System Center Configuration Manager TechCenter >
System Center Configuration Manager Forums
>
Configuration Manager Desired Configuration Management
>
Verify that a registry setting in HKLM is correct
Verify that a registry setting in HKLM is correct
- I'm still new to Desired Configuration Management.
Basically, here is my problem. We had a virus run around our company. We've eliminated the virus, but there are some remnants that are preventing Automatic Updates from working on some machines. The virus changed several registry keys, so we need to find those systems and change the keys back.
One if the damaged keys is:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS\imagepath
The value is supposed to be "%SystemRoot%\system32\svchost.exe -k netsvcs"
but the virus changed it to "%fystemRoot%\system32\svchost.exe -k netsvcs"
I have a quick script to fix it, but I need to find the computers first. Does anyone know how to do this with DCM, or is there a better way?
Answers
- A little more detail:
What you're looking for is the "Settings" tab of the configuration item. Open that up, and then you'll be on the General tab of the Settings page. There you can specify the Hive (HKLM), Key (registry folder), and value name (name of the string, dword, etc.). Then click on Validation tab, and click the "New" button, and you can set the operator (ex. Equals), and a value (your desired value). There is also a checkbox near the bottom (selected by default), which is for instance count, so that if there is no instance of this registry value name, you will get non compliance.
From your description, it looks like you were creating a "Registry Object", which is on the Objects tab (not the Settings tab) of the configuration item. That one only allows you to specify the Hive and Key.
This posting is provided "AS IS", provides no warranties, and confers no rights. -- Kevin- Proposed As Answer byKevinM [MSFT]MSFT, ModeratorWednesday, November 11, 2009 6:22 PM
- Marked As Answer byKevinM [MSFT]MSFT, ModeratorMonday, November 23, 2009 7:13 PM
All Replies
- DCM would be one possibility, but it would be faster if you'd advertise a script to all systems that checks for the existence of the regkey and changes it if needed.
- Thanks. I thought about doing that, but if DCM can do this, i'd prefer to learn how to do it in case I need to do something similar in the future.
- For DCM, you'd need to create a CI that detects that registry setting and the desired value. Target it to a collection and then once it has evaluated, you can create a collection from all machines that are Noncompliant for that CI. Then, you can target the script you wrote (using Software Distribution) to the new collection of noncompliant machines.
This posting is provided "AS IS", provides no warranties, and confers no rights. -- Kevin I see how I can create a CI for a registry key, but I don't see anywhere to set a desired value. Which CI Type should I use to do that?
- You can use a General CI or an Application CI set to "Always assume application is installed". The CI Type is not important.
What you describe sounds like the Registry Object (for registry keys only). You need to choose the Registry Setting which will allow you to specify a registry value name, and a desired value.
This posting is provided "AS IS", provides no warranties, and confers no rights. -- Kevin- Proposed As Answer byKevinM [MSFT]MSFT, ModeratorTuesday, November 10, 2009 12:46 AM
- Does both the Key and the desired value go into the "Key:" section? There is no section that I can see called desired value.
The key is HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS\imagepath
and the desired value would be "%SystemRoot%\system32\svchost.exe -k netsvcs"
If I do put them both under "Key:", what would the syntax be? - That's why I suggested a different approach. You're facing some kind of emergency situation right now and want to fix it as soon as possible. Using DCM adds some overhead here (learning curve, creating the baseline + CI, policy retrieval, DCM evaluation, sending the status back to ConfigMgr, creating a collection based on the DCM results, then finally advertising a script etc etc).
(I have no ConfigMgr console next to me right now so I can't tell you how to create the CI) - Sorry, perhaps I overstated the problem. This only applies to a very small percentage of the company. I'm just trying to deal with the stragglers, so it is not an emergency. If I cannot figure out how to do this with DCM, I can push out a solutionto everyone; but most of the company is compliant with the windows updates, so this would be overkill. If this was an emergency, I would Absolutely do it your way...
I really appreciate all your help. - If you don't see the section for name then you're creating a Registry Object (on the objects tab) which is only for registry 'keys' (folders). You need to navigate to the Settings tab in the configuration item, and choose Registry Setting, which will allow you to specify the key and also the registry entry name you are looking for, then specify a desired value in the rule.
This posting is provided "AS IS", provides no warranties, and confers no rights. -- Kevin - A little more detail:
What you're looking for is the "Settings" tab of the configuration item. Open that up, and then you'll be on the General tab of the Settings page. There you can specify the Hive (HKLM), Key (registry folder), and value name (name of the string, dword, etc.). Then click on Validation tab, and click the "New" button, and you can set the operator (ex. Equals), and a value (your desired value). There is also a checkbox near the bottom (selected by default), which is for instance count, so that if there is no instance of this registry value name, you will get non compliance.
From your description, it looks like you were creating a "Registry Object", which is on the Objects tab (not the Settings tab) of the configuration item. That one only allows you to specify the Hive and Key.
This posting is provided "AS IS", provides no warranties, and confers no rights. -- Kevin- Proposed As Answer byKevinM [MSFT]MSFT, ModeratorWednesday, November 11, 2009 6:22 PM
- Marked As Answer byKevinM [MSFT]MSFT, ModeratorMonday, November 23, 2009 7:13 PM
