TROUBLESHOOTING: Upload multiple registry keys
0 Votes |
Description
This task will export the specified registry keys with reg.exe, compress them with the built in windows makecab.exe utility, and upload the resulting .cab to the Bigfix server.
To specify multiple registry keys, separate the values with a semicolon. A common example to gather the SxS and CBS keys for windows patch troubleshooting would look like this:
HKLM\Software\Microsoft\Windows\CurrentVersion\Component Based Servicing;HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide
To locate the compressed registry export files, you must have access to the file system of the Bigfix root server, and know the computer ID of the computer that you want to find the files for. The filename ends in registryexport.cab, and the path for each computer ID will look like this:
<Bigfix server install folder>\UploadManagerData\BufferDir\sha1\<last two digits of computer ID>\<full computer ID>
This fixlet has a hardcoded secure parameter to prevent targeting endpoints by property, this reduces the risk of an unintentional DDoS on your infrastructure. To disable this behavior, make a copy of this fixlet and remove the script element below this text.
Property Details
27369 | |
Beta - Preliminary testing ready for more | |
TROUBLESHOOTING: Upload multiple registry keys | |
BESC | |
Internal | |
3/10/2019 12:00:00 AM | |
Troubleshooting, upload, archive manager, windows, registry | |
True | |
Jsaylor on 9/24/2024 3:18:41 PM | |
Jsaylor on 9/24/2024 3:18:41 PM | |
223 Views / 2 Downloads | |
* Average over 0 ratings. ** Log In or Register to add your rating. |
Relevance
Actions
Action 1 (default)
action parameter query "RegistryKeys" with description "Please enter full registry key names to export. Separate multiple keys with a semicolon ;"
action uses wow64 redirection false
//set and create working directory
parameter "Exportfolder" = "{data folder of client as string & "\registryexport"}"
folder create "{parameter "Exportfolder"}"
//create batch file to run reg.exe against each semicolon separated registry key. Deletes all .reg files in the working directory. Names resulting .reg files after the last key name + a random number to prevent duplicate filenames
appendfile cd "{parameter "Exportfolder"}"
appendfile del *.reg
appendfile {("reg.exe export %22" & it as string & "%22 %22" & following text of last "\" of (it as string) & index of it as string & ".reg%22 /y%0d%0a") of (tuple items of it of (concatenations ", " of (substrings separated by ";" of Parameter "RegistryKeys")))}
delete "{parameter "Exportfolder" & "\export.bat"}"
move __appendfile "{parameter "Exportfolder" & "\export.bat"}"
waithidden cmd.exe /c "{parameter "Exportfolder" & "\export.bat"}"
//create makecab file list
appendfile {("%22" & it & "%22%0d%0a") of (pathnames of files whose (name of it contains ".reg") of folder (parameter "Exportfolder"))}
delete "{parameter "Exportfolder" & "\files.txt"}"
move __appendfile "{parameter "Exportfolder" & "\files.txt"}"
//compress listed files
waithidden makecab /d CabinetName1={computer ID}registryexport.cab /d MaxDiskSize=0 /D CompressionType=LZX /D DiskDirectoryTemplate="{parameter "Exportfolder"}" /f "{parameter "Exportfolder" & "\files.txt"}"
//limit upload results to 20MB and start the upload.
setting "_BESClient_ArchiveManager_MaxArchiveSize"="20971520" on "{parameter "action issue date" of action}" for client
setting "_BESClient_ArchiveManager_OperatingMode"="2" on "{parameter "action issue date" of action}" for client
setting "_BESClient_ArchiveManager_FileSet-RegistryExport"="{parameter "Exportfolder"}\{computer ID}registryexport.cab" on "{parameter "action issue date" of action}" for client
archive now
This action will be considered successful when the applicability relevance evaluates to false.
Sharing
Social Media: |