SOLVED Remove a Registry Key
I’m trying to remove a Registry key from Windows after the image has been deployed.
I am aware of the REGED utility, however, this one only imports .reg files and I must say that I do not now how to remove a reg key.
Is this even possible?
Love to hear,
@maouu Here is how we deploy with PDQ Deploy (sorry I don’t use snapins but the install function is similar:
@Echo Off start /wait dfmirage-setup-2.0.301.exe /verysilent /norestart REM Hack to determine arch of this system IF EXIST C:\Windows\SysWOW64\diskpart.exe GOTO :x64 :x86 msiexec /i tightvnc-2.7.10-setup-32bit.msi /qn /norestart ADDLOCAL="Server" SERVER_REGISTER_AS_SERVICE=1 SERVER_ADD_FIREWALL_EXCEPTION=1 SERVER_ALLOW_SAS=1 SET_USEVNCAUTHENTICATION=1 VALUE_OF_USEVNCAUTHENTICATION=1 SET_PASSWORD=1 VALUE_OF_PASSWORD=<SetMe!!> SET_USECONTROLAUTHENTICATION=1 VALUE_OF_USECONTROLAUTHENTICATION=1 SET_CONTROLPASSWORD=1 VALUE_OF_CONTROLPASSWORD=<SetMe2!!> SET_IPACCESSCONTROL=1 VALUE_OF_IPACCESSCONTROL="192.168.0.0-192.168.255.255:2,0.0.0.0-184.108.40.206:1,220.127.116.11-255.255.255.255:1" SET_REMOVEWALLPAPER=1 VALUE_OF_REMOVEWALLPAPER=1 :x64 msiexec /i tightvnc-2.7.10-setup-64bit.msi /qn /norestart ADDLOCAL="Server" SERVER_REGISTER_AS_SERVICE=1 SERVER_ADD_FIREWALL_EXCEPTION=1 SERVER_ALLOW_SAS=1 SET_USEVNCAUTHENTICATION=1 VALUE_OF_USEVNCAUTHENTICATION=1 SET_PASSWORD=1 VALUE_OF_PASSWORD=<SetMe!!> SET_USECONTROLAUTHENTICATION=1 VALUE_OF_USECONTROLAUTHENTICATION=1 SET_CONTROLPASSWORD=1 VALUE_OF_CONTROLPASSWORD=<SetMe2!!> SET_IPACCESSCONTROL=1 VALUE_OF_IPACCESSCONTROL="192.168.0.0-192.168.255.255:2,0.0.0.0-18.104.22.168:1,22.214.171.124-255.255.255.255:1" SET_REMOVEWALLPAPER=1 VALUE_OF_REMOVEWALLPAPER=1 :Exit REM Install done, errors generated by msi will be reported to installer net stop "TightVNC Server" net start "TightVNC Server" rmdir /s /q "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC\"
I’m pretty sure if you reinstall with the new parameters they will overwrite what is in the registry. I know this ISN’T what you are looking for, but it works for us.
@george1421 At the beginning I just wanted to make a script to uninstall VNC completely and cleanly so I could reinstall it with the right settings on my computer park.
I realized that just by editing the registry [HKEY_LOCAL_MACHINE \ SOFTWARE \ TightVNC \ Server] it worked.
I want to add the following elements:
“IpAccessControl” = “192.168.2.0-192.168.2.255: 2,192.168.3.0-192.168.3.255: 2,192.168.4.0-192.168.4.255: 2,192.168.7.0-192.168.7.255: 2,192.168.8.0-192.168.8.255: 2”
“QueryTimeout” = dword: 0000001e
“QueryAcceptOnTimeout” = dword: 00000001
When I run my script:
regedit.exe / s “http://192.168.1.6/fog/package/FOG/Key_TightVNC.reg” I get a code 0 in Host Snapin History but the registry is not changed
@maouu I know tightvnc, so I’m going to ask what is your goal here. Do you want to preset these values using regedit? If so there is a different way to go about this that we use.
@Tom-Elliott It work from the commande line but when i made a snappin it’s not work.
I have a code 0 but my registry key is not update…
My snappin :
regedit.exe /s “http://192.168.1.6/fog/package/FOG/Key_TightVNC.reg”
My key.reg :
@Tom-Elliott Yes it’s work perfectly ^^
Tom Elliott last edited by
@maouu Can you run the reg delete from the command line as is?
How can I use the .reg file to delete the key ?!
regedit.exe /s "mykey.reg"
Then in your mykey.reg file you need this syntax with all of the other normal prefix settings
Also know that the short name
hklmmay not be what reg is looking for, you may need the full name there. I have not tried it only offering a suggestion. The FOG Client/snapins run as SYSTEM so it should have full access to the registry even with UAC enabled.
