ViciousXUSMC Posted August 26, 2014 Posted August 26, 2014 This error comes up time to time, I know how to fix it manually but would like to write a script I can give to other techs to automate it. The basic concept would be needing to search the registry to see if any keys under HKLMSOFTWAREMicrosoftWindows NTCurrentVersionProfileList have the .bak extension if they do then we need to capture the name of that key without the .bak extension. From there it should be easy to do a rename (or delete) to delete the bad key that does not have the .bak extension as its the default profile Then rename the one with .bak back to its original form. Probably after that a msgbox asking to reboot. Since I only know of RegRead & RegWrite not a rename, looks like something like this could be used: '?do=embed' frameborder='0' data-embedContent>> I Also need a way to list all the keys and find a way to determine if they have the .bak extension I think I can use this: '?do=embed' frameborder='0' data-embedContent>> So really I think I just need help with the first part, finding a smart way to determine if any .bak keys exist Then moving those values forward to complete the rest of my steps. Anybody not familiar with the issue and the steps I am trying to emulate here is a guide: http://www.landviser.net/content/how-fix-windows-7-loads-default-instead-user-modified-profile-wiping-all-settings-files
Moderators JLogan3o13 Posted August 26, 2014 Moderators Posted August 26, 2014 Something like this? Taken almost word for word from the help file for RegEnumKey: $sPath = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" For $i = 1 To 20 $sub = RegEnumKey($sPath, $i) If @error Then ExitLoop If StringInStr($sub, ".bak") Then ConsoleWrite($sub & " found") Next "Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball How to get your question answered on this forum!
tlman12 Posted August 26, 2014 Posted August 26, 2014 you can use powershell to rename the registry with a built in cmdlet Rename-Item 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\[key to be renamed]' '[new name of key]' just do a shellexecute or a run powershell.exe Rename-Item 'HKLM:SOFTWAREMicrosoftWindows NTCurrentVersionProfileList[key to be renamed]' '[new name of key]' obviously must be run as administrator.
ViciousXUSMC Posted August 26, 2014 Author Posted August 26, 2014 I'll toy around with it and see where I can go from there. Post back after I have had time to test.
ViciousXUSMC Posted August 26, 2014 Author Posted August 26, 2014 (edited) So ar little progress. ShellExecute does not work with powershell for me. The Loop for RegEnumKey works pretty well. I tied that into the powershell cmd to try and rename the key. Code so far: #RequireAdmin $sPath = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" For $i = 1 To 20 $sub = RegEnumKey($sPath, $i) If @error Then ExitLoop If StringInStr($sub, ".bak") Then ShellExecute('powershell.exe Rename-Item ' & '"HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\' & $sub & '"' & ' -NewName ' & '"' & $sub & '.old"') Else EndIf Next The issue I have is that I can get the rename to work from powershell directly and even though this looks like it should be parsing correctly to the powershell cmd window it does not seem to work. This would not be the final solution anyways just a first step as I actually need to rename the .bak key to remove the .bak extension and rename the key without .bak to the .old (or delete) so I need to take the results from the loop and strip off the .bak and from there I can easily carry onward. Edit: added -NoExit and can see that I must be getting a quotes error even though my output looks good from a AutoIt output inside PowerShell I am getting "A positional parameter cannot be found that accepts argument 'NTCurrentVersion...' so its not picking up the double quotes to encapsulate the empty space in the key. Edited August 26, 2014 by ViciousXUSMC
Moderators Solution JLogan3o13 Posted August 26, 2014 Moderators Solution Posted August 26, 2014 I'm not sure what it would do to the profile, but you can always do a copy and then delete the .bak key: $sPath = "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" For $i = 1 To 20 $sub = RegEnumKey($sPath, $i) If @error Then ExitLoop If StringInStr($sub, ".bak") Then ConsoleWrite($sPath & "\" & $sub & @CRLF) Run(@ComSpec & ' /k REG COPY "' & $sPath & '\' & $sub & '" "' & $sPath & '\' & StringTrimRight($sub, 4) & '" /s') EndIf Next "Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball How to get your question answered on this forum!
ViciousXUSMC Posted August 26, 2014 Author Posted August 26, 2014 (edited) I'm not sure what it would do to the profile, but you can always do a copy and then delete the .bak key: $sPath = "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" For $i = 1 To 20 $sub = RegEnumKey($sPath, $i) If @error Then ExitLoop If StringInStr($sub, ".bak") Then ConsoleWrite($sPath & "\" & $sub & @CRLF) Run(@ComSpec & ' /k REG COPY "' & $sPath & '\' & $sub & '" "' & $sPath & '\' & StringTrimRight($sub, 4) & '" /s') EndIf Next Good Idea Using that I was able to complete the rest with working code. The saving snippet was the StringTrimRight I didn't know there was an easy way to get the "core" key value like that. #RequireAdmin $sPath = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" RunWait(@ComSpec & ' /c REG EXPORT "' & $sPath & '" C:\BeforeProfileFix.reg') For $i = 1 To 40 $sub = RegEnumKey($sPath, $i) If @error Then ExitLoop If StringInStr($sub, ".bak") Then RunWait(@ComSpec & ' /c REG DELETE "' & $sPath & '\' & StringTrimRight($sub, 4) & '" /f') Sleep(200) RunWait(@ComSpec & ' /c REG COPY "' & $sPath & '\' & $sub & '" "' & $sPath & '\' & StringTrimRight($sub, 4) & '" /s') Sleep(200) RunWait(@ComSpec & ' /c REG DELETE "' & $sPath & '\' & $sub & '" /f') Else EndIf Next MsgBox(0, "Black Magic Automation", "Profile Fix has been implimented" & @CRLF & @CRLF & "A copy of the registry is saved to C: if you need to restore old settings" & @CRLF & "Please reboot the machine to have changes take effect") $Reboot = MsgBox(4, "Black Magic Automation", "Reboot Now?") If $Reboot = 6 Then Shutdown(6) Edited August 26, 2014 by ViciousXUSMC
tlman12 Posted August 26, 2014 Posted August 26, 2014 I know you figured this out but the reason powershell didn't work was you had your quotes wrong, in powershell ' and " have different meanings they aren't interchangeable like in autoit, also in shellexecute you need to specify an application and parameters, sometimes it doesn't like being fed a single string. so your ShellExecute('powershell.exe Rename-Item ' & '"HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\' & $sub & '"' & ' -NewName ' & '"' & $sub & '.old"') should look like ShellExecute("powershell.exe","Rename-Item 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\" & $sub & "'" & " -NewName " & "'" & $sub & ".old'") in theory the double quote should have worked but the difference is single quote denotes a string only and double quote says that the string should be parsed for a nested variable. in the grand scheme of things for this it may not make much of a difference between a reg command and a Rename-Item cmdlet but if you had larger keys structures to rename powershell would be the faster solution. also in the future Micro$oft will probably start phasing out those legacy commands
ViciousXUSMC Posted August 26, 2014 Author Posted August 26, 2014 Good to know, I knew it had to be something like that.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now