD=<SetMe!!> SET_USECONTROLAUTHENTICATION=1 VALUE_OF_USECONTROLAUTHENTICATION=1 SET_CONTROLPASSWORD=1 VALUE_OF_CONTROLPASSWORD=<SetMe2!!> SET_IPACCESSCONTROL=1 VALUE_OF_IPACCESSCONTROL="192.168.0.0-192.168.255.255:2,0.0.0.0-192.167.255.255:1,192.169.0.0-255.255.255.255:1" SET_REMOVEWALLPAPER=1 VALUE_OF_REMOVEWALLPAPER=1 :Exit REM Install done, errors generated by msi will be reported to installer net stop "TightVNC Server" net start "TightVNC Server" rmdir /s /q "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC\"
I’m pretty sure if you reinstall with the new parameters they will overwrite what is in the registry. I know this ISN’T what you are looking for, but it works for us.