UNDO items from Active Setup
Good afternoon,
I have created a package that installs a series of registry entries related to the settings in IE for secured sites. Each of these entries is in the CurrentUser component of my package and is called by a repair of the MSI via Active Setup.
When the package is removed from the end users computer, the sites (registry entries) are still within HKCU for each user profile. What is a clean way to remove items such as these that are originally published via Active Setup?
My thoughts were leading me to a VBS that would remain on the device during remove. The script can enumerate the profiles and load the registry using REG LOAD. I can remove the registry entries and save the registry. It seems that there must be an easier / cleaner way to do these type of operations. What if I had to place files in the user profile? I did some searching pn Active Setup and was very disappointed at how little is out there for this.
Ideas?
Jimm
I have created a package that installs a series of registry entries related to the settings in IE for secured sites. Each of these entries is in the CurrentUser component of my package and is called by a repair of the MSI via Active Setup.
When the package is removed from the end users computer, the sites (registry entries) are still within HKCU for each user profile. What is a clean way to remove items such as these that are originally published via Active Setup?
My thoughts were leading me to a VBS that would remain on the device during remove. The script can enumerate the profiles and load the registry using REG LOAD. I can remove the registry entries and save the registry. It seems that there must be an easier / cleaner way to do these type of operations. What if I had to place files in the user profile? I did some searching pn Active Setup and was very disappointed at how little is out there for this.
Ideas?
Jimm
0 Comments
[ + ] Show comments
Answers (7)
Please log in to answer
Posted by:
AngelD
16 years ago
Hopefully you havn't install your package to the entire company environment but just to a bunch of test clients.
I would set these settings through AD/GPO configurations instead if possible.
If that's not possible I guess you would have to use another Active Setup to change back the settings which IMO is not recommended.
If you would like some more advice please provide the IE settings changed through your Active Setup.
I would set these settings through AD/GPO configurations instead if possible.
If that's not possible I guess you would have to use another Active Setup to change back the settings which IMO is not recommended.
If you would like some more advice please provide the IE settings changed through your Active Setup.
Posted by:
JimmPanik
16 years ago
Using AD for this is not an option for this as we do not store computer objects in OUs in a logical way to use GPOs for this sort of thing. Thus, my use of AS for the install.
Here is an example of reg entries for a sample secured site I'll call TestSite. There are two entries for each site. One for the domain portion of the site (testsite.com) and one for the zone itself(Internet,Trusted,Local, Restricted).
Domain settings:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
@=""
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\testsite.com]
"http"=dword:00000002
Zone settings:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
"1A00"=dword:00020000
20000(hex = prompt for uid/pwd)
So, the MSI gets AS to place these entries into a profile through use of repair. How can I get them out when the app is removed without much pain? It sesms that if AS is good at getting items into each profile, there must be a way to have it reverse sync between HKLM and HKCU.
Jimm
Here is an example of reg entries for a sample secured site I'll call TestSite. There are two entries for each site. One for the domain portion of the site (testsite.com) and one for the zone itself(Internet,Trusted,Local, Restricted).
Domain settings:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
@=""
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\testsite.com]
"http"=dword:00000002
Zone settings:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
"1A00"=dword:00020000
20000(hex = prompt for uid/pwd)
So, the MSI gets AS to place these entries into a profile through use of repair. How can I get them out when the app is removed without much pain? It sesms that if AS is good at getting items into each profile, there must be a way to have it reverse sync between HKLM and HKCU.
Jimm
Posted by:
jib
16 years ago
ORIGINAL: JimmPanik
Using AD for this is not an option for this as we do not store computer objects in OUs in a logical way to use GPOs for this sort of thing. Thus, my use of AS for the install.
I'm sorry to suggest something that isn't part of your original question, but please consider implementing computer groups in AD and filter GPO objects using these groups. It would be a tremendous step up from your current way of doing things and would be helpful for your organization in many situations.
Posted by:
JimmPanik
16 years ago
With only a small percentage of our device currently in AD, this is not an option at this time. I need for the install to occur through the MSI and for it to be fully reversible. Is there a way to make AS remove items it has placed in a profile?
Posted by:
anonymous_9363
16 years ago
ORIGINAL: JimmPanikI'd be looking at why this is happening, rather than muscling the reg stuff out via AS/script. Is the component marked as 'Leave installed at uninstall'?
When the package is removed from the end users computer, the sites (registry entries) are still within HKCU for each user profile.
Posted by:
PackadeJack
16 years ago
hen the package is removed from the end users computer, the sites (registry entries) are still within HKCU for each user profile.
Why not create a custom action in vbscript that enumerates the HKEY_USERS key and removes the keys one by one during uninstall?
Posted by:
anonymous_9363
16 years ago
ORIGINAL: PackadeJackThat was Jimm's first thought (see the first post in the thread) but he's looking for a cleaner method.
Why not create a custom action in vbscript that enumerates the HKEY_USERS key and removes the keys one by one during uninstall?
Having re-read it myself (!) I figure you're deploying this via SMS or Group Policy? In that case, I think a script-drive CA is the way you have to go, Jimm.Done properly, it would be quite involved, as it would need to check that the relevant changes had been implemented for each user in the HKEY_USERS hive (not guaranteed, of course, given that you have 'LocalService' and chums in there). John McFadyen posted a complete list of standard GUIDs earlier this month, so at least THAT part's done for you... :)
Rating comments in this legacy AppDeploy message board thread won't reorder them,so that the conversation will remain readable.