ModemJunki Posted July 18, 2012 Share Posted July 18, 2012 I am really stumped and want to know if anyone reading has encountered this. I have a script that works on multiple hardware (part of a PE deployment). It deletes a couple of registry keys dealing with local group policies. If we don't delete the key, the firewall is enabled for all adapters. We have some adapters for which we must not have the Windows 7 advanced firewall enabled (localized high-speed links), so we need the GPO to be "not configured". This way we can turn the firewall on and exclude the adapters from the firewall by populating their GUIDs in the appropriate key. For whatever reason the engineer who originally wrote the script used a registry hack (key delete) instead of scripting netsh advfirewall to accomplish the same result. I have to understand the root cause of the problem before I can proceed with changes (most likely to use netsh in the proper manner). The script has line: RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile", "EnableFirewall") This works on two older hardwares, but on a newer system it fails. The newer system only works if we take into account the need to set the value in HKLM64, like this: RegDelete("HKLM64\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile", "EnableFirewall") So on the older hardware, the registry entries in the Wow6432Node are deleted, and on the new, they are not - but it should fail on all of them, I think! I checked with a simple script and the CPU and OS architecture both are showing as X64 (@CPUArch and @OSArch). The newest device is an AMD CPU, the older ones are Intel Xeons. So the first line should not work at all in any case, but it does? Anyone seen similar? Always carry a towel. Link to comment Share on other sites More sharing options...
Tripredacus Posted July 19, 2012 Share Posted July 19, 2012 Add arch detection... Global $keyPath If @OSArch = "X86" Then $keyPath = "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewallPrivateProfile" ElseIf @OSArch = "X64" Then $keyPath = "HKLM64SOFTWAREPoliciesMicrosoftWindowsFirewallPrivateProfile" EndIf RegDelete ( $keyPath , "EnableFirewall" ) Twitter | MSFN | VGCollect Link to comment Share on other sites More sharing options...
spudw2k Posted July 19, 2012 Share Posted July 19, 2012 I thought I read somewhere in this forum that HKLM64 will work for x86 as well. I am unable to test this though as I don't have access to an x86 platform at the moment. Spoiler Things I've Made: Always On Top Tool ◊ AU History ◊ Deck of Cards ◊ HideIt ◊ ICU ◊ Icon Freezer ◊ Ipod Ejector ◊ Junos Configuration Explorer ◊ Link Downloader ◊ MD5 Folder Enumerator ◊ PassGen ◊ Ping Tool ◊ Quick NIC ◊ Read OCR ◊ RemoteIT ◊ SchTasksGui ◊ SpyCam ◊ System Scan Report Tool ◊ System UpTime ◊ Transparency Machine ◊ VMWare ESX BuilderMisc Code Snippets: ADODB Example ◊ CheckHover ◊ Detect SafeMode ◊ DynEnumArray ◊ GetNetStatData ◊ HashArray ◊ IsBetweenDates ◊ Local Admins ◊ Make Choice ◊ Recursive File List ◊ Remove Sizebox Style ◊ Retrieve PNPDeviceID ◊ Retreive SysListView32 Contents ◊ Set IE Homepage ◊ Tickle Expired Password ◊ Transpose ArrayProjects: Drive Space Usage GUI ◊ LEDkIT ◊ Plasma_kIt ◊ Scan Engine Builder ◊ SpeeDBurner ◊ SubnetCalcCool Stuff: AutoItObject UDF ◊ Extract Icon From Proc ◊ GuiCtrlFontRotate ◊ Hex Edit Funcs ◊ Run binary ◊ Service_UDF Link to comment Share on other sites More sharing options...
Moderators JLogan3o13 Posted July 19, 2012 Moderators Share Posted July 19, 2012 I thought I read somewhere in this forum that HKLM64 will work for x86 as well. I am unable to test this though as I don't have access to an x86 platform at the moment. This does work in x86, if that is what you meant: RegDelete("HKLM64SOFTWAREMyTest") "Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball How to get your question answered on this forum! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now