7 Replies Latest reply on Jun 1, 2015 9:28 AM by kshuman

    How to query proxy setting in HKCU

    Rookie

      All,

       

      We are testing a new proxy and are trying query HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings for a string value - AutoConfigURL.  We have defined a custom data definition in the manage software list for the correct HKCU key and string.  We have verified that it works on some machines where the inventory was ran with the user logged on.

       

      From what I can find on other posts, querying HKCU is next to impossible for a reliable query response.  I have tried some of the sample scripts that copy HKCU keys to HKLM (Printer.vbs) and adapted for our purposes, but it will only work when the logged in user is a local admin.  We have very few people with local admin rights.

       

      I have seen a few posts suggesting you might have to use strasuser.exe but no examples or feedback indicating it worked.

       

      Has anyone successfully queried HKCU?  If so, can you post a sample script/process?

       

      We are running a newly re-built 9.6 sp1 core with over 2000 machines which are almost exclusively Windows 7 64-bit Enterprise.

        • 1. Re: How to query proxy setting in HKCU
          Peter Massa Expert

          Hey kshuman,

           

          The easiest way to gather this data would be to create a custom definition with-in patch and compliance.  Create a rule that is assigned to Windows 7 and set this script as your Detection script:

           

          EXTERNAL APPLICATION
          exe=powershell.exe
          args=-executionpolicy bypass %filename%
          filename=detect.ps1

          echo off

          try {

          $loggedin=wmic /node:localhost COMPUTERSYSTEM GET USERNAME
          echo "Logged in user:"
          $account = $loggedin -split "\\"
          echo $account[3]
          $command="c:\windows\system32\cmd.exe /c c:\windows\system32\reg.exe query ""HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings"" /v AutoConfigURL > c:\users\$($account[3].trim())\export_tempLD.ini"
          if ($loggedin -match "domainNameGoesHere") {
              if (Test-Path "c:\Program Files (x86)\landesk\LDClient\startasuser.exe") {
                  Start-Process "c:\Program Files (x86)\landesk\LDClient\startasuser.exe" -argumentlist $command
              } elseif (Test-Path "c:\Program Files\landesk\LDClient\startasuser.exe") {
                  Start-Process "c:\Program Files\landesk\LDClient\startasuser.exe" -argumentlist $command
              }
              if (Test-Path "c:\users\$($account[3].trim())\export_tempLD.ini") {
                  $regValue = Get-Content("c:\users\$($account[3].trim())\export_tempLD.ini")
                  $regValue = $regValue -split "REG_SZ"
                  $regValue[3]
                  if (-not (Test-Path "HKLM:\Software\LANDESK\HKCUData")) {
                      New-Item -Path "HKLM:\Software\LANDESK" -Name "HKCUData" –Force | Out-Null
                  }
                  New-ItemProperty "HKLM:\Software\LANDESK\HKCUData" -Name "AutoConfigURL" -Value "$($regValue[3].trim()) $($account[3].trim())" -PropertyType "String" -Force | Out-Null
                  Remove-Item "c:\users\$($account[3].trim())\export_tempLD.ini" -force
                  echo "detected=false"
              }
          } else {
              echo "detected=false"
          }

          } catch [Exception] {}

           

          You will need to change the "domainNameGoesHere" above to whatever your domains short name is like if you were typing: domain\username.

          Also after saving the rule - re-open it and change the Patch Information to this "patch cannot be repaired".

           

          *Note: I just wrote this - so you may have to debug parts of it to get it to work - but I tested the core parts of it and they work.

           

          The above script will check if a domain user is logged in.  If they are then it will query their registry on their behalf using "startasuser.exe" for the key and set it to a common location and append the user it applies to:

          HKLM\Software\LANDESK\HKCUData\AutoConfigURL

          You can then add this registry key to your custom data list.  As clients run vulscans they will add this data to their registry and will upload it to the core once they run an inventory scan.

           

          I wrote this using the startasuser.exe to show you an example of how to use the exe as well as answer your question.  You could expand the above script by having it load offline registry hives and query the data for accounts that are not logged in as well so that it doesn't depend on a user being logged in.

           

          Hope this helps,

          Peter

          1 of 1 people found this helpful
          • 2. Re: How to query proxy setting in HKCU
            Frank Wils ITSMMVPGroup

            Another possibility is that you create a cmd file to run the Inventory Scan. Create a Distribution Package with 'run as logged on user' configured with this CMD. Schedule this as a Policy with Agent Settings to make sure it runs only when someone is logged on. Run once/periodically depending on your needs.

             

            Now, in the toolbox under reporting, go to your Manage Software. There you can add registry keys to be inventoried. Add the key and the path where you want to save the result. Click Make Available to clients.

             

            Frank

            1 of 1 people found this helpful
            • 3. Re: How to query proxy setting in HKCU
              WiseGuy Apprentice

              We had a need to gather some information from HKCU on a ongoing basis, so we wrote a small vbscript that we run, at login, using a Group Policy Preference item (you could also use a login script).  The script reads the values we wanted from HKCU and then then write them to the registry key where LANDesk registry data is automatically added to Inventory (HKLM\SOFTWARE\Wow6432Node\Intel\LANDesk\Inventory\Custom Fields on WIN7 64-Bit).  The next time an Inventory scan is run, it would update the Inventory Record with the data from the last user to log in.  The only issue we had with this was that we had to allow users to have Modify rights to the Custom Fields registry key.

               

              Ernie

              • 4. Re: How to query proxy setting in HKCU
                Rookie

                We tried the first suggestion and it seemed to work, but needs more debugging as it seemed to cause some mild issues with clients.  Otherwise, it is a good start to help us with the issue.

                • 5. Re: How to query proxy setting in HKCU
                  Peter Massa Expert

                  What mild issues are you seeing?

                   

                  Peter

                  • 6. Re: How to query proxy setting in HKCU
                    Expert

                    A different approach with the custom definition could be to use WMI to get the SID of the currently logged in user and then query the registry via "HKU\" & strUid & "\Software\Microsoft..." since HKCU is just an alias mapped to the "HKEY_USERS\<SID>\" branch.

                     

                    LANDesk use that method themselves for certain patch definitions - i.e. 2953095_Enable_FixIt - so you can look at that for an example on how to use LoginUser() and GetSIDFromUser().

                    • 7. Re: How to query proxy setting in HKCU
                      Rookie

                      It was generating a command prompt screen on the user's desktop and driving some calls to the Service Desk.