Remove a Registry Key



  • Hello FOG;

    I’m trying to remove a Registry key from Windows after the image has been deployed.
    I am aware of the REGED utility, however, this one only imports .reg files and I must say that I do not now how to remove a reg key.

    Is this even possible?

    Love to hear,

    Alex


  • Moderator

    @maouu Here is how we deploy with PDQ Deploy (sorry I don’t use snapins but the install function is similar:

      @Echo Off
    
      start /wait dfmirage-setup-2.0.301.exe /verysilent /norestart
    
      REM Hack to determine arch of this system
      IF EXIST C:\Windows\SysWOW64\diskpart.exe GOTO :x64
    
    :x86
      msiexec /i tightvnc-2.7.10-setup-32bit.msi /qn /norestart ADDLOCAL="Server" SERVER_REGISTER_AS_SERVICE=1 SERVER_ADD_FIREWALL_EXCEPTION=1 SERVER_ALLOW_SAS=1 SET_USEVNCAUTHENTICATION=1 VALUE_OF_USEVNCAUTHENTICATION=1 SET_PASSWORD=1 VALUE_OF_PASSWORD=<SetMe!!> SET_USECONTROLAUTHENTICATION=1 VALUE_OF_USECONTROLAUTHENTICATION=1 SET_CONTROLPASSWORD=1 VALUE_OF_CONTROLPASSWORD=<SetMe2!!> SET_IPACCESSCONTROL=1 VALUE_OF_IPACCESSCONTROL="192.168.0.0-192.168.255.255:2,0.0.0.0-192.167.255.255:1,192.169.0.0-255.255.255.255:1" SET_REMOVEWALLPAPER=1 VALUE_OF_REMOVEWALLPAPER=1
    
    
    :x64
      msiexec /i tightvnc-2.7.10-setup-64bit.msi /qn /norestart ADDLOCAL="Server" SERVER_REGISTER_AS_SERVICE=1 SERVER_ADD_FIREWALL_EXCEPTION=1 SERVER_ALLOW_SAS=1 SET_USEVNCAUTHENTICATION=1 VALUE_OF_USEVNCAUTHENTICATION=1 SET_PASSWORD=1 VALUE_OF_PASSWORD=<SetMe!!> SET_USECONTROLAUTHENTICATION=1 VALUE_OF_USECONTROLAUTHENTICATION=1 SET_CONTROLPASSWORD=1 VALUE_OF_CONTROLPASSWORD=<SetMe2!!> SET_IPACCESSCONTROL=1 VALUE_OF_IPACCESSCONTROL="192.168.0.0-192.168.255.255:2,0.0.0.0-192.167.255.255:1,192.169.0.0-255.255.255.255:1" SET_REMOVEWALLPAPER=1 VALUE_OF_REMOVEWALLPAPER=1
    
    
    :Exit
      REM Install done, errors generated by msi will be reported to installer
      net stop "TightVNC Server"
      net start "TightVNC Server"
      rmdir /s /q "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC\"
    

    I’m pretty sure if you reinstall with the new parameters they will overwrite what is in the registry. I know this ISN’T what you are looking for, but it works for us.



  • @george1421 At the beginning I just wanted to make a script to uninstall VNC completely and cleanly so I could reinstall it with the right settings on my computer park.
    I realized that just by editing the registry [HKEY_LOCAL_MACHINE \ SOFTWARE \ TightVNC \ Server] it worked.

    I want to add the following elements:

    “IpAccessControl” = “192.168.2.0-192.168.2.255: 2,192.168.3.0-192.168.3.255: 2,192.168.4.0-192.168.4.255: 2,192.168.7.0-192.168.7.255: 2,192.168.8.0-192.168.8.255: 2”

    “QueryTimeout” = dword: 0000001e

    “QueryAcceptOnTimeout” = dword: 00000001

    When I run my script:
    regedit.exe / s “http://192.168.1.6/fog/package/FOG/Key_TightVNC.reg I get a code 0 in Host Snapin History but the registry is not changed


  • Moderator

    @maouu I know tightvnc, so I’m going to ask what is your goal here. Do you want to preset these values using regedit? If so there is a different way to go about this that we use.



