none
registry question

    Question

  • hi all,

    I have a script that browse the registry keys for installed applications, locate a program with the DisplayName value for each key, and grab the UninstallString value when it is found.

    I test the script on a virtual computer and it works perfectly.

    Since the script is ready for production, I create a SCCM 2012 package to deploy it. I start testing it and it no longer works.

    To troubleshoot the issue, I added a line in the script to log each registry key included in there and I noticed that all the key names that have a ( in it are not listed, which explains why my script cannot found the required key it is looking for.

    The key is HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 56.0.1 (x64 en-US)

    Is there someone who cpould tell me how to read that key, even from SCCM that runs under th system account?

    thank you!

    • Moved by jrv Thursday, January 11, 2018 6:35 PM Better forum
    Thursday, January 11, 2018 6:32 PM

Answers

All replies

  • Moved to "SCCM SDK and PowerShell" forum.


    \_(ツ)_/

    Thursday, January 11, 2018 6:36 PM
  • The system account can read that key.  So what exactly do you mean it can't read that key? 

    What happens when you run the script as the local system account. https://verbalprocessor.com/2007/12/05/running-a-cmd-prompt-as-local-system/


    Garth Jones

    Blog: http://www.enhansoft.com/blog Old Blog: http://smsug.ca/blogs/garth_jones/default.aspx

    Twitter: @GarthMJ Book: System Center Configuration Manager Reporting Unleased

    Thursday, January 11, 2018 7:22 PM
  • honestly, since english isn't my primary language, maybe I just chose the wrong word.

    to see what the script sees, I send each subkey into a log file.

    here's a comparaison to illustrate what I see;

    script ran on my computer, part of the log containing 3 keys:

    .....

    current key is HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData
    current key is HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)
    current key is HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MicTray

    .....

    now here's the log on the same computer but ran from SCCM, which has only 2 keys:

    ....

    current key is HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData
    current key is HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MicTray
    ....

    notice that the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Visual J# 2.0 Redistributable Package - SE (x64) is missing from the log, and that is the case for all subkeys with ( ) in the name.

    that is what I'm trying to say, all keys with those ( ) aren't listed and I do not yet know why.

    thanks!

    Thursday, January 11, 2018 7:43 PM
  • So to recap the issue. if the uninstall reg key has () then the line is not written to the log file? 

    What exactly does your PoSh script look like for writing the logging lines? 

    How are you handling X86 vs X64 uninstall reg keys?

    Did you run the script using the Local System account, as per the blog post that I posted? 


    Garth Jones

    Blog: http://www.enhansoft.com/blog Old Blog: http://smsug.ca/blogs/garth_jones/default.aspx

    Twitter: @GarthMJ Book: System Center Configuration Manager Reporting Unleased

    Thursday, January 11, 2018 8:08 PM
  • Place this line at the top of your script:

    #requires -Version 3


    \_(ツ)_/

    Thursday, January 11, 2018 8:09 PM
  • Place this line at the top of your script:

    #requires -Version 3


    \_(ツ)_/

    oh wow, i never thought of this. I'll give it a try tomorrow.

    thanks!

    Thursday, January 11, 2018 8:13 PM
  • good morning guys,

    Adding #requires -version 3 did not change the behavior, the script is doing the same as yesterday.

    I tried running with system account as asked by Garth, the keys are detected, the UninstallString was found and the removal of the application worked as intended.

    So, my script works in any situation except when running through the SCCM client.

    any suggestion?

    thank you guys!

    Friday, January 12, 2018 1:11 PM
  • Great so this is likely an x86 issue. Run the cmd again but this time use the x86 cmd. c:\Windows\SysWOW64\cmd.exe

    Do the entries exist now? 


    Garth Jones

    Blog: http://www.enhansoft.com/blog Old Blog: http://smsug.ca/blogs/garth_jones/default.aspx

    Twitter: @GarthMJ Book: System Center Configuration Manager Reporting Unleased

    Friday, January 12, 2018 1:23 PM
  • Great so this is likely an x86 issue. Run the cmd again but this time use the x86 cmd. c:\Windows\SysWOW64\cmd.exe

    Do the entries exist now? 


    Garth Jones

    Blog: http://www.enhansoft.com/blog Old Blog: http://smsug.ca/blogs/garth_jones/default.aspx

    Twitter: @GarthMJ Book: System Center Configuration Manager Reporting Unleased

    I check both bitness in the script:

     $regPath64 = 'hklm:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
     $regPath32 = "hklm:\SOFTWARE\WoW6432Node\Microsoft\Windows\CurrentVersion\Uninstall"
     Get-ChildItem -Path $regPath64, $regPath32 -ErrorAction SilentlyContinue | ForEach-Object {.....

    but if it was a bitness issue, I would not see any keys under the 64bit branch, not only keys that have ( ) in the name. Currently I see, in the log file, all other registry keys.

    the script reports keys from both location in the log file, except those with ( ).

    Friday, January 12, 2018 1:30 PM
  • will it help is I describe all that has happened ?

