Solved

GetValue & RegSet commands not working as expected

Posted on 2013-05-19
5
442 Views
Last Modified: 2013-06-22
Hello Experts.

I've stumbled on an annoying issue when using the GetValue & RegSet commands. I have a small app which is supposed to open up the current users registry, traverse a certain location and then modify any found name/value pairs according to some settings in the app config. The purpose of this app is to find a reference to an old exchange server and replace it so that when the user logs onto a new Windows 7 machine they can open their outlook without error.

here is my code.

using Microsoft.Win32;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Configuration;

namespace RegistryFixer
{
    class Program
    {
        static void Main(string[] args)
        {
            String[] v_locations;
            String[] v_subKeys;
            String[] v_entryNames;
            String v_NewServer = ConfigurationManager.AppSettings["ServerNew"];
            RegistryKey v_rootKey;
            
            v_entryNames = ConfigurationManager.AppSettings["SubKeys"].Split(',');
            v_locations = ConfigurationManager.AppSettings["Locations"].Split(',');
            
            foreach (String v_location in v_locations)
            {
                v_rootKey = Registry.CurrentUser.OpenSubKey(v_location, true);
                v_subKeys = v_rootKey.GetSubKeyNames();

                foreach (string v_curSubKey in v_subKeys)
                {
                    foreach (string v_entryName in v_entryNames)
                    {
                        RegistryKey v_subKey = v_rootKey.OpenSubKey(v_curSubKey, true);
                        object v_Attribute = v_subKey.GetValue(v_entryName);
                        if (v_Attribute != null)
                        {
                            Console.WriteLine(String.Format("FOUND: {0} in {1}", v_entryName, v_subKey.ToString()));
                            foreach (String regSubKey in v_subKey.GetSubKeyNames())
                            {
                                Console.WriteLine(String.Format("FOUND Subkeys: {0}", regSubKey));
                            }
                            
                            if (v_Attribute.ToString() != v_NewServer)
                            {
                                Console.WriteLine(String.Format("Existing Value of: {0}{4}From Key: {1}{4}With EntryName: {2}{4}Has been overwritten with new value of: {3}{4}{4}", Registry.GetValue(v_subKey.ToString(), v_entryName, "No value found.").ToString(), v_subKey.ToString(), v_entryName, v_NewServer, System.Environment.NewLine));
                                //Registry.SetValue(v_subKey.ToString(), v_entryName, v_NewServer);
                                v_subKey.SetValue(v_entryName, v_NewServer);
                                v_subKey.Close();
                            }
                        }
                    }
                }
                v_rootKey.Close();
            }
            Console.WriteLine("Complete!");
            Console.ReadKey();
        }
    }
}

Open in new window


Some info:
The value of "locations" in the appconfig is "Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Default Outlook Profile"
The value of SubKeys in the appconfig is "001e6602,001e6608"
The value of ServerNew in the appconfig is POPEX01.
The Exchange server is 2010.
Our Windows 7 machines are all x86.

Looking at the registry before running the app you can see this subkey with two REG_SZ entries referencing an old server 'MCEX03'. I want to replace those entries.

As you can see the subkey name ends with 72b4
This is what happens when I run this application on a PC of an affected user. Please note the command prompt has run with elevated privileges.

Now you can see my app believes it has run successfully.
But after I run the app, I recheck the registry using regedit and the values have not changed. If you notice in the above screenshot the app finds the subkey ending with a5fc.

This is the users registry as exported and viewed in notepad.
You should notice the subkey we were expecting as a5fc (as found by the reg tools in the app) is actually the reg key ending in 72b4.

So where is subkey ending a5fc? Why does the opensubkey command find it as ending a5fc and not 72b4? Why then does the regset command not work with the mystery subkey ending in a5fc?

I did some research into x64 registry being different than x86. But our client systems are all x86 so I don't know how this could affect the app. Can anyone help me here? IO'm obviously missing something.

Nick
0
Comment
Question by:HobartSmelter
  • 2
5 Comments
 
LVL 35

Accepted Solution

by:
Robert Schutt earned 500 total points
ID: 39184700
I suspect that, because you're running your tool in an elevated command prompt, HKEY_CURRENT_USER points to a different part of the registry, not the same one showing in your regedit.

If that's the case I guess there would be 2 solutions:

1) run your app normally as logged on user and use code to acquire admin permission to the registry (assuming that's needed) I found this link on another forum but haven't tried it: http://msdn.microsoft.com/en-us/library/bb756929.aspx

2) maybe easier: determine the SID for the currently logged in user and use registry key HKEY_USERS\THAT_SID\... instead of HKEY_CURRENT_USER, this should help: http://pcsupport.about.com/od/registry/ht/find-user-security-identifier.htm
0
 
LVL 35

Expert Comment

by:Robert Schutt
ID: 39185075
By the way, I haven't been able to reproduce this so maybe I'm completely off the mark with that "different user" assumption. Well actually I did say "if that's the case", but just thought I'd let you know that my own tests have not come up with a possible positive answer to that "if" (yet). It does still look of course to be the case (since you're seeing different subkeys) that the 2 are not looking at the same key somehow. So attacking this from the other direction could be the next advice: make sure you run regedit as administrator as well.
0
 

Author Comment

by:HobartSmelter
ID: 39198272
Ah, that's a smart notion that for some silly reason I didn't even consider. I will modify the code to utilise the right SID and post the results, will get back to you shortly :).
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
Although it can be difficult to imagine, someday your child will have a career of his or her own. He or she will likely start a family, buy a home and start having their own children. So, while being a kid is still extremely important, it’s also …
This Micro Tutorial will go in depth within Systems and Security in Windows 7 and will go into detail regarding Action Center, Windows Firewall, System, etc. This will be demonstrated using Windows 7 operating system.
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum editing capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now