Sign in to follow this  
Followers 0
migo79

Search and Delete regsitry Keys and value(some urgent help)

5 posts in this topic

Hi All,

due to some bad GPOs we ended up with many machines unable to install any windows updates on.

after long troubleshooting I find out that this was due to bad corrupted updates KB982018 and KB 2529073.

To fix this problem i have to search through

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing

and delete the following:

1-Any key if any of the KBs article exist in the name of the Key.

2-Any value that contain any of these KBs, but will leave the parent key intact as it contain other updates.

3-If the data in the value contains any of the KBs, delete the value (not the parent key)

the challenge that the search should be with wildcard as the keys and values contain longer name, but always contain the KB numbers above.

Example for Key name:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB982018~31bf3856ad364e35~x86~~6.1.3.2

this process takes around 45 minutes of "bloody search and delete manually" per each PC and more than 300 is affected so you can imagine the sitiuation.

i really appreciate if anyone have a script that can do this handy.

thanks so much in advance.

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

This one surely can be improved, but ich recurses the registry from a given Key on:

$s_start = "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionDIFx"
$s_search = "usb"
_RegEnumRec($s_start)

Func _RegEnumRec($key)
    If StringInStr($key, $s_search) Then 
        ConsoleWrite($key & @CRLF)
    Else
        _getRegVal($key, $s_search)
    EndIf
    Local $i = 1
    Local $rkey = ""
    While 1
        $rkey = RegEnumKey($key, $i)
        If @error <> 0 Then ExitLoop
        $i += 1
        _RegEnumRec($key & "" & $rkey)
    WEnd
EndFunc

Func _getRegVal($key, $search)
    Local $i = 1
    Local $rValue
    Local $iFound
    While 1
        $rValue = RegEnumVal($key, $i)
        If @error <> 0 Then ExitLoop
        $i += 1
        If StringInStr(RegRead($key, $rValue), $search, 0) Then
            ConsoleWrite($key & @TAB & $rValue & @TAB & RegRead($key, $rValue) & @CRLF)
        EndIf
    WEnd
EndFunc

Edit1: You can change the "ConsoleWrite()" function with some usefull code or another function call, anyway you want. :)

Edit2: Added function to search for a Value

Edited by hannes08

Regards,Hannes[spoiler]If you can't convince them, confuse them![/spoiler]

Share this post


Link to post
Share on other sites

This could do:

Global $KB = "KB982018"

$i = 1
While 1
Local $var = RegEnumKey("HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionComponent Based Servicing", $i)
$i = $i +1
If @error <> 0 Then
ExitLoop
else
If NOT StringInStr($var, $KB) then
While 1
$x = 1
$var1 = RegEnumVal("HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionComponent Based Servicing" & $var, $x)
If @error <> 0 then exitloop
$x = $x + 1
If StringInStr($var1, $KB) then
RegDelete("HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionComponent Based Servicing" & $var, $var1)
EndIf
WEnd
else
RegDelete("HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionComponent Based Servicing" & $var)
EndIf
EndIf
WEnd

----------------------------------------

:bye: Hey there, was I helpful?

----------------------------------------

My Current OS: Win8 PRO (64-bit); Current AutoIt Version: v3.3.8.1

Share this post


Link to post
Share on other sites

thnx Hannes08 and Mkish

I tried that code by MKISH but unfortunately it hasen't delete anything, still keys adn values are intact.

thnx so much again for helping.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0