Page 1 of 3 123>
Topic Options
#168371 - 2006-09-25 07:10 PM Delete Registry Keys
wrender Offline
Fresh Scripter

Registered: 2006-09-25
Posts: 22
Hello everyone, I'm new to kix start and I was wondering if I could get some help... I have a problem with computers on our network that weren't syspreped, and they won't register with our WSUS server properly. I have found the following script which fixes the issue, but it's a .bat file i think. What I need to do is authenticate as a domain administrator, and then make the following changes....all quiet to the regular domain users.

reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v AccountDomainSid /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v PingID /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientId /f
cls
@echo Triggering detection after resetting WSUS client identity
net stop wuauserv
net start wuauserv
wuauclt /resetauthorization /detectnow

So far all i have is how to delete the registry keys.... Have no idea about authenticating as a domain admin...

Top
#168372 - 2006-09-25 07:29 PM Re: Delete Registry Keys
Howard Bullock Offline
KiX Supporter
*****

Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
Welcome to the board. To avoid having members repeatedly correct you, the product with which you are working is KiXtart not "kix start".

The approach you should take with your script is to write an "Admin" script that you would execute from a central console and it would connect to each remote computer and delte the keys or values in question. You would execute the script as a domain admin which would then have the appropriate access on each computer.
_________________________
Home page: http://www.kixhelp.com/hb/

Top
#168373 - 2006-09-25 07:40 PM Re: Delete Registry Keys
Howard Bullock Offline
KiX Supporter
*****

Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
There are a few UDFs in the library that deal with remote registry manipulation.

RegUpdate() - Local/Remote registry datatype update

is one to review.


Edited by Howard Bullock (2006-09-25 07:42 PM)
_________________________
Home page: http://www.kixhelp.com/hb/

Top
#168374 - 2006-09-25 07:59 PM Re: Delete Registry Keys
wrender Offline
Fresh Scripter

Registered: 2006-09-25
Posts: 22
I'm sorry, i forgot to mention that I'm running active directory with group policies. So the script would be encrypted with kixcrypt and then shared in the netlogon folder of our domain. (encrypted to protect the domain admin username/password)

Thanks

Top
#168375 - 2006-09-25 08:06 PM Re: Delete Registry Keys
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11623
Loc: CA
Hello and welcome to the board.

Here is some code to get you started. Code is untested so don't just run it as is, but review it and change as needed.

The Remote execute is not in the script but I've given you a link and you can search the board as well for other examples.



;See the UDF:  fnWMIService - Use the Win32_Service class of WMI to control services 
;http://www.kixtart.org/ubbthreads/showflat.php?Cat=0&Number=83246

;To do the remote execution of the "wuauclt /resetauthorization /detectnow" look at this UDF
;RemoteExec() - execute a process on remote PCs
;http://www.kixtart.org/ubbthreads/showflat.php?Cat=0&Number=83206

If Not @LogonMode
Break On
EndIf
Dim $SO
$SO=SetOption('Explicit','On')
$SO=SetOption('NoVarsInStrings','On')
$SO=SetOption('NoMacrosInStrings','On')
$SO=SetOption('WrapAtEOL','On')

Dim $sComputer, $sComputers, $Key
$sComputers = 'PC1','PC2','PC3','PC4'
$Key = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\'
For Each $sComputer In $sComputers
$sComputer=IIf(Not $sComputer,'','\\'+Join(Split($sComputer,'\'),'',3)+'\')
If $sComputer
$Nul = DelValue($sComputer+$Key,'AccountDomainSid')
$Nul = DelValue($sComputer+$Key,'PingID')
$Nul = DelValue($sComputer+$Key,'SusClientId')
$Nul = fnWMIService('wuauserv','stop',$sComputer)
$Nul = fnWMIService('wuauserv','start',$sComputer)
EndIf
Next

Function fnWMIService($sService,$sMethod,Optional $sComputer)
Dim $objWMI,$objSrvc,$nul
If Not $sComputer $sComputer=@WKSTA EndIf
$objWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\"+$sComputer+"\root\cimv2")
If @ERROR<0 Exit VAL("&"+Right(DecToHex(@ERROR),4)) EndIf
$objSrvc = $objWMI.ExecQuery('Select * from Win32_Service WHERE Name = "'+$sService+'"')
For Each $objSrvc in $objSrvc
$nul=Execute("$"+"fnWMIService = $"+"objSrvc."+$sMethod)
Next
EndFunction

Top
#168376 - 2006-09-25 08:09 PM Re: Delete Registry Keys
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11623
Loc: CA
This is run from YOUR computer, not from the LOGON folder.

