Snapin Batch file stays in-progress
-
@Arjenbulkens said in Snapin Batch file stays in-progress:
The batchfile deletes a registry key
What is the base path for the key? (HKLM, HKCU,??)
-
@george1421 HKLM
-
@Arjenbulkens OK what is the command you are using inside this batch file to delete the key?
The FOG Client runs as the user SYSTEM, so it should have full access to delete from HKLM. I’m still leaning towards an unanswered prompt doing this. -
@fry_p ok, i will try ^^
-
-
@Arjenbulkens This should work. But to debug what happens if you only run the delete command? Right now its not clear which command is causing it to hang, I might guess the delete key.
I also wonder what the logic is to delete the key and add it back, why not just use the add key to change its value?
-
@Arjenbulkens I also wonder if its the full name of the base key that is at fault?
HKLM, HKCU, HKCR, HKU, and HKCC is from the MS doc for
reg add
ref: https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/reg-add -
@george1421 It was the delete line, now the snapin in completed successfully. But the registry key value is still the same…
When i run the bat file manually, it works fine
-
@Arjenbulkens I’ve been trying to understand why this would fail if run by the fog snapin.
I reverse engineered the command and I came up with the same syntax as you.
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "AutoAdminLogon" /t "REG_SZ" /d "0" /fI checked and on my system SYSTEM has full edit rights to that key too. You can execute the command from a raised admin prompt OK, so why can’t SYSTEM. I’m logged into a linux computer at the moment so I can’t test, but I know I’ve seen the “Run as Administrator” and “Run as another user”. I wonder if we can “run as another user” and pick SYSTEM as the user account. You WILL need to be a local administrator on the box to get the run as a different user prompt.
-
@Arjenbulkens Please download Sysinternals PSExec and try this:
C:\Windows\system32>whoami ...\Administrator C:\Windows\system32>PsExec.exe -S cmd.exe PsExec v2.2 - Execute processes remotely Copyright (C) 2001-2016 Mark Russinovich Sysinternals - www.sysinternals.com Microsoft Windows [version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. Tous droits réservés. C:\Windows\system32>whoami NT AUTHORITY\SYSTEM C:\Windows\system32>REG DELETE ... ... C:\Windows\system32>REG ADD ... ... -
@Arjenbulkens Any news on this?