  • @Tom-Elliott It work from the commande line but when i made a snappin it’s not work.
    I have a code 0 but my registry key is not update…

    My snappin :
    regedit.exe /s “http://192.168.1.6/fog/package/FOG/Key_TightVNC.reg

    My key.reg :

    [HKEY_LOCAL_MACHINE\SOFTWARE\TightVNC]

    [HKEY_LOCAL_MACHINE\SOFTWARE\TightVNC\Server]
    “ExtraPorts”=""
    “QueryTimeout”=dword:0000001e
    “QueryAcceptOnTimeout”=dword:00000001
    “LocalInputPriorityTimeout”=dword:00000003
    “LocalInputPriority”=dword:00000000
    “BlockRemoteInput”=dword:00000000
    “BlockLocalInput”=dword:00000000
    “IpAccessControl”=“192.168.2.0-192.168.2.255:2,192.168.3.0-192.168.3.255:2,192.168.4.0-192.168.4.255:2,192.168.7.0-192.168.7.255:2,192.168.8.0-192.168.8.255:2”
    “RfbPort”=dword:0000170c
    “HttpPort”=dword:000016a8
    “DisconnectAction”=dword:00000000
    “AcceptRfbConnections”=dword:00000001
    “UseVncAuthentication”=dword:00000001
    “UseControlAuthentication”=dword:00000001
    “RepeatControlAuthentication”=dword:00000001
    “LoopbackOnly”=dword:00000000
    “AcceptHttpConnections”=dword:00000001
    “LogLevel”=dword:00000000
    “EnableFileTransfers”=dword:00000001
    “RemoveWallpaper”=dword:00000001
    “UseMirrorDriver”=dword:00000001
    “EnableUrlParams”=dword:00000001
    “Password”=hex:58,34,c1,bd,a2,5d,20,a0
    “ControlPassword”=hex:62,77,1e,20,2d,c1,2a,b6
    “AlwaysShared”=dword:00000000
    “NeverShared”=dword:00000000
    “DisconnectClients”=dword:00000001
    “PollingInterval”=dword:000003e8
    “AllowLoopback”=dword:00000000
    “VideoRecognitionInterval”=dword:00000bb8
    “GrabTransparentWindows”=dword:00000001
    “SaveLogToAllUsersPath”=dword:00000000
    “RunControlInterface”=dword:00000001
    “IdleTimeout”=dword:00000000
    “VideoClasses”=""
    “VideoRects”=""


  • Moderator

    @maouu said in Remove a Registry Key:

    On HKLM\SOFTWARE\WOW6432Node\ i’ve nothing

    FWIW then you have the 64 bit version of tightvnc installed otherwise this key would be populated.



  • @Tom-Elliott Yes it’s work perfectly ^^


  • Senior Developer

    @maouu Can you run the reg delete from the command line as is?



  • @george1421 Thanks, I’ll already test with the full name but it’s same issues.
    I’m on W10 64bits system
    I’ll test with: regedit.exe /s “mykey.reg”

    @Tom-Elliott Thanks you too but my registry key is in HKLM\SOFTWARE\TightVNC
    On HKLM\SOFTWARE\WOW6432Node\ i’ve nothing

    Thanks you


  • Moderator

    @Tom-Elliott said in Remove a Registry Key:

    Are you sure that is the location of the key, or is it in HKLM\SOFTWARE\WOW6432Node\TightVNC

    Oh yeah, depending on what version of VNC is installed (32 or 64 bit) the key path will be different. Good catch on that Tom.


  • Moderator

    @maouu said in Remove a Registry Key:

    How can I use the .reg file to delete the key ?!

    regedit.exe /s "mykey.reg"

    Then in your mykey.reg file you need this syntax with all of the other normal prefix settings

    [-HKEY_LOCAL_MACHINE\SOFTWARE\TightVNC]
    

    Also know that the short name hklm may not be what reg is looking for, you may need the full name there. I have not tried it only offering a suggestion. The FOG Client/snapins run as SYSTEM so it should have full access to the registry even with UAC enabled.


  • Senior Developer

    @maouu The FOG Client runs as the SYSTEM user, so yes, it has systems rights to delete a registry key, I would think.

    Are you sure that is the location of the key, or is it in HKLM\SOFTWARE\WOW6432Node\TightVNC

    I’m not questioning your expertise, but the information would seem to indicate something else.

    I suppose you could create the reg, create a batch script to load/run the reg key, and use a “snapinpack” to run on the machine.

    There’s too many things to think about here though.



  • Yes the key exist !
    Does FOG have system rights to delete a registry key?

    How can I use the .reg file to delete the key ?!

    Thanks


  • Senior Developer

    @maouu Does the key actually exist on the machine?

    The error code you received is from the reg delete command itself. If the command runs it only returns two codes.

