You are not logged in. [Log In] KiXtart.org website » Forums » KiXtart » Advanced Scripting » Windows Security Stoping WRITEVALUE
Register User       Forum List       Calendar       FAQ
Page 1 of 1 1
Topic Options
#207719 - 2013-09-11 01:22 PM Windows Security Stoping WRITEVALUE
MACE Offline
Starting to like KiXtart

Registered: 2004-09-07
Posts: 150
Loc: Manchester UK
Folks, I have just discovered a major issue.
While preparing a scriptlet for adjusting by login script the backup destinations for windows backups, I found WKIX32 can't write to any location outside of HKEY_CURRENT_USER.
I Always run as administrator, KIX returns @error=0 yet the values are not written.
I considered it may be an anti virus issue so tried the same script on a Windows 7 x64 machine with no AV installed. Same results.
OK back to basics, I scripted my version of WRITEVALUE as a Function for the creation of a .reg file and then shell "regedit /s MYFILE.reg", it runs but ALSO does not update the registry.
The ONLY way I can actually apply the values is to manually run the .reg file !

As you will appreciate, this has far reaching consequences so I am asking the community to do their own tests and report back their findings.

For your assistance I enclose my script, you need only adjust the destination !
 Code:
;Login.ini
;[BACKUP]
;W7BACKUP="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsBackup"
;TARGETPN="\\10.10.11.11\Download\"
;TARGETUN="\\?\UNC\10.10.11.11\Download\"
;EXCLUDED="\Pagefile.sys|\hiberfil.sys|%TEMP%\* /s|%Systemroot%\temp\* /s|*.ost|*.iso"


;Windows Backup Settings
$=SETOPTION("Explicit","ON")
$=SETOPTION("WrapAtEOL","ON")
$=SETOPTION("NoVarsInStrings","ON")
$=SETOPTION("NoMacrosInStrings","ON")
dim $A,$H,$N,$T,$X,$EXC,$SCRPT

;Restrict to target machines
If InStr(@PRODUCTTYPE,'Windows 6.1') or InStr(@PRODUCTTYPE,"Windows 7") and not instr(@WKSTA,'-VDI')
 $SCRPT=EXPANDENVIRONMENTVARS("%SCRIPTS%")
 $A=READPROFILESTRING($SCRPT+'\SCRIPTS\Logon.ini',"BACKUP","W7BACKUP")
;$A="HKEY_CURRENT_USER\TEST"
 $N=READPROFILESTRING($SCRPT+'\SCRIPTS\Logon.ini',"BACKUP","TARGETPN")+ucase(@WKSTA)+'\'+@year+right("0"+@MONTHNO,2)+'\'
 $X=READPROFILESTRING($SCRPT+'\SCRIPTS\Logon.ini',"BACKUP","TARGETUN")+ucase(@WKSTA)+'\'+@year+right("0"+@MONTHNO,2)+'\'
 If VARTYPE($A)<2 or VARTYPE($N)<2 or VARTYPE($X)<2 exit EndIf
 If Not Exist($N) MD $N EndIf
 If Exist($N)
  $T=EXPANDENVIRONMENTVARS("%USERPROFILE%")+'\Desktop\'+@ticks+'.reg'
  ;Start Master REG file
  If open(1,$T,5)=0
   $=writeline(1,"Windows Registry Editor Version 5.00"+@crlf+@crlf)
   ;Include Excluded files if set
   $EXC=join(split(trim(READPROFILESTRING($SCRPT+'\SCRIPTS\Logon.ini',"BACKUP","EXCLUDED")),'|'),Chr(124))

   ;Standard Method does not work outside of HKEY_CURRENT_USER
   ;If VARTYPE($EXC)>1
   ; $=WRITEVALUE($A, "FilesNotToBackup2", $EXC, "REG_MULTI_SZ")
   ; ? '['+@error+"] "+@serror ; Always shows 0 = OK
   ;EndIF

   ;Using Reg File
   $H=WriteReg($A,"FilesNotToBackup",$EXC,"REG_MULTI_SZ")
   If $H<>'' $=writeline(1,$H+@crlf) EndIf
   ;Scheduled destination for backups
   $H=WriteReg($A+"\ScheduleParams\TargetDevice","PresentableName",$N,"REG_SZ")
   If $H<>'' $=writeline(1,$H+@crlf) EndIf
   $H=WriteReg($A+"\ScheduleParams\TargetDevice","UniqueName",$X,"REG_SZ")
   If $H<>'' $=writeline(1,$H+@crlf) EndIf
   $=close(1)
   ;Add to Registry
   ;shell 'notepad "'+$T+'"'
   ;shell 'regedit /s"'+$T+'"'  ; Does not work even runas 'As Administrator'
   ;del $T /c   ; Have to manually RUN the reg file for it to work !
  Endif
 EndIf
EndIf

Function WriteReg($SUBKEY,$ENTRY,$EXPRESSION,$TYPE)
Dim $E,$H,$I,$L,$S,$X
 $S="["+$SUBKEY+"]"+@crlf
 Select
 Case $TYPE="REG_MULTI_SZ"
  $X=split(trim($EXPRESSION),Chr(124))
  For each $E in $X
   $E=trim($E)
   If $E<>''
    $L=''
    For $I=1 to len($E)
     $L=$L+dectohex(asc(substr($E,$I,1)))+',00,'
    Next
    $H=$H+$L+'00,00,'
   EndIf
  Next
  $H='"'+$Entry+'"=hex(7):'+left($H,-1)+@crlf
  $WriteReg=$S+$H
 Case $TYPE="REG_SZ"
  $WriteReg=$S+'"'+$Entry+'"="'+join(split($EXPRESSION,'\'),'\\')+'"'+@crlf
 Case $TYPE="REG_EXPAND_SZ"
  ;TBA Looking for examples in registry to study
 Case $TYPE="REG_BINARY"
  ;TBA Looking for examples in registry to study
 Case $TYPE="REG_DWORD"
  ;TBA Looking for examples in registry to study
 Case $TYPE="REG_DWORD_LITTLE_ENDIAN"
  ;TBA Looking for examples in registry to study
 Case $TYPE="REG_DWORD_BIG_ENDIAN"
  ;TBA Looking for examples in registry to study
 Case $TYPE="REG_LINK"
  ;TBA Looking for examples in registry to study
 EndSelect
 Return $WriteReg
EndFunction

