Remove registry Key vbs/gpo

Trying to remove a registry key from a Windows 7 Pro PC either through vbs or GPO. The problem is that the key value is unique on each PC.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters\{2C1C77B1-D33E-4C4D-B644-5DCD6A9E5690}]

2XCredentialProviderFilter is always present in that key, but the key name itself is random and I want to delete the key  based on the fact that it has a string called 2XCredentialProviderFilter

Does anyone know if/how this can be achieved?

Who is Participating?
RobSampsonConnect With a Mentor Commented:
Hi, if you run this script as a StartUp script, under Computer Configuration, it will look for the 2XCredentialProviderFilter value in all of the keys under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters and then delete the relevant key.



Const HKEY_LOCAL_MACHINE = &H80000002
strKey = "Software\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters\"
strComputer = "."
strFind = "2XCredentialProviderFilter"

If Right(strKey, 1) = "\" Then strKey = Left(strKey, Len(strKey) - 1)
Set objRegistry = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\" & strComputer & "\root\default:StdRegProv")
objRegistry.EnumKey HKEY_LOCAL_MACHINE, strKey, arrSubKeys
If Not IsNull(arrSubKeys) Then
	For Each strSubKey In arrSubKeys
		strValueName = strKey & "\" & strSubKey & "\"
		objRegistry.GetStringValue HKEY_LOCAL_MACHINE, strValueName, "", strValueData
		If strValueData = strFind Then
			WScript.Echo "Deleting " & strValueName & " because it has a value of " & strValueData
			On Error Resume Next
			intReturn = objRegistry.DeleteKey(HKEY_LOCAL_MACHINE, strKey & "\" & strSubKey)
			If intReturn = 0 And Err.Number = 0 Then    
				Wscript.Echo strSubKey & " successfully deleted"
			    Wscript.Echo "Error deleting " & strSubKey & ". Return code = " & intReturn & ", error = " & Err.Number & ": " & Err.Description
			End If
			On Error GoTo 0
		End If
End If

Open in new window

This can only be done on startup via GPO.
Or you can use psexec to remotely execute the vbscript.

Here is an example of vbscript search through registry.

Test locally first without any removal to make sure it will do what you want.

If I needed to implement this, I would do it in two stages. One have the script run and report on which system has this string value in which registry key.

Then change the mode to delete the key.
kwatt562Author Commented:
Isn't that to uninstall a program? I am only trying to delete the above mentioned keys, thanks
The example includes a search within the registry which is what you need.  You would alter the starting point to the hkey_local_machine you referenced in your question.
It has WScript.Echo statements that you may want to remove when you put it into production.


Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.