Edit Registry Key on windows 8 with reg command via Script
Hi Guys,
Im new to kace so Im trying out KACE vK1000 as a POC in my environment. I have been trying to update windows 8 client registry key with reg command. Although the status of the command returns successful it does not really update the value. Hope any of you could advise me on this.
I tried the command locally on the client and it works fine as shown below.
Following is how I put the same command to the KACE
After testing with cmd /k option it seems cmd opend by KACE agent have rights issue because when I paste same command that runs on local cmd prompt with out any problem gave an error can not find value.
The top window was opened by KACE script. bottom one I opened for test
0 Comments
[ + ] Show comments
Answers (4)
Please log in to answer
Posted by:
SMal.tmcc
9 years ago
If this is a 64 bit machine you need to use hklm64.
Comments:
-
I dont see any related keys under hklm64, as I posted on the screens it works fine with local command. - Blackhat 9 years ago
Posted by:
BHC-Austin
9 years ago
Most command line utilities aren't able to run directly like that. You have to call the command line first. In other words, your file will be cmd.exe and your parameters would be /c reg add "hklm\software\javasoft\java runtime environment\1.7.0_79\MSI" /v JAVAUPDATE /d "0" /f
Or it could just be that you forgot the /V in front of JAVAUPDATE, at least according to your screenshot.
Comments:
-
Doesn't REG represent REG.EXE rather than a cmd option? Command line utilities will invoke cmd.exe if they need to. I would also recommend trying the EXACT same command you are entering into KACE from the command line, as in the KACE situation you are fuily pathing reg.exe whereas in the command window you are not fully pathing reg.exe. Since you have not specified 32 bit or 64 bit environments and there are some utilities that exist in both 32 bit and 64 bit formats, you need to be absolutely specific in your testing at all times. - EdT 9 years ago
-
Generally that is true, but in the past, I have seen scripts like this not work. Some quirk with the way runkbot invokes the command I suppose. It may even be working correctly in the latest agent, but because of past experiences, I just got into a habit of using cmd.exe instead of the direct exe for a command line util. I suggest he make sure his parameters are correct on the K-Script first (i.e. he had just /JAVAUPDATE instead of /v JAVAUPDATE) and if that still doesn't work, switch to the cmd.exe method. - BHC-Austin 9 years ago
-
I tried it with cmd /c option but result is the same. it will not update the key. but in both cases I see cmd window pop up so it really invokes the cmd and reg commands. - Blackhat 9 years ago
-
Thanks all!,
I did some test and find out that it could be the run as account KACE agent uses causing the issue. Instead of using cmd /c I use /k option so the window will not close after execution. the error shown was unable to find the key. But when I copy exact command local cmd prompt it works perfect.
and same command when I past on the cmd window open by script it gave me same error. Any insights or comments? - Blackhat 9 years ago-
I have updated the new screens - Blackhat 9 years ago
Posted by:
SMal.tmcc
9 years ago
run the script as administrator and see what happens
Comments:
-
As shown in the last screen shot it works fine with admin account. Is there any way to configure kace to use other account than system to run script? - Blackhat 9 years ago