Hello there

This is my first post here, so advise me, if something is wrong. :D

I have a problem about scrupts in kace-1000, and I'm sure, it's somewhat simple.

I translated in to english, since it was german, so it may have some translations-errors in it.

What should the Script do:
It should check if some registry is not equal to some string. If this success, I want it afterwards to generate a file where it lists the computer name and computer time into a UNC file. This was because we had some troubles with a registry entry and we wanna check if this is set right, and if not, we can see it under the generated file on the UNC path.
For testing purposes I said, on success, it shall crate a window with a message. If this works, the rest should be failry simple.

Removed names with xxx.

So the script looks as following:

Name: xxx_Check Registry Userinit and generate File
Online-KScript
activated

Configured for: 192.168.15.39 (Test-Client Win 7)
OS: Microsoft Windows

Windows execute as:
logged-in users

Tasks:
Check

•Check, if “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon!Userinit" is not equal “C:\Windows\system32\userinit.exe,".
•Check, if “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon!Shell" ist not equal “explorer.exe".

Success

•Create window with the description“Überprüfung Userinit”, titel “Überprüfung Userinit”, message “Userinit ist nicht auf dem Standard. Test hat funktioniert.” and the Timeout “60” seconds.

But somehow if I run the script, it won't show any window on the target machine.

The log says:
Ausgabeprotokoll
Running as active user: xxx
Checking if registry '"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"' value 'Userinit' is not equal to 'C:\Windows\system32\userinit.exe,' did not succeed: (0)
Checking if registry '"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"' value 'Userinit' is not equal to 'C:\Windows\system32\userinit.exe,' did not succeed: (0)

Aktivitätsprotokoll
verify - registry_value_is_not
Checking if registry '"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"' value 'Userinit' is not equal to 'C:\Windows\system32\userinit.exe,'
verify - on_remediation_success
verify - on_remediation_failure
verify - registry_value_is_not
Checking if registry '"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"' value 'Userinit' is not equal to 'C:\Windows\system32\userinit.exe,'
verify - on_remediation_success
verify - on_remediation_failure

Debug-Protokoll
Running kbot: runkbot 94 1508335720
KBotScript::LogScriptInfo - Start
id=94 name=_PUB Check Registry Userinit and generate File version=1508335720 type=policy
execute disconnected=true logged_off=false
execute events
KBotScript::LogScriptInfo - Finish
KBotScript::LogScriptInfo - Start
id=94 name=_PUB Check Registry Userinit and generate File version=1508335720 type=policy
execute disconnected=true logged_off=false
execute events
KBotScript::LogScriptInfo - Finish

Can someone help me solve this issue?

Thanks in advance

trennety



Answer Summary:
Cancel
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Answer Chosen by the Author

1
i suggest creating a new software item (Inventory, Software, Aktion, new) fill in some stuff for name and so on. Select target OS (windows) and in custom Inventory Filed paste this:
ShellCommandTextReturn(cmd /q /c reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Userinit /reg:64)

You'll notice this "software" is installed (detected as installed) on the computers.

In Computer Details page you'll find a custom inventory rule with the value of userinit

Now go and create a new report. Select fields to display system name and at bottom custom inventory rule userinit value
Run HTML report and you'll have all values of userinit of all your devices. Set Filters in the reports settings page to show devices that have not your desired userinit value only or show all with the faulty userinit value

i created a smart label checking for userinit.exe and dpagent.exe in custom inventory rule #userinit value to get devices that have a wrong value set (mostly after upgrading to windows 10 1703 or 1709, they add userinit.exe wich results in an explorer window is showing up after login)

now i have a script doing this every day at 11:00 (konline, enabled, allow run without logged-in user, run on next connection if offline)
targeted on the smartlabel

every device after upgrading to 1703 or 1709 with wrong userinit values will be corrected now and then falls out of the smart label categories.
Answered 10/23/2017 by: n1md4
Orange Senior Belt

Please log in to comment

Answers

0
Thanks a lot for your answer. It really helped and worked like a charm.

One more question.

On the report filtering tab I want to set a filter which only lists the machines which do not have userinit.exe set.
Contain doesn't work since it could be, that the string is "xxx\userinit.exe,  [random tool name]".
ends with doesn't work either.

How I am supposed to do this?



Thanks in advance

Trennety
Answered 10/24/2017 by: trennety
White Belt

  • did you try does not contain?
    • I did. The problem beeing is, that there are some registry entries which have HKLM\path\to\userinit userinit.exe, [some random path from 3rd party tool].

      This beeing the case, if I select "does not contain" it will filter out the ones with this 3rd party path. but we need them listed.

      I tried is not equals to, does not end with and does not contain.
      Either of them do not work.

      We solved it now by producing two reports, each with it's own definition for our specific paths.

      Thanks a lot for your help. I really appreciated it. :D
Please log in to comment
Answer this question or Comment on this question for clarity