You must have Admin rights on the remote systems as well.

Top
#168377 - 2006-09-25 08:34 PM Re: Delete Registry Keys
Mart Moderator Offline
KiX Supporter
*****

Registered: 2002-03-27
Posts: 4672
Loc: The Netherlands
Quote:


...
So the script would be encrypted with kixcrypt and then shared in the netlogon folder of our domain. (encrypted to protect the domain admin username/password)
....





Encrypted script will be decrypted when executed and stored locally as a regular kix script. Users can then read the contents and therefore the username and password are both readable to the user. Never, NEVER, NEVER, NEVER put an admin username and password in a script unless you want to get screwed by some user that found the password and is actually using it to do and get what he/she wants. I'd probably loose my job or at least get my CEO on my back asking me why the h#ll I shared an admin password with a regular user if this happened.

If you know the computers that cause problems (and if you don't find out) then you should create an admin script that deletes the registry keys remotely and (re)starts the service remotely. Much more secure, the users will never know you did something to the computer they are working on and you'll find them all in reporting to WSUS and getting updates.
_________________________
Mart

- Chuck Norris once sold ebay to ebay on ebay.

Top
#168378 - 2006-09-25 10:32 PM Re: Delete Registry Keys
wrender Offline
Fresh Scripter

Registered: 2006-09-25
Posts: 22
OK,
NTDOC, thanks man. That was the quickest response ever...
The "wuauclt /resetauthorization /detectnow" is actually a utility command. So it should be in the path of all users.... Would I be able to execute it if I make the following additions to your code? (See RUN part I've added) also, If I run this from my computer, logged in as my account (domain administrator) will this execute using my credentials on the remote pcs?

For Each $sComputer In $sComputers
$sComputer=IIf(Not $sComputer,'','\\'+Join(Split($sComputer,'\'),'',3)+'\')
If $sComputer
$Nul = DelValue($sComputer+$Key,'AccountDomainSid')
$Nul = DelValue($sComputer+$Key,'PingID')
$Nul = DelValue($sComputer+$Key,'SusClientId')
$Nul = fnWMIService('wuauserv','stop',$sComputer)
$Nul = fnWMIService('wuauserv','start',$sComputer)
RUN "wuauclt /resetauthorization /detectnow"
EndIf

Mart,

Thanks for the information about kixcrypt. I didn't realize that it decrypts to a regular kix file and stores it locally on the computer.

Wes

Top
#168379 - 2006-09-25 10:41 PM Re: Delete Registry Keys
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
no, this will obviously execute on local computer.
Top
#168380 - 2006-09-25 10:48 PM Re: Delete Registry Keys
wrender Offline
Fresh Scripter

Registered: 2006-09-25
Posts: 22
it doesn't seem to be obvious to me for some reason..... scratching my head like a monkey.
Top
#168381 - 2006-09-25 11:12 PM Re: Delete Registry Keys
Mart Moderator Offline
KiX Supporter
*****

Registered: 2002-03-27
Posts: 4672
Loc: The Netherlands
Scratching your head like a monkey...LOL never heard that one before.

This part

Quote:


RUN "wuauclt /resetauthorization /detectnow"





will be executed on the local computer because no computer name is given to execute the command on. You could loose that wuauclt stuff and just stop and start the service so all new settings will be loaded when the service starts and the computers should start showing up in WSUS. Doc showed an example that does the trick.


Edited by Mart (2006-09-25 11:13 PM)
_________________________
Mart

- Chuck Norris once sold ebay to ebay on ebay.

