/build/static/layout/Breadcrumb_cap_w.png

CIT to read HKEY_CURRENT_USER

Hello, sorry if this has been raised before.

I believe when Kace reads the registry through a CIR it does as a system account and not the logged on User, therefore its great for HKEY_LOCAL_MACHINE.

I have a registry i need to read but it resides in the HKEY_CURRENT_USER.

Any ideas on how i can get to it through a CIR, the aim is then to create a smart group from it


Thanks



5 Comments   [ + ] Show comments
  • You can run script as the current user, log it in a file and then read it at inventory? - gwir 4 years ago
  • You can try to load the HKU Hive via Powershellscriptblock and search for the desired information for one or all user profiles. But that's a bit tedious. It's better.... as posted by gwir..... to run a script in the user context and to read this information later via a CIR.

    Example for Powershell Script to Read HKU
    https://social.technet.microsoft.com/Forums/en-US/78efe17d-1faa-4da1-a0e2-3387493a1e97/powershell-loading-unloading-and-reading-hku?forum=ITCG - Gerhart 4 years ago
  • thanks for the info, if i run the powershell script as the user how do you feed this into the CIR? - markc0 4 years ago
    • ShellCommandTextReturn(type <c:\path\to\your\file.log>) - gwir 4 years ago
  • thanks GWIR, so if i type this in the CIR whatever i look for in the file.log on the local machine is feedback into the inventory on the machine? - markc0 4 years ago
  • Yes. The command ShellCommandTextReturn lists the content of the log file and displays it in the inventory of the computer under "Software" "Custom Inventory Fields".

    Check out the following article from Quest. It's about identifying the Spectre & Meltdown vulnerability. The structure there is more or less what you want to do. A script is executed that evaluates data and writes it to a log file. then there is a CIR which loads the data into the inventory.

    https://www.itninja.com/blog/view/kace-sma-k1000-spectre-meltdown-analysis - Gerhart 4 years ago

Answers (0)

Be the first to answer this question

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