Test-RegistryValue behaves differently when run in System vs. User Context

//Test-RegistryValue behaves differently when run in System vs. User Context
Test-RegistryValue behaves differently when run in System vs. User Context2016-02-03T20:47:26+00:00

The Toolkit Forums General Test-RegistryValue behaves differently when run in System vs. User Context

  • Author
    Posts
  • Gordo
    Participant
    Post count: 11

    On a computer running 64-bit Windows 7, Service Pack 1, I’m checking for the existence of registry value “test” at key HKCU:\ABC_TEST (created by me for testing purposes).

    Here’s the chunk of code I’m using within the PowerShell App Deploy Toolkit:
    $regkey = (Test-RegistryValue -Key ‘HKCU:ABC_TEST’ -Value ‘test’ )
    If ($regkey) {
    [scriptblock]$HKCURegistrySettings = {
    Show-DialogBox -Title ‘Found regkey’ -Text ‘REGKEY EXISTS’
    }

    When I launch Deploy-Application.exe in the User context, this chunk of code works. Dialog box appears to confirm the value exists, as does the PowerShell log file. But when I run Deploy-Application.exe in the System context, like SCCM does, no dialog, and the log file says the value does not exist, even though it does.

    Is this because of file redirection on a 64-bit system, and if so, how can I fix it so the code works when I’m running it via SCCM?

    Thanks!

  • Aman
    Keymaster
    Post count: 53

    Hi Gordo,
    You’ll want to specify the -SID parameter to access the current user registry.
    specifically use -SID $RunAsActiveUser.SID
    where $RunAsActiveUser is a variable used to store current user settings.

    However, without knowing what you’re trying to accomplish exactly, you may want to consider using the
    Invoke-HKCURegistrySettingsForAllUsers
    Function, as this will allow you to test and make changes to every registry hive on the target system.

  • Gordo
    Participant
    Post count: 11

    Thanks, Aman. That was helpful. I can now detect the registry key/value I’m searching for while running in the System context, as would be the case during an SCCM deployed installation.

    However, I’m now having trouble deleting the registry key for all users.

    Here’s what I’m trying to accomplish:
    Search for a particular registry key and value in the HKCU hive. This key may exist for multiple users of the computer.
    If the key exists, delete its existence in all user hives, not just the current one.

    What I’m experiencing now is that if I run my code in the System context (I’m using psexec to launch a command window in the System context), the registry key is successfully detected, but only deleted for the user who is currently logged in. If I log in as a different user, the registry key still exists.

    Here’s the code I’m testing with:
    # Test that the registry path exists.
    $regkey = (Test-RegistryValue -Key ‘HKCU:\ABC_TEST’ -Value ‘test’ -SID $RunAsActiveUser.SID)

    If ($regkey) {
    Show-DialogBox -Title ‘Found regkey’ -Text ‘REGKEY EXISTS’
    Remove-RegistryKey -Key ‘HKCU:\ABC_TEST’ -Recurse -SID $RunAsActiveUser.SID
    }

You must be logged in to reply to this topic.