Tom Elliott last edited by Tom Elliott
@maouu The FOG Client runs as the SYSTEM user, so yes, it has systems rights to delete a registry key, I would think.
Are you sure that is the location of the key, or is it in HKLM\SOFTWARE\WOW6432Node\TightVNC
I’m not questioning your expertise, but the information would seem to indicate something else.
I suppose you could create the reg, create a batch script to load/run the reg key, and use a “snapinpack” to run on the machine.
There’s too many things to think about here though.
Yes the key exist !
Does FOG have system rights to delete a registry key?
How can I use the .reg file to delete the key ?!
Tom Elliott last edited by
@maouu Does the key actually exist on the machine?
The error code you received is from the reg delete command itself. If the command runs it only returns two codes.
0 = Success
1 = Failure
There isn’t any information as to why there would be an error so I’m just guessing the key simply doesn’t exist on the machine the snapin is running on.
I made a .bat file to delete a registry key.
I use it in a snappin with Batch Script but it does not work, I have an error code 1
reg delete "HKLM\SOFTWARE\TightVNC" /f
Someone can help me please ?!
@abos_systemax OHH, okay, I get you! sorry for the misunderstanding there.
I don’t have any experience with this yet, but I will get to
playing“working” and see if I can’t figure something out in my free time!
The RegKey works perfect in Windows, it appears that the REGED program in FogOS is the one having issues with the notation.
I was looking for any documentation on the subject, but Google refuses to think that I really do not wish results for REGEDIT, but for REGED.
That is why I wanted to boot to FogOS without actually deploying an image, so I could actually try to find a manual for REGED
I know this method works, I have used it in the past. I would start by troubleshooting the script on a client machine that is already imaged, tweaking the script to work, then leaving the script in the drive someplace and calling it through a snapin or some how (first time log in, (There is a registry value for the default user hive that is labeled as “run once” you could try including your script in the user hive))
just a quick question, in your reg file you didn’t write the code like this did you? “<-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Elements>”not < >.
you can probably still use your script above, but you will need to look at the reg file. The easiest way to solve this is to export the reg key from another machine and edit the .reg file by adding the
-after the first bracket
Deleting Registry Keys and Values
To delete a registry key with a .reg file, put a hyphen (-) in front of the RegistryPath in the .reg file. For example, to delete the Test subkey from the following registry key:
put a hyphen in front of the following registry key in the .reg file:
The following example has a .reg file that can perform this task.
To delete a registry value with a .reg file, put a hyphen (-) after the equals sign following the DataItemName in the .reg file. For example, to delete the TestValue registry value from the following registry key:
put a hyphen after the “TestValue”= in the .reg file. The following example has a .reg file that can perform this task.
To create the .reg file, use Regedit.exe to export the registry key that you want to delete, and then use Notepad to edit the .reg file and insert the hyphen.
hmm, sadly REGED doesn’t seem to like it.
import_reg: WARNING: found key <-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments> not matching prefix <HKEY_LOCAL_MACHINE\SOFTWARE> Customer.Script: Line 24: 17695 Aborted reged -C SOFTWARE -I HKEY_LOCAL_MACHINE\\SOFTWARE $RegKey
mkdir /WinC #create folder to mount C dir to ntfs-3g -o -force,rw /dev/mmcblk0p3 /WinC #mount windows disk cd /WinC/Windows/System32/config #here is where the registry is kept RegKey="RemoveElements.reg" #file that will remove a regkey touch $RegKey echo "Windows Registry Editor Version 5.00" >> $RegKey echo "[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments]" >> $RegKey #notice: The - in front of "HKEY..." is to remove the entry. reged -C SOFTWARE -I HKEY_LOCAL_MACHINE\\SOFTWARE $RegKey #change the registry (notice the \\ instead of \) rm $RegKey umount -l /WinC
Is there something I’m doing wrong? Importing a key this way does work
also: importing this key in Windows does also remove the key; so this might be a REGED related issue?
– On another note:
How can I stop the Script execution and intervene in FOS? (if at all possible), this image takes > 60 minutes to deploy; making troubleshooting quite the struggle
sudburr last edited by
To expand further:
Windows Registry Editor Version 5.00 ; delete a registry key [-<HIVErootkey>\<keyname>] ; delete a registry value [<HIVErootkey>\<keyname>] "<value>"=- ; delete only the value data of a value [<HIVErootkey>\<keyname>] "<value>"=""