Jump to content
Sign in to follow this  
ViciousXUSMC

Script to fix Win 7 Default Profile Problem

Recommended Posts

ViciousXUSMC

This error comes up time to time, I know how to fix it manually but would like to write a script I can give to other techs to automate it.

The basic concept would be needing to search the registry to see if any keys under

 HKLMSOFTWAREMicrosoftWindows NTCurrentVersionProfileList

have the .bak extension if they do then we need to capture the name of that key without the .bak extension.

From there it should be easy to do a rename (or delete) to delete the bad key that does not have the .bak extension as its the default profile

Then rename the one with .bak back to its original form.

Probably after that a msgbox asking to reboot.

Since I only know of RegRead & RegWrite not a rename, looks like something like this could be used: '?do=embed' frameborder='0' data-embedContent>>

I Also need a way to list all the keys and find a way to determine if they have the .bak extension I think I can use this: '?do=embed' frameborder='0' data-embedContent>>

So really I think I just need  help with the first part, finding a smart way to determine if any .bak keys exist 

Then moving those values forward to complete the rest of my steps.

Anybody not familiar with the issue and the steps I am trying to emulate here is a guide: 

http://www.landviser.net/content/how-fix-windows-7-loads-default-instead-user-modified-profile-wiping-all-settings-files

Share this post


Link to post
Share on other sites
JLogan3o13

Something like this? Taken almost word for word from the help file for RegEnumKey:

$sPath = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList"

For $i = 1 To 20
    $sub = RegEnumKey($sPath, $i)
        If @error Then ExitLoop
        If StringInStr($sub, ".bak") Then ConsoleWrite($sub & " found")
Next

√-1 2^3 ∑ π, and it was delicious!

Share this post


Link to post
Share on other sites
tlman12

you can use powershell to rename the registry with a built in cmdlet

Rename-Item 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\[key to be renamed]' '[new name of key]'

just do a shellexecute or a run powershell.exe Rename-Item 'HKLM:SOFTWAREMicrosoftWindows NTCurrentVersionProfileList[key to be renamed]' '[new name of key]'

obviously must be run as administrator. 

Share this post


Link to post
Share on other sites
ViciousXUSMC

I'll toy around with it and see where I can go from there.

Post back after I have had time to test. 

Share this post


Link to post
Share on other sites
ViciousXUSMC

So ar little progress.

ShellExecute does not work with powershell for me.

The Loop for RegEnumKey works pretty well.

I tied that into the powershell cmd to try and rename the key.

Code so far: 

#RequireAdmin
$sPath = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList"



For $i = 1 To 20

    $sub = RegEnumKey($sPath, $i)

        If @error Then ExitLoop

        If StringInStr($sub, ".bak") Then
            ShellExecute('powershell.exe Rename-Item ' & '"HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\' & $sub & '"' & ' -NewName ' & '"' & $sub & '.old"')
        Else
            EndIf


Next

The issue I have is that I can get the rename to work from powershell directly and even though this looks like it should be parsing correctly to the powershell cmd window it does not seem to work.

This would not be the final solution anyways just a first step as I actually need to rename the .bak key to remove the .bak extension and rename the key without .bak to the .old (or delete) so I need to take the results from the loop and strip off the .bak and from there I can easily carry onward. 

Edit:  added -NoExit and can see that I must be getting a quotes error even though my output looks good from a AutoIt output inside PowerShell I am getting "A positional parameter cannot be found that accepts argument 'NTCurrentVersion...' so its not picking up the double quotes to encapsulate the empty space in the key.

Edited by ViciousXUSMC

Share this post


Link to post
Share on other sites
JLogan3o13

I'm not sure what it would do to the profile, but you can always do a copy and then delete the .bak key:

$sPath = "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList"

For $i = 1 To 20
    $sub = RegEnumKey($sPath, $i)
        If @error Then ExitLoop

    If StringInStr($sub, ".bak") Then
        ConsoleWrite($sPath & "\" & $sub & @CRLF)
        Run(@ComSpec & ' /k REG COPY  "' & $sPath & '\' & $sub & '" "' & $sPath & '\' & StringTrimRight($sub, 4) & '" /s')
    EndIf
Next

√-1 2^3 ∑ π, and it was delicious!

Share this post


Link to post
Share on other sites
ViciousXUSMC

 

I'm not sure what it would do to the profile, but you can always do a copy and then delete the .bak key:

$sPath = "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList"

For $i = 1 To 20
    $sub = RegEnumKey($sPath, $i)
        If @error Then ExitLoop

    If StringInStr($sub, ".bak") Then
        ConsoleWrite($sPath & "\" & $sub & @CRLF)
        Run(@ComSpec & ' /k REG COPY  "' & $sPath & '\' & $sub & '" "' & $sPath & '\' & StringTrimRight($sub, 4) & '" /s')
    EndIf
Next

 

Good Idea :)  Using that I was able to complete the rest with working code.

The saving snippet was the StringTrimRight I didn't know there was an easy way to get the "core" key value like that.

#RequireAdmin
$sPath = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList"


RunWait(@ComSpec & ' /c REG EXPORT "' & $sPath & '" C:\BeforeProfileFix.reg')

For $i = 1 To 40

    $sub = RegEnumKey($sPath, $i)

        If @error Then ExitLoop

        If StringInStr($sub, ".bak") Then
            RunWait(@ComSpec & ' /c REG DELETE "' & $sPath & '\' & StringTrimRight($sub, 4) & '" /f')
            Sleep(200)
            RunWait(@ComSpec & ' /c REG COPY  "' & $sPath & '\' & $sub & '" "' & $sPath & '\' & StringTrimRight($sub, 4) & '" /s')
            Sleep(200)
            RunWait(@ComSpec & ' /c REG DELETE "' & $sPath & '\' & $sub & '" /f')
        Else
            EndIf


Next

MsgBox(0, "Black Magic Automation", "Profile Fix has been implimented" & @CRLF & @CRLF & "A copy of the registry is saved to C: if you need to restore old settings" & @CRLF & "Please reboot the machine to have changes take effect")
$Reboot = MsgBox(4, "Black Magic Automation", "Reboot Now?")
If $Reboot = 6 Then Shutdown(6)
Edited by ViciousXUSMC

Share this post


Link to post
Share on other sites
tlman12

I know you figured this out but the reason powershell didn't work was you had your quotes wrong, in powershell ' and " have different meanings they aren't interchangeable like in autoit, also in shellexecute you need to specify an application and parameters, sometimes it doesn't like being fed a single string. 

so your 

ShellExecute('powershell.exe Rename-Item ' & '"HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\' & $sub & '"' & ' -NewName ' & '"' & $sub & '.old"')

should look like 

ShellExecute("powershell.exe","Rename-Item 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\" & $sub & "'" & " -NewName " & "'" & $sub & ".old'")

in theory the double quote should have worked but the difference is single quote denotes a string only and double quote says that the string should be parsed for a nested variable. 

in the grand scheme of things for this it may not make much of a difference between a reg command and a Rename-Item cmdlet but if you had larger keys structures to rename powershell would be the faster solution. also in the future Micro$oft will probably start phasing out those legacy commands 

Share this post


Link to post
Share on other sites
ViciousXUSMC

Good to know, I knew it had to be something like that.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×