How to delete HKCU entries from logged on users in an automated fashion?

We have a odd situation where we need to delete an HKCU registry entry from all computers that have a user currently logged on.  I can do this manually by running regedit and connecting to the remote computer's registry, then opening up HKU and locating the appropriate "S-1-x-xxxxxxxx" hive and deleting the entry, but I have hundreds to do and don't have time to connect to each manually.

500 points to anyone who has a good solution quickly.

LVL 1
Microsoft_BobAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

campbelcCommented:
Think so, you have a listing of all the computer names?
0
Microsoft_BobAuthor Commented:
Yes
0
Michael PfisterCommented:
Use reg delete:

REG DELETE KeyName [/v ValueName | /ve | /va] [/f]

  KeyName    [\\Machine\]FullKey
    Machine  Name of remote machine - omitting defaults to the current machine.
             Only HKLM and HKU are available on remote machines.
    FullKey  ROOTKEY\SubKey
    ROOTKEY  [ HKLM | HKCU | HKCR | HKU | HKCC ]
    SubKey   The full name of a registry key under the selected ROOTKEY.

  ValueName  The value name, under the selected Key, to delete.
             When omitted, all subkeys and values under the Key are deleted.

  /ve        delete the value of empty value name (Default).

  /va        delete all values under this key.

  /f         Forces the deletion without prompt.

Examples:

  REG DELETE HKLM\Software\MyCo\MyApp\Timeout
    Deletes the registry key Timeout and its all subkeys and values

  REG DELETE \\ZODIAC\HKLM\Software\MyCo /v MTU
    Deletes the registry value MTU under MyCo on ZODIAC


If you like put it in a for loop (assuming you have  a plain text file with one computer per line)

for /f %a in (computer.txt) do reg delete \\%a\HKCU\your\key\goes\here /v Value /f

Use with caution!!!
Of course some error handling would be nice here....

0
Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

campbelcCommented:
Ok, what is the EXACT registry entry/hive you need to delete. I have a solution for you. =)
0
campbelcCommented:
Have a solution WITH error checking to make sure the entry exists and can log the computers it successfully deletes the entry from.
0
Michael PfisterCommented:
simple error handling:

for /f %a in (computer.txt) do reg delete \\%a\HKCU\your\key\goes\here /v Value /f || echo %a>>computer_with_problem.txt
0
campbelcCommented:
There you go have a solution.
0
Microsoft_BobAuthor Commented:
mpfister:  Very close, but no cigar.  When I tried reg delete with HKCU, I get the error: "A remote machine was specified, the root key must be HKLM or HKU."

campbelc: What's your solution?
0
campbelcCommented:
Mine is a little more complex. What is the actual key or hive you want to delete?
0
Michael PfisterCommented:
I see, since its not local to the machine it doesn't know whats the current user.
Its tricky to get the currently logged on users SID and if you have users logging on to many machines you need to run the script all the time.

Do you run a login script? Then just put the reg delete (without specifying the computer) into the logon script...


0
Microsoft_BobAuthor Commented:
campbelc: The key is HKCU\Software\XSG Technology\AutoUpdate

mpfister: We already use Scriptlogic to delete a registry entry in the login script, but many of our users do not log out for days or weeks and so we need something we can run from a workstation to modify the computers out there that already have a user logged in.

0
campbelcCommented:
Do all these workstations have access to a centralized location where you can put an EXE and run it?
0
Microsoft_BobAuthor Commented:
Yes, but if you are suggesting that we have the users run something to delete the entries, this is not a good solution for us.  We need an automated solution.  We have a way to launch a program on a remote computer, but not with the logged in user credentials.
0
campbelcCommented:
Understand. I have a script that will allow you to execute a program from a users computer as if the user executed it with THEIR credentials running on their local PC. Just need to run it from a remote location because you don't want to install the file on each PC.

Just stay with me for a second on this. What you're asking for is a little extreme because we also have to know who the current user is. This is a different approach to this.

Testing it now..
0
Microsoft_BobAuthor Commented:



campbelc: How's it going?

Does anyone else have any ideas how to do this?

SheharyaarSaahil?  sramesh2k? LeeTutor? CrazyOne?  sunray_2003?  war1?   Fatal_Exception?

Where are you folks?  500 points hanging out here....



0
Michael PfisterCommented:
Very quick and dirty:
----------------------------
@echo off
for /f %%a in (computer.txt) do @call :DelReg %%a
goto :EOF
:DelReg
Set Computer=%1
For /f "skip=6" %%b in ('reg query \\%Computer%\HKU') do @call :Sub %%b
Goto :EOF
:Sub
Set RegKey=%1
rem Skip lines with _Classes
echo %RegKey% | findstr "_Classes" && Goto :EOF
reg delete "\\%Computer%\%RegKey%\Software\XSG Technology\AutoUpdate" /f
Goto :EOF
----------------------------
It will go through (nearly) all keys under HKEY_USERS and tries to delete your desired key from every loaded user hive... error handling not easily possible, since it will fail on some of the keys anyway.

Hope it helps,

Michael

0
Microsoft_BobAuthor Commented:
Looks great!!  Only thing is that it will modify all users of that machine, not just the logged on user.  I assume that you can change the code to modify just the logged on user.  My belief is the subkey "Software\Volatile Environment" only exists for the logged on user.  I don't have any real evidence from anyone else regarding this, I just beleive it because that's what I've seen in my experience.  Anyway, true or not, if you can change the code to only modify the registry hive with that subkey in it, then it will be exactly what I want, and I'll give it an A.  If not, I can still use it, and I'll give it a B.
0
Michael PfisterCommented:
> Looks great!!  Only thing is that it will modify all users of that machine, ...

No, since the others users registry hives are normally not loaded, except service accounts.
Personally I wouldn't care to delete this specific reg key for any account on my clients, esp. service accounts.
0
Microsoft_BobAuthor Commented:
I see that it will not necessarily modify all users of that machine, only hives that are loaded at the current time.

But I don't want to delete anything in Volatile Environment - I just want to delete XSG Technology if Volatile Environment exists, otherwise skip the hive....do you understand?  This way it modifies only the logged on user.
0
Michael PfisterCommented:
I'm afraid the Volatile Env is not a 100% indicator of the logged on user, but here is the batch:
----------------------------
@echo off
for /f %%a in (computer.txt) do @call :DelReg %%a
goto :EOF
:DelReg
Set Computer=%1
For /f "skip=6" %%b in ('reg query \\%Computer%\HKU') do @call :Sub %%b
Goto :EOF
:Sub
Set RegKey=%1
rem Skip lines with _Classes
echo %RegKey% | findstr "_Classes" && Goto :EOF
rem Skip Keys without Volatile Env
reg query "\\%Computer%\%RegKey%\Volatile Environment" || goto :EOF
rem Delete key
reg delete "\\%Computer%\%RegKey%\Software\XSG Technology\AutoUpdate" /f
Goto :EOF
----------------------------
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Microsoft_BobAuthor Commented:
Excellent!  Thanks very much!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows XP

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.