Kaseya Community

Regedit vbscript "Run as System" fails

  • I could almost swear the option for "Run as System" fails. Here is the outline of my dilema.

    We are disabling autorun for all desktops. I have a vbscript that rewrites the autorun registry keys with different values. The vbscript was failing when i ran it as me. I checked the registry permissions, gave my account full control instead of just read, and the vbscript worked. System already had full control over the registry keys. SO I setup the script in Kaseya to execute the file (vbs) as a shell command, "c:\temp\DisableAutorun.vbs", with the option for "Execute as system". Again, this worked when run as user, and I gave myself full permissions. When run as system, the script fails. I assume since the shell command is run as system, the vbs it calls would also be run as system?

    I have not had this problem with system directory scripts, only registry.

    Any ideas? This makes no sense. Permissions look identical between system and my account, yet only account works. It it means anything, I am using the vbscript Shell Object's "RegWrite" method, and i also tried WMI. Both fail due to permissions.

    I tried running the script by using "Execute File" in the Kaseya drop down instead of "Shell Command", but this doesn't even execute the vbs, it fails in the Kaseya script.

    Legacy Forum Name: Regedit vbscript "Run as System" fails,
    Legacy Posted By Username: boostmr2
  • A couple of questions first....
    - What excact registry values are you strying to set?
    - What are you needing to achive via VBS rather than simply using the 'Set Registry Value' option from within a simple kaseya script?
    - If you want to stay with VBS, post it here and I can then look over it for you.

    Cheers

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: XeviouS
  • I am using a vbs because the Kaseya script wasn't automatically creating parent keys if they didn't already exist.

    Windows Vista & XP

    Script to disable Autorun in current user context AND for the entire system, just incase. If this can be done via a Kaseya script, let me know, I would much rather use that. I'm wondering if the impersonation level is causing an issue.


    **********************SCRIPT*************************

    const HKEY_LOCAL_MACHINE = &H80000002
    const HKEY_CURRENT_USER = &H80000001
    strComputer = "."

    Set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_
    strComputer & "\root\default:StdRegProv")

    '---------------------------------------------------------------------------------

    strKeyPath = "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
    strValueName = "NoDriveTypeAutoRun"
    strValue = 255

    'oReg.GetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName,strOldValue
    'msgbox strOldValue
    oReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName,strValue
    'oReg.GetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName,strValue


    '---------------------------------------------------------------------------------

    strKeyPath = "SOFTWARE\Microsoft\Windows\CurrentVersion\IniFileMapping"
    strValueName = "AutoRun.inf"
    strValue = "@SYSBig SmileoesNotExist"

    oReg.SetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: boostmr2
  • I'm guessing it's failing because when you run as SYSTEM, it is trying to find SYSTEM's HKCU hive which doesn't exist. In other words, if you want to fiddle with HKCU via Kaseya you have to "execute as user" and also make sure that you're not doing a Use Credential. I think the way around that is to use the Windows runas command with the /noprofile switch.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: sequoya