Top
#207720 - 2013-09-11 02:15 PM Re: Windows Security Stoping WRITEVALUE [Re: MACE]
Glenn Barnas Administrator Offline
KiX Supporter
*****

Registered: 2003-01-28
Posts: 4401
Loc: New Jersey
If this is a x64 platform, are you setting the correct SetOption values to write to the "real" and not the "redirected" reg paths?

Glenn
_________________________
Actually I am a Rocket Scientist! \:D

Top
#207721 - 2013-09-11 02:50 PM Re: Windows Security Stoping WRITEVALUE [Re: Glenn Barnas]
MACE Offline
Starting to like KiXtart

Registered: 2004-09-07
Posts: 150
Loc: Manchester UK
Before I resorted to generating a REG file I tried various combinations of:
Wow64FileRedirection and WOW64AlternateRegView.
This would not however stop 'regedit /s' from working !
Top
#207750 - 2013-09-17 07:41 AM Re: Windows Security Stoping WRITEVALUE [Re: MACE]
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11627
Loc: CA
Let me ask 2 obvious questions.

1. Does KIX32.EXE work
2. Are you running from an elevated Admin console when this is run ?
Top
#207756 - 2013-09-17 02:18 PM Re: Windows Security Stoping WRITEVALUE [Re: NTDOC]
MACE Offline
Starting to like KiXtart

Registered: 2004-09-07
Posts: 150
Loc: Manchester UK
Using the following code as the test:
 Code:
;Windows Backup Settings
$=SETOPTION("Explicit","ON")
$=SETOPTION("WrapAtEOL","ON")
$=SETOPTION("NoVarsInStrings","ON")
$=SETOPTION("NoMacrosInStrings","ON")
dim $A,$H,$N,$T,$X,$EXC

;Restrict to target machines
If InStr(@PRODUCTTYPE,'Windows 6.1') or InStr(@PRODUCTTYPE,"Windows 7") and not instr(@WKSTA,'-VDI')
 $A="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsBackup"
;$A="HKEY_CURRENT_USER\TEST"
 ;Include Excluded files setting if set
 $EXC=join(split(trim("\Pagefile.sys|\hiberfil.sys|%TEMP%\* /s|%Systemroot%\temp\* /s|*.ost|*.iso"),'|'),Chr(124))
 If$EXC<>''
    $=WRITEVALUE($A, "FilesNotToBackup2", $EXC, "REG_MULTI_SZ")
    ? '['+@error+"] "+@serror ; Always shows 0 = OK
    sleep 5
  EndIF
EndIf


We only use wkix32 but for this test I used kix32.
Run this script normally and you get [5] Access is Denied but Run as Administrator = [0]
However the registry is not updated and the value is not added.
Include $=SETOPTION("Wow64FileRedirection","OFF") in the code gives same result.
Include also $=SETOPTION("WOW64AlternateRegView","ON") and once regedit is manually refreshed it worked! :-)
Closing/Refreshing RegEdit helped; My previous mistake because when applying using a .reg file regedit auto refreshes but not with kix..
shell 'regedit /s "Test.reg" ; Does not work even when kix32 is run 'As Administrator'
Manually run a .reg file and answer prompts, works.
Repeated above with wkix32.exe and got same result.
Did same shell from VBscript and using CMD REG tools but got the same results.
DAMN annoying as has been working until recently.
Now I am stuck because I can now write SOME values with KIX but not all as no QWORD
And can't run .reg file reliably in an elevated shell.

I will persevere, if no one can re-produce then I must be missing something. Updated the AV over the weekend which may have helped.

Edited by MACE (2013-09-17 02:19 PM)
Top
#207759 - 2013-09-17 06:39 PM Re: Windows Security Stoping WRITEVALUE [Re: MACE]
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
you admitted that you did not refresh regedit. so it does work just fine. there just was a hick up in the verification process ;\)
_________________________
!

download KiXnet

Top
#207775 - 2013-09-18 04:51 PM Re: Windows Security Stoping WRITEVALUE [Re: Lonkero]
MACE Offline
Starting to like KiXtart

Registered: 2004-09-07
Posts: 150
Loc: Manchester UK
Indeed, Always own up to the mistakes, but still had me seriously worried...
Only wish I could get previously well behaved systems back up !
Top
Page 1 of 1 1


Moderator:  Glenn Barnas, NTDOC, Arend_, Jochen, Radimus, Allen, ShaneEP, Ruud van Velsen, Mart 
Hop to:
Shout Box

Who's Online
0 registered and 793 anonymous users online.
details
Newest Members
M_Moore, BeeEm, min_seow, Audio, Hoschi
17883 Registered Users
My Cookies · Mark all read Powered by UBB.threads™ Contact Us · KiXtart.org website · Top

Generated in 0.059 seconds in which 0.027 seconds were spent on a total of 13 queries. Zlib compression enabled.
Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org