Remove a Registry Key
-
Hello FOG;
I’m trying to remove a Registry key from Windows after the image has been deployed.
I am aware of the REGED utility, however, this one only imports .reg files and I must say that I do not now how to remove a reg key.Is this even possible?
Love to hear,
Alex
-
Of course it’s possible. I couldn’t tell you how to do it, but I know it can be done.
-
@abos_systemax
Since you are trying to remove a key. You can use the command line to do so.
reg delete "HKCU\The\Registry\To\Delete" /f
OR if you have a .reg file open the file and put a - before the HKEY portion…
[-HKey_Current_User\The\Registry\To\Delete]
like so and do a reg import for that file.I use a hidden flag.txt and a script that will look for the flag.txt file, if not found, it will run some scripts similar to what you have described and then the next time the user logs in, if the flag.txt is present (which it should be, the script copies the file to where it needs to be.) then the script won’t run again.
I do this in cases where I need to update the registry values for that user only one time. I.E. I set the taskbar, and Start menu to a specific layout. I don’t want to do this on every log in, and it requires registry edits. So I do it once per user when flag.txt isn’t present.Another option would be to create the script, use a snap in as a deployment after imaging completes. I don’t know exactly what you are trying to accomplish, but I am certain it can be done.
Hope this helps!
-
I did not know about the ‘-’ in front of the key… if that works that’d be great!..
I’m trying to remove a regkey during postdeployment; because recreating the image because of one key is kind of ambiguous. I’ll check out your advice, will post back later!
-
To expand further:
Windows Registry Editor Version 5.00 ; delete a registry key [-<HIVErootkey>\<keyname>] ; delete a registry value [<HIVErootkey>\<keyname>] "<value>"=- ; delete only the value data of a value [<HIVErootkey>\<keyname>] "<value>"=""
-
hmm, sadly REGED doesn’t seem to like it.
The error:
import_reg: WARNING: found key <-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments> not matching prefix <HKEY_LOCAL_MACHINE\SOFTWARE> Customer.Script: Line 24: 17695 Aborted reged -C SOFTWARE -I HKEY_LOCAL_MACHINE\\SOFTWARE $RegKey
The code:
mkdir /WinC #create folder to mount C dir to ntfs-3g -o -force,rw /dev/mmcblk0p3 /WinC #mount windows disk cd /WinC/Windows/System32/config #here is where the registry is kept RegKey="RemoveElements.reg" #file that will remove a regkey touch $RegKey echo "Windows Registry Editor Version 5.00" >> $RegKey echo "[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments]" >> $RegKey #notice: The - in front of "HKEY..." is to remove the entry. reged -C SOFTWARE -I HKEY_LOCAL_MACHINE\\SOFTWARE $RegKey #change the registry (notice the \\ instead of \) rm $RegKey umount -l /WinC
Is there something I’m doing wrong? Importing a key this way does work
also: importing this key in Windows does also remove the key; so this might be a REGED related issue?– On another note:
How can I stop the Script execution and intervene in FOS? (if at all possible), this image takes > 60 minutes to deploy; making troubleshooting quite the struggle -
I know this method works, I have used it in the past. I would start by troubleshooting the script on a client machine that is already imaged, tweaking the script to work, then leaving the script in the drive someplace and calling it through a snapin or some how (first time log in, (There is a registry value for the default user hive that is labeled as “run once” you could try including your script in the user hive))
just a quick question, in your reg file you didn’t write the code like this did you? “<-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Elements>”
not < >.you can probably still use your script above, but you will need to look at the reg file. The easiest way to solve this is to export the reg key from another machine and edit the .reg file by adding the
-
after the first bracket[
Deleting Registry Keys and Values
To delete a registry key with a .reg file, put a hyphen (-) in front of the RegistryPath in the .reg file. For example, to delete the Test subkey from the following registry key:
HKEY_LOCAL_MACHINE\Software
put a hyphen in front of the following registry key in the .reg file:
HKEY_LOCAL_MACHINE\Software\Test
The following example has a .reg file that can perform this task.
[-HKEY_LOCAL_MACHINE\Software\Test]
To delete a registry value with a .reg file, put a hyphen (-) after the equals sign following the DataItemName in the .reg file. For example, to delete the TestValue registry value from the following registry key:
HKEY_LOCAL_MACHINE\Software\Test
put a hyphen after the “TestValue”= in the .reg file. The following example has a .reg file that can perform this task.
HKEY_LOCAL_MACHINE\Software\Test
"TestValue"=-
To create the .reg file, use Regedit.exe to export the registry key that you want to delete, and then use Notepad to edit the .reg file and insert the hyphen. -
The RegKey works perfect in Windows, it appears that the REGED program in FogOS is the one having issues with the notation.
I was looking for any documentation on the subject, but Google refuses to think that I really do not wish results for REGEDIT, but for REGED.That is why I wanted to boot to FogOS without actually deploying an image, so I could actually try to find a manual for REGED
-
@abos_systemax OHH, okay, I get you! sorry for the misunderstanding there.
