Application Manager fails to query current user registry from scripted rule

Version 1

    Verified Product Versions

    AppSense Application Manager 8.4AppSense Application Manager 8.3AppSense Application Manager 8.1AppSense Application Manager 8.0

    Introduction

    Scripted Rules within Application Manager may return incorrect values when using the reg.read method to access HKCU.

    Detail

    Application Manager runs scripted rules with the users token, but not their profile. This behaviour is by design. 

    To query registry values within the users current user registry, the script needs to identify the current SID of the actual user. The script below is an example how to read the correct registry key in the users context.

    Note: Change the <key> and  <value> in the script to the appropriate values. 

    Function ScriptedRule()
      dim oWMIUser, WshShell, strUsername, strDomainName
      strDomainName = AMScriptRule.UserDomain
      strUserName = AMScriptRule.UserName
      Set WshShell = CreateObject("WScript.Shell")
      Set oWMIUser = GetObject("winmgmts:{impersonationlevel=impersonate}!/root/cimv2:Win32_UserAccount.Domain='" & strDomainName & "',Name='" & strUserName & "'")
      strSID = oWMIUser.SID
      strValue = WshShell.RegRead("HKEY_USERS\" & strSID  & "\Software\<key>\<value>")
    End Function