Tripredacus Posted June 5, 2013 Share Posted June 5, 2013 (edited) I ran into an interesting behaviour with one of my scripts on Server 2008 R2. I have 2 programs. After the first program is done, it writes a registry key into RunOnce (it ends up on the Wow6432Node) to run the second program. After rebooting, the second program is run, but one of the things it is supposed to do is delete that key from RunOnce. It does not do this. It does everything else it is programmed to do (FileExists, Run a ComSpec command, show a MsgBox) If I reboot the computer again, the second program runs again (because the key is still populated) Code is simple: RegDelete ("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce", "1") This program is used on all OSes, and this problem does not occur on 64bit Windows 7 or Windows 8. I have not tested Server 2012 yet. There is nothing in either the Application or System event logs. Any idea why this could be happening? Edited June 12, 2013 by Tripredacus Twitter | MSFN | VGCollect Link to comment Share on other sites More sharing options...
Neutro Posted June 5, 2013 Share Posted June 5, 2013 (edited) Hello, When running a 64bit OS, you should use HKEY_LOCAL_MACHINE64 or HKLM64 as first parameter, as specified in the help file: A registry key must start with "HKEY_LOCAL_MACHINE" ("HKLM") or "HKEY_USERS" ("HKU") or "HKEY_CURRENT_USER" ("HKCU") or "HKEY_CLASSES_ROOT" ("HKCR") or "HKEY_CURRENT_CONFIG" ("HKCC").When running on 64-bit Windows if you want to delete a key or value specific to the 64-bit environment you have to suffix the HK... with 64 i.e. HKLM64. Edited June 5, 2013 by Neutro Identify active network connections and change DNS server - Easily export Windows network settings Clean temporary files from Windows users profiles directories - List Active Directory Groups members Export content of an Outlook mailbox to a PST file - File patch manager - IRC chat connect example Thanks again for your help Water! Link to comment Share on other sites More sharing options...
Tripredacus Posted June 6, 2013 Author Share Posted June 6, 2013 (edited) Hello, When running a 64bit OS, you should use HKEY_LOCAL_MACHINE64 or HKLM64 as first parameter, as specified in the help file: The data to delete is in the Wow6432Node. Using HKLM64 specified that the data is to be in the 64bit (natural) location in the registry. If I had specified HKLM64 to delete, the command would complete with no action because the registry key does not exist. Update: I just tested on Server 2012 and it deletes the registry key just fine. So the problem is only on Server 2008 R2... Edited June 6, 2013 by Tripredacus Twitter | MSFN | VGCollect Link to comment Share on other sites More sharing options...
Tripredacus Posted June 12, 2013 Author Share Posted June 12, 2013 Update: After extended tests, the key is never deleted even on reboots. I have modified my original post to reflect this. Twitter | MSFN | VGCollect Link to comment Share on other sites More sharing options...
rudi Posted June 13, 2013 Share Posted June 13, 2013 Hi. Use procmon.exe to check, if the targeted reg value to be deleted is addressed correctly, and, if so, why it's refused to be deleted. use the same script, to *WRITE* some value to the same key of the registry, just to see, if the access is fine. are you using #requireadmin? Is the 2nd script compiled to 64bit or 32bit EXE? Regards, Rudi. Earth is flat, pigs can fly, and Nuclear Power is SAFE! Link to comment Share on other sites More sharing options...
Tripredacus Posted June 13, 2013 Author Share Posted June 13, 2013 I just disabled the ability to run the apps on Server 2008 R2 until I can figure it out. I did run ProcMon yesterday, and it shows a SUCCESS when trying to delete the registry key. Yet I can open regedit and find that the key is still there. I am not using #requireadmin because the scripts run in Audit Mode. The apps are compiled for 32bit. I thought about making a wrapper for 64bit (I had to do something similar for Office 2013) but I had doubts on whether or not it could access that part of the registry. Typically you need a 64bit exe if you are having problems accessing the 64bit registry with the 32bit exe. So far I've got this: RegDelete ("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce", "1") RegDelete ("HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce", "1") Run(@ComSpec & " /c reg delete HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce /v 1 /f") Run(@ComSpec & " /c reg delete HKLM\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce /v 1 /f") First one fails, as expected, because they key does not exist. Second one succeeds, but the key isn't actually deleted. I had hoped that the Reg.exe would have solved the problem, but apparently it hasn't. To make matters worse, running that reg delete command manually from a command prompt DOES work, so I know its just a usage issue. I may try out the 64bit EXE just to see what happens. Twitter | MSFN | VGCollect Link to comment Share on other sites More sharing options...
iamtheky Posted June 13, 2013 Share Posted June 13, 2013 have you have attempted to run it with redirection disabled? DllCall("kernel32.dll", "int", "Wow64DisableWow64FsRedirection", "int", 1) ,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-. |(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/ (_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_) | | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) ( | | | | |)| | \ / | | | | | |)| | `--. | |) \ | | `-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_| '-' '-' (__) (__) (_) (__) Link to comment Share on other sites More sharing options...
Tripredacus Posted June 14, 2013 Author Share Posted June 14, 2013 Again, I want to be clear here that this isn't a problem with redirection. The registry key is not in the 64bit registry. But either way, I can't make a change to the OS in that way, its not allowed. I had an idea yesterday of launching a .cmd file and see if that works. Haven't had the chance to test it yet. Twitter | MSFN | VGCollect Link to comment Share on other sites More sharing options...
iamtheky Posted June 14, 2013 Share Posted June 14, 2013 (edited) I can't make a change to the OS in that way, its not allowed. Its only for the duration of the script... your other changes are permanent. and I'll paypal MSFN a dollar if it doesnt work -iamtheky *and this statement is suspect at best Typically you need a 64bit exe if you are having problems accessing the 64bit registry with the 32bit exe Edited June 14, 2013 by boththose ,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-. |(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/ (_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_) | | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) ( | | | | |)| | \ / | | | | | |)| | `--. | |) \ | | `-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_| '-' '-' (__) (__) (_) (__) Link to comment Share on other sites More sharing options...
Tripredacus Posted June 18, 2013 Author Share Posted June 18, 2013 I have confirmed this to be a problem with the OS and not how I'm going about trying to delete the key. If I go into Regedit and manually change the key to something else, and then reboot, the key is reverted to what it was before I changed it. I will take this topic to TechNet now instead. Twitter | MSFN | VGCollect Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now