I don’t have any experience with this yet, but I will get to
playing“working” and see if I can’t figure something out in my free time! -
Hello everybody,
I made a .bat file to delete a registry key.
I use it in a snappin with Batch Script but it does not work, I have an error code 1reg delete "HKLM\SOFTWARE\TightVNC" /f
Someone can help me please ?!
Thanks you
-
@maouu Does the key actually exist on the machine?
The error code you received is from the reg delete command itself. If the command runs it only returns two codes.
0 = Success
1 = FailureThere isn’t any information as to why there would be an error so I’m just guessing the key simply doesn’t exist on the machine the snapin is running on.
-
Yes the key exist !
Does FOG have system rights to delete a registry key?How can I use the .reg file to delete the key ?!
Thanks
-
@maouu The FOG Client runs as the SYSTEM user, so yes, it has systems rights to delete a registry key, I would think.
Are you sure that is the location of the key, or is it in HKLM\SOFTWARE\WOW6432Node\TightVNC
I’m not questioning your expertise, but the information would seem to indicate something else.
I suppose you could create the reg, create a batch script to load/run the reg key, and use a “snapinpack” to run on the machine.
There’s too many things to think about here though.
-
@maouu said in Remove a Registry Key:
How can I use the .reg file to delete the key ?!
regedit.exe /s "mykey.reg"
Then in your mykey.reg file you need this syntax with all of the other normal prefix settings
[-HKEY_LOCAL_MACHINE\SOFTWARE\TightVNC]
Also know that the short name
hklm
may not be what reg is looking for, you may need the full name there. I have not tried it only offering a suggestion. The FOG Client/snapins run as SYSTEM so it should have full access to the registry even with UAC enabled. -
@Tom-Elliott said in Remove a Registry Key:
Are you sure that is the location of the key, or is it in HKLM\SOFTWARE\WOW6432Node\TightVNC
Oh yeah, depending on what version of VNC is installed (32 or 64 bit) the key path will be different. Good catch on that Tom.
-
@george1421 Thanks, I’ll already test with the full name but it’s same issues.
I’m on W10 64bits system
I’ll test with: regedit.exe /s “mykey.reg”@Tom-Elliott Thanks you too but my registry key is in HKLM\SOFTWARE\TightVNC
On HKLM\SOFTWARE\WOW6432Node\ i’ve nothingThanks you
-
@maouu Can you run the reg delete from the command line as is?
-
@Tom-Elliott Yes it’s work perfectly ^^
-
@maouu said in Remove a Registry Key:
On HKLM\SOFTWARE\WOW6432Node\ i’ve nothing
FWIW then you have the 64 bit version of tightvnc installed otherwise this key would be populated.
-
@Tom-Elliott It work from the commande line but when i made a snappin it’s not work.
I have a code 0 but my registry key is not update…My snappin :
regedit.exe /s “http://192.168.1.6/fog/package/FOG/Key_TightVNC.reg”My key.reg :
[HKEY_LOCAL_MACHINE\SOFTWARE\TightVNC]
[HKEY_LOCAL_MACHINE\SOFTWARE\TightVNC\Server]
“ExtraPorts”=“”
“QueryTimeout”=dword:0000001e
“QueryAcceptOnTimeout”=dword:00000001
“LocalInputPriorityTimeout”=dword:00000003
“LocalInputPriority”=dword:00000000
“BlockRemoteInput”=dword:00000000
“BlockLocalInput”=dword:00000000
“IpAccessControl”=“192.168.2.0-192.168.2.255:2,192.168.3.0-192.168.3.255:2,192.168.4.0-192.168.4.255:2,192.168.7.0-192.168.7.255:2,192.168.8.0-192.168.8.255:2”
“RfbPort”=dword:0000170c
“HttpPort”=dword:000016a8
“DisconnectAction”=dword:00000000
“AcceptRfbConnections”=dword:00000001
“UseVncAuthentication”=dword:00000001
“UseControlAuthentication”=dword:00000001
“RepeatControlAuthentication”=dword:00000001
“LoopbackOnly”=dword:00000000
“AcceptHttpConnections”=dword:00000001
“LogLevel”=dword:00000000
“EnableFileTransfers”=dword:00000001
“RemoveWallpaper”=dword:00000001
“UseMirrorDriver”=dword:00000001
“EnableUrlParams”=dword:00000001
“Password”=hex:58,34,c1,bd,a2,5d,20,a0
“ControlPassword”=hex:62,77,1e,20,2d,c1,2a,b6
“AlwaysShared”=dword:00000000
“NeverShared”=dword:00000000
“DisconnectClients”=dword:00000001
“PollingInterval”=dword:000003e8
“AllowLoopback”=dword:00000000
“VideoRecognitionInterval”=dword:00000bb8
“GrabTransparentWindows”=dword:00000001
“SaveLogToAllUsersPath”=dword:00000000
“RunControlInterface”=dword:00000001
“IdleTimeout”=dword:00000000
“VideoClasses”=“”
“VideoRects”=“”