    0 = Success
    1 = Failure

    There isn’t any information as to why there would be an error so I’m just guessing the key simply doesn’t exist on the machine the snapin is running on.



  • Hello everybody,

    I made a .bat file to delete a registry key.
    I use it in a snappin with Batch Script but it does not work, I have an error code 1

    reg delete "HKLM\SOFTWARE\TightVNC" /f
    

    Someone can help me please ?!

    Thanks you


  • Developer

    @abos_systemax OHH, okay, I get you! sorry for the misunderstanding there.

    I don’t have any experience with this yet, but I will get to playing “working” and see if I can’t figure something out in my free time!



  • The RegKey works perfect in Windows, it appears that the REGED program in FogOS is the one having issues with the notation.
    I was looking for any documentation on the subject, but Google refuses to think that I really do not wish results for REGEDIT, but for REGED.

    That is why I wanted to boot to FogOS without actually deploying an image, so I could actually try to find a manual for REGED :)


  • Developer

    @abos_systemax

    I know this method works, I have used it in the past. I would start by troubleshooting the script on a client machine that is already imaged, tweaking the script to work, then leaving the script in the drive someplace and calling it through a snapin or some how (first time log in, (There is a registry value for the default user hive that is labeled as “run once” you could try including your script in the user hive))

    just a quick question, in your reg file you didn’t write the code like this did you? “<-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Elements>”

    you can probably still use your script above, but you will need to look at the reg file. The easiest way to solve this is to export the reg key from another machine and edit the .reg file by adding the - after the first bracket [

    Deleting Registry Keys and Values

    To delete a registry key with a .reg file, put a hyphen (-) in front of the RegistryPath in the .reg file. For example, to delete the Test subkey from the following registry key:
    HKEY_LOCAL_MACHINE\Software
    put a hyphen in front of the following registry key in the .reg file:
    HKEY_LOCAL_MACHINE\Software\Test
    The following example has a .reg file that can perform this task.
    [-HKEY_LOCAL_MACHINE\Software\Test]
    To delete a registry value with a .reg file, put a hyphen (-) after the equals sign following the DataItemName in the .reg file. For example, to delete the TestValue registry value from the following registry key:
    HKEY_LOCAL_MACHINE\Software\Test
    put a hyphen after the “TestValue”= in the .reg file. The following example has a .reg file that can perform this task.
    HKEY_LOCAL_MACHINE\Software\Test
    "TestValue"=-
    To create the .reg file, use Regedit.exe to export the registry key that you want to delete, and then use Notepad to edit the .reg file and insert the hyphen.

    Source:
    https://support.microsoft.com/en-us/help/310516/how-to-add,-modify,-or-delete-registry-subkeys-and-values-by-using-a-.reg-file



  • hmm, sadly REGED doesn’t seem to like it.

    The error:

    import_reg: WARNING: found key <-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments> not matching prefix <HKEY_LOCAL_MACHINE\SOFTWARE>
    Customer.Script: Line 24: 17695 Aborted reged -C SOFTWARE -I HKEY_LOCAL_MACHINE\\SOFTWARE $RegKey
    

    The code:

    mkdir /WinC #create folder to mount C dir to
    ntfs-3g -o -force,rw /dev/mmcblk0p3 /WinC #mount windows disk
    
    cd /WinC/Windows/System32/config #here is where the registry is kept
    RegKey="RemoveElements.reg" #file that will remove a regkey
    touch $RegKey
    echo "Windows Registry Editor Version 5.00" >> $RegKey
    echo "[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments]" >> $RegKey #notice: The - in front of "HKEY..." is to remove the entry.
    reged -C SOFTWARE -I HKEY_LOCAL_MACHINE\\SOFTWARE $RegKey #change the registry (notice the \\ instead of \)
    rm $RegKey
    umount -l /WinC
    

    Is there something I’m doing wrong? Importing a key this way does work
    also: importing this key in Windows does also remove the key; so this might be a REGED related issue?

    – On another note:
    How can I stop the Script execution and intervene in FOS? (if at all possible), this image takes > 60 minutes to deploy; making troubleshooting quite the struggle



  • To expand further:

    Windows Registry Editor Version 5.00
    
    ; delete a registry key
    [-<HIVErootkey>\<keyname>]
    
    ; delete a registry value
    [<HIVErootkey>\<keyname>]
    "<value>"=-
    
    ; delete only the value data of a value
    [<HIVErootkey>\<keyname>]
    "<value>"=""
    

    A great starting point


Log in to reply
 

342
Online

6.3k
Users

13.7k
Topics

129.0k
Posts