Why might KACE be reporting false positive results in detecting if registry key exist (6.4)
Since the upgrade to 6.4, we have had some trouble with some of our scripted installs. I was testing the various variables when I came across what I think is the issue: Kace seems to report the wrong answer to the statement "Verify a registry key does not exist".
I created a test script with the same components but added message logging. Here's the xml:
<compliance>
<verify on_failure="continue" attempts="1">
<registry_value_is key="HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" name="PROCESSOR_ARCHITECTURE" expectedValue="AMD64" />
<on_verify_success>
<log_message type="status" message="Success system" />
</on_verify_success>
<on_verify_failure>
<log_message type="status" message="failed system" />
<on_remediation_success>
</on_remediation_success>
<on_remediation_failure>
</on_remediation_failure>
</on_verify_failure>
</verify>
<verify on_failure="continue" attempts="1">
<registry_key_does_not_exist key="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2FBED1CC-E9C0-41A5-9929-EDAC0D1ECEBA}" />
<on_verify_success>
<log_message type="status" message="success install (does not exist)" />
</on_verify_success>
<on_verify_failure>
<log_message type="status" message="failed install (does exist)" />
<on_remediation_success>
</on_remediation_success>
<on_remediation_failure>
</on_remediation_failure>
</on_verify_failure>
</verify>
<verify on_failure="break" attempts="1">
<registry_key_exists key="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2FBED1CC-E9C0-41A5-9929-EDAC0D1ECEBA}" />
<on_verify_success>
<log_message type="status" message="detect exists - success (true)" />
</on_verify_success>
<on_verify_failure>
<log_message type="status" message="detect exists - failure (false)" />
<on_remediation_success>
</on_remediation_success>
<on_remediation_failure>
</on_remediation_failure>
</on_verify_failure>
</verify>
</compliance>
The result on a single computer came back as the following:
Output Log
Running as SYSTEM
Checking if registry 'HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment' value 'PROCESSOR_ARCHITECTURE' is equal to 'AMD64' succeeded
Running as SYSTEM
Checking if registry key does not exist 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2FBED1CC-E9C0-41A5-9929-EDAC0D1ECEBA}' succeeded
Running as SYSTEM
Checking if registry key exists 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2FBED1CC-E9C0-41A5-9929-EDAC0D1ECEBA}' did not succeed: (2)Status Log
Success system failed install (does exist) detect exists - failure (false)
Activity Log
Checking if registry 'HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment' value 'PROCESSOR_ARCHITECTURE' is equal to 'AMD64'
Checking if registry does not exist: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2FBED1CC-E9C0-41A5-9929-EDAC0D1ECEBA}
Checking if registry exists: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2FBED1CC-E9C0-41A5-9929-EDAC0D1ECEBA}As you can see it reported that both the key does exist than does not exist for the same registry key. Any thoughts on this? Is this a bug or error in my script?
2 Comments
[ + ] Show comments
-
I got the same results using your script, but didn't have time to troubleshoot. AFAIK we're only using check-if-exists in our environment and haven't had any problems. - JasonEgg 8 years ago
-
I don't use any of the logic built in to the Web GUI as I find the K1000 to be littered with bugs. To work around this I do everything in Powershell, which I also use when I need to get to Sytem32 and Program Files on a 64-bit computer which the web GUI logic can't do. In summary do everything in PowerShell and avoid the web GUI logic like the plague! - Geedoubleu 8 years ago
Answers (0)
Please log in to answer
