/build/static/layout/Breadcrumb_cap_w.png

Scripting Question


Why might KACE be reporting false positive results in detecting if registry key exist (6.4)

11/18/2015 2006 views
Since the upgrade to 6.4, we have had some trouble with some of our scripted installs. I was testing the various variables when I came across what I think is the issue: Kace seems to report the wrong answer to the statement "Verify a registry key does not exist".

I created a test script with the same components but added message logging. Here's the xml:

<compliance>

  <verify on_failure="continue" attempts="1">

    <registry_value_is key="HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" name="PROCESSOR_ARCHITECTURE" expectedValue="AMD64" />

    <on_verify_success>
      <log_message type="status" message="Success system" />
    </on_verify_success>

    <on_verify_failure>
      <log_message type="status" message="failed system" />

      <on_remediation_success>
      </on_remediation_success>

      <on_remediation_failure>
      </on_remediation_failure>

    </on_verify_failure>

  </verify>

  <verify on_failure="continue" attempts="1">

    <registry_key_does_not_exist key="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2FBED1CC-E9C0-41A5-9929-EDAC0D1ECEBA}" />

    <on_verify_success>
      <log_message type="status" message="success install (does not exist)" />
    </on_verify_success>

    <on_verify_failure>
      <log_message type="status" message="failed install (does exist)" />

      <on_remediation_success>
      </on_remediation_success>

      <on_remediation_failure>
      </on_remediation_failure>

    </on_verify_failure>

  </verify>

  <verify on_failure="break" attempts="1">

    <registry_key_exists key="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2FBED1CC-E9C0-41A5-9929-EDAC0D1ECEBA}" />

    <on_verify_success>
      <log_message type="status" message="detect exists - success (true)" />
    </on_verify_success>

    <on_verify_failure>
      <log_message type="status" message="detect exists - failure (false)" />

      <on_remediation_success>
      </on_remediation_success>

      <on_remediation_failure>
      </on_remediation_failure>

    </on_verify_failure>

  </verify>

</compliance>

The result on a single computer came back as the following:

Output Log

Running as SYSTEM
Checking if registry 'HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment' value 'PROCESSOR_ARCHITECTURE' is equal to 'AMD64' succeeded
Running as SYSTEM
Checking if registry key does not exist 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2FBED1CC-E9C0-41A5-9929-EDAC0D1ECEBA}' succeeded
Running as SYSTEM
Checking if registry key exists 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2FBED1CC-E9C0-41A5-9929-EDAC0D1ECEBA}' did not succeed: (2)

Status Log

Success system
failed install (does exist)
detect exists - failure (false)

Activity Log

Checking if registry 'HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment' value 'PROCESSOR_ARCHITECTURE' is equal to 'AMD64'
Checking if registry does not exist: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2FBED1CC-E9C0-41A5-9929-EDAC0D1ECEBA}
Checking if registry exists: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2FBED1CC-E9C0-41A5-9929-EDAC0D1ECEBA}

As you can see it reported that both the key does exist than does not exist for the same registry key. Any thoughts on this? Is this a bug or error in my script?
2 Comments   [ + ] Show comments

Comments

  • I got the same results using your script, but didn't have time to troubleshoot. AFAIK we're only using check-if-exists in our environment and haven't had any problems.
  • This content is currently hidden from public view.
    Reason: Removed by member request For more information, visit our FAQ's.
  • I don't use any of the logic built in to the Web GUI as I find the K1000 to be littered with bugs. To work around this I do everything in Powershell, which I also use when I need to get to Sytem32 and Program Files on a 64-bit computer which the web GUI logic can't do. In summary do everything in PowerShell and avoid the web GUI logic like the plague!

All Answers

This content is currently hidden from public view.
Reason: Removed by member request For more information, visit our FAQ's.
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