Top
#168382 - 2006-09-25 11:31 PM Re: Delete Registry Keys
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11623
Loc: CA
The code I provided should run okay.

It will run against the remote computer (change the name to at least 2 computers you want to test it on, so it stays as an array)

The name value for stopping and starting the SERVICE should work if that batch file is correct on the name.

You may be able to do without the
wuauclt /resetauthorization /detectnow
portion of the code.

Simply change the $sComputers to the name of 2 computers you want to test and then run the code and check on those computers.

Top
#168383 - 2006-09-27 05:54 PM Re: Delete Registry Keys
wrender Offline
Fresh Scripter

Registered: 2006-09-25
Posts: 22
Ok thanks guys. I tested this script on my local machine... and I changed the script to just run for my computer....
$sComputers = 'wrender-lap'

I put the kix32.exe in a folder with the script which I called wsusfix.kix and ran them like this...
kix32 wsusfix.kix

It exits, so I assumed the script ran. When I go to check in my registry on my computer (wrender-lap) the entries are still there... I tried refreshing using the F5 key.

Top
#168384 - 2006-09-27 06:11 PM Re: Delete Registry Keys
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
how about simply adding @error line after the delvalue() lines????
Top
#168385 - 2006-09-27 06:37 PM Re: Delete Registry Keys
wrender Offline
Fresh Scripter

Registered: 2006-09-25
Posts: 22
I added a line with @error after the delvalue() lines. and it didn't do anything. I tried putting in two computers for the $sComputers and it got a new error.
$sComputers = 'wrender-lap','fe-crosstec'

Error: undefined variable [Nul]!

Top
#168386 - 2006-09-27 06:49 PM Re: Delete Registry Keys
wrender Offline
Fresh Scripter

Registered: 2006-09-25
Posts: 22
Ok, i've added the $Nul valiable to the Dim's. I don't get the undefined variable error anymore...
I ran the script, and it properly removes the registry entries from 'wrender-lap' but does not seem to remove them on the remote computer 'fe-crosstec'.

Top
#168387 - 2006-09-27 07:01 PM Re: Delete Registry Keys
therob Offline
Starting to like KiXtart

Registered: 2005-05-19
Posts: 150
Loc: Frankfurt/M., Germany
Quote:


Encrypted script will be decrypted when executed and stored locally as a regular kix script. Users can then read the contents and




not if you pretokenize the script.
But agreed, its not really safe either.
_________________________
Eternity is a long time, especially towards the end. - W.Allan

Top
#168388 - 2006-09-27 07:50 PM Re: Delete Registry Keys
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
well... todays decryption capabilities taken, it is.

anyways, error-line always does something.
a) you didn't place it in the right place
b) your script didn't execute at all
c) you didn't execute from command prompt or are using wkix32. then you need to use get $ after the error line

but error-line always does give you something, always.

Top
#168389 - 2006-09-27 07:59 PM Re: Delete Registry Keys
wrender Offline
Fresh Scripter

Registered: 2006-09-25
Posts: 22
No, i don't think any of those things are what's causing the registry keys to not be deleted on the fe-crosstec computer. What about this?

On our network, i have kix32 available on the netlogon share, so it is available to all computers. but since i ran this script from a folder with kix32.exe on my local computer, would that effect where the remote computer looks for the kix stuff when it tries to execute the same script?

I guess what I'm trying to get ask is... Does the remote computer on the network need to have access to the kix files. If so, do the files have to be in the same directory or network location as what I have executed them from on my local computer.

Wes

Top
#168390 - 2006-09-27 08:20 PM Re: Delete Registry Keys
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
no, none of the things I listed would stop the script from working.
but all of the choices descripe why you wouldn't have error line return something.

get back to scripting and dig up the error.

Top
Page 1 of 3 123>


Moderator:  Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart 
Hop to:
Shout Box

Who's Online
0 registered and 515 anonymous users online.
Newest Members
gespanntleuchten, DaveatAdvanced, Paulo_Alves, UsTaaa, xxJJxx
17864 Registered Users

Generated in 0.073 seconds in which 0.024 seconds were spent on a total of 12 queries. Zlib compression enabled.

Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org