    I was requested to remove Firefox on all computers in the company. I ran a SQL query in the database and discovered that 81 versions of it exist over 385 computers. Seeing this, since we do not have a package for Firefox and knowing that those were manual installations, I decided to write a script to dynamically read the UninstallString from the registry.

    I ran another SQL query and noticed that each version has an UninstallString that is the same, so I decided to use this to remove the application.

    I located the registry key, which is HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 57.0.4 (x64 en-US)

    UninstallString value is "C:\Program Files\Mozilla Firefox\uninstall\helper.exe"

    I manually ran this with parameter /silent and Firefox got removed from my test computer. All this was perfect, so I wrote the script. The script browse both Uninstal bitness keys, locate the DisplayName that has Firefox in it, read the corresponding UninstallString, and launch that with the mentionned parameter.

    I test it on my test computer, Firefox is removed, all good.

    I create a package into SCCM, execute the same script on the same computer, firefox is not removed.

    From there, I started logging the registry keys that the script was browsing and noticed that all subkeys under each bitness what present in the log file, except all those from both bitness where ( ) was in the name.

    that is when I posted here. 

    I am at a lost as to why my script behaves diferently in SCCM.

    thank you very much for trying to help.

    Friday, January 12, 2018 2:04 PM
  • Post your script. There is absolutly no reason why CM cares about () in ARP text.

    Garth Jones

    Blog: http://www.enhansoft.com/blog Old Blog: http://smsug.ca/blogs/garth_jones/default.aspx

    Twitter: @GarthMJ Book: System Center Configuration Manager Reporting Unleased

    Friday, January 12, 2018 2:21 PM
  • Post your script. There is absolutly no reason why CM cares about () in ARP text.

    Garth Jones

    Blog: http://www.enhansoft.com/blog Old Blog: http://smsug.ca/blogs/garth_jones/default.aspx

    Twitter: @GarthMJ Book: System Center Configuration Manager Reporting Unleased

    ok but please don't laugh, I'm still a noob ;-)

    getting there though :-)

    #requires -Version 3
    
    function get-uninstallString
    {
    	param
    	(
    		[parameter(Mandatory = $true)][string]$displayName
    	)
    	$return = $false
    	$regPath64 = 'hklm:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'
    	$regPath32 = "hklm:\SOFTWARE\WoW6432Node\Microsoft\Windows\CurrentVersion\Uninstall"
    	Get-ChildItem -Path $regPath64, $regPath32 -ErrorAction SilentlyContinue | ForEach-Object {
    		"current key is $_" >> $logFile
    		if ($_.getValue("DisplayName") -like "*$DisplayName*")
    		{
    			"found the string $($_.getvalue("UninstallString"))" >> $logFile
    			$return = $_.getvalue("UninstallString")
    		}
    	}
    	return $return
    }
    
    function run-uninstall
    {
    	$maxTime = 900
    	"running process $exeFile with parameter $params" >> $logFile
    	"starting at $(Get-Date -f hh:mm:ss)" >> $logFile
    	Start-Process -FilePath $exeFile -ArgumentList $params
    	"process started, starting wait loop for 15 minutes max" >> $logFile
    	Start-Sleep -Seconds 5
    	Wait-Process -name 'Un_A' -Timeout $maxTime -ErrorAction SilentlyContinue -ErrorVariable timeOut
    	if ($timeOut)
    	{
    		"loop timed out at $(Get-Date -f hh:mm:ss)" >> $logFile
    		Get-Process -name 'un_a' | Stop-Process
    		'process killed' >> $logFile
    	}
    	else
    	{
    		"process done before end of loop, there was no time-out" >> $logFile
    	}
    	"script terminated at $(get-date -f hh:mm:ss)" >> $logFile
    }
    
    $logFile = Join-Path -Path 'c:\Windows\Domtar\Logs' -ChildPath 'FF-removal.log'
    "Firefox removal script" > $logFile
    "Execution started: $(Get-Date)" >> $logFile
    
    $displayName = 'firefox'
    $params = '/silent'
    
    $exeFile = get-uninstallString -displayName $displayName
    "string detected in registry: $exeFile" >> $logFile
    run-uninstall
    
    

    Friday, January 12, 2018 2:27 PM
  • I know what the problem is. It is an x86 issue as when you run the script both reg keys are pointing to the same place. 

    HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall 

    HKLM:\SOFTWARE\WoW6432Node\Microsoft\Windows\CurrentVersion\Uninstall

    Take a look at the PoSH scrip in this post. https://www.enhansoft.com/blog/using-powershell-to-uninstall-applications


    Garth Jones

    Blog: http://www.enhansoft.com/blog Old Blog: http://smsug.ca/blogs/garth_jones/default.aspx

    Twitter: @GarthMJ Book: System Center Configuration Manager Reporting Unleased

    • Marked as answer by Kardock Friday, January 12, 2018 6:54 PM
    Friday, January 12, 2018 3:39 PM
  • holy smoke you're right. I totally missed that.

    Yes I can see that the link you provided is probably the solution to my problem. I'll put this together and I am pretty sure my issue is solved.

    thank you Garth! You da man!

    Friday, January 12, 2018 3:44 PM
  • it's now perfect.

    thanks again, Garth!

    Friday, January 12, 2018 6:54 PM