Sign in to follow this  
Followers 0
ModemJunki

Strange RegDelete behavior

4 posts in this topic

I am really stumped and want to know if anyone reading has encountered this.

I have a script that works on multiple hardware (part of a PE deployment). It deletes a couple of registry keys dealing with local group policies. If we don't delete the key, the firewall is enabled for all adapters. We have some adapters for which we must not have the Windows 7 advanced firewall enabled (localized high-speed links), so we need the GPO to be "not configured". This way we can turn the firewall on and exclude the adapters from the firewall by populating their GUIDs in the appropriate key.

For whatever reason the engineer who originally wrote the script used a registry hack (key delete) instead of scripting netsh advfirewall to accomplish the same result. I have to understand the root cause of the problem before I can proceed with changes (most likely to use netsh in the proper manner).

The script has line:

RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile", "EnableFirewall")

This works on two older hardwares, but on a newer system it fails. The newer system only works if we take into account the need to set the value in HKLM64, like this:

RegDelete("HKLM64\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile", "EnableFirewall")

So on the older hardware, the registry entries in the Wow6432Node are deleted, and on the new, they are not - but it should fail on all of them, I think! I checked with a simple script and the CPU and OS architecture both are showing as X64 (@CPUArch and @OSArch). The newest device is an AMD CPU, the older ones are Intel Xeons.

So the first line should not work at all in any case, but it does? Anyone seen similar?

Share this post


Link to post
Share on other sites



Add arch detection...

Global $keyPath

If @OSArch = "X86" Then
    $keyPath = "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewallPrivateProfile"
ElseIf @OSArch = "X64" Then
    $keyPath = "HKLM64SOFTWAREPoliciesMicrosoftWindowsFirewallPrivateProfile"
EndIf

RegDelete ( $keyPath , "EnableFirewall" )

Share this post


Link to post
Share on other sites

I thought I read somewhere in this forum that HKLM64 will work for x86 as well. I am unable to test this though as I don't have access to an x86 platform at the moment.

Share this post


Link to post
Share on other sites

I thought I read somewhere in this forum that HKLM64 will work for x86 as well. I am unable to test this though as I don't have access to an x86 platform at the moment.

This does work in x86, if that is what you meant:

RegDelete("HKLM64SOFTWAREMyTest")

√-1 2^3 ∑ π, and it was delicious!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0