Video Screencast Help
Search Video Help Close Back
to help
Not able to make it to Vision this year? Get a sampling in the Best of Vision on Demand group.

Registry (HKCU)

Updated: 06 Aug 2010 | 6 comments
samir.saadah's picture
samir.saadah
Accredited
0 0 Votes
Login to vote

Dear All,

Is there any way to Check some Value in HKCU HKey_Current_User 

Thanks and Best Regards,
Samir 
 

Discussion Filed Under:
, , ,

Comments

EdT's picture
08
Dec
2009
0 Votes 0
Login to vote
EdT
Trusted Advisor

Regedit

If you run regedit, you can check any value in HKCU.

If I have missed the point of your question, perhaps you could give some more detailed information on what you wish to check.

If your issue has been solved, please use the "Mark as Solution" link on the most relevant thread.

samir.saadah's picture
09
Dec
2009
0 Votes 0
Login to vote
samir.saadah
Accredited

Dear, Thanks a lot for your

Dear,

Thanks a lot for your replay, i need to create a check in CCS (Standard Model) to check some value in the Registry file.

i.e. i need to check the following

Group Policy --> User Configuration --> Admisitrative Templete --> Desktop --> Remove the desktop cleanup wizard

Thanks
Samir

cody.t.chamberlain's picture
16
Dec
2009
0 Votes 0
Login to vote
cody.t.chamberlain

I have had issues in building

I have had issues in building registry checks as well, if someone could give a step by step lesson in checking the value of a specific reg key I would owe them for a lifetime!

kevin_stultz's picture
16
Dec
2009
1 Vote +1
Login to vote
kevin_stultz
Symantec Employee
Accredited

CCS checking the registry

It is not possible to check HKCU as it is tied to the logged in user.  The best alternative is to use HKEY_USERS. 
http://service1.symantec.com/support/intrusiondetectkb.nsf/854fa02b4f5013678825731a007d06af/e3883ab420e508b188257348007a67cc?OpenDocument

Example of how to check for a string registry value using CCS.
 

E0: [Registry].[Is a Key?] = true where [Registry].[Key/Value Name] = ‘HKLM\SOFTWARE’ and Missing Data Outcome = Fail

 

E1: [Registry].[Value as String] = ‘Hello World’ where [Registry].[Key/Value Name] = ‘HKLM\SOFTWARE\SYMC-CCS-Testing\StringCheck’ and Missing Data Outcome = Fail

Formula: IF [E0] THEN [E1] ELSE [UNKNOWN]

DWORD etc is very similar just use Value as DWORD.

nirup.paduchuru@coair.com's picture
22
Dec
2009
0 Votes 0
Login to vote
nirup.paduchuru@coair.com

IF ([Key/Value Name =

IF ([Key/Value Name = 'HKLM\SOFTWARE\Microsoft\Internet Explorer\Version Vector\IE' Where Key/Value Name = 'HKLM\SOFTWARE\Microsoft\Internet Explorer\Version Vector\IE' AND Is a Value? = 'true' with Missing Data Outcome being 'Fail' and Multiple Data Operator being 'AND' ]) THEN [Value as String = '8.0000' Where Key/Value Name = 'HKLM\SOFTWARE\Microsoft\Internet Explorer\Version Vector\IE' AND Is a Value? = 'true' with Missing Data Outcome being 'Manual Review' and Multiple Data Operator being 'AND' ] ELSE [FALSE]

The above formula checks if I.E Version is 8.0 or not.This is just a way of creating Registry checks

BillV's picture
05
Feb
2010
0 Votes 0
Login to vote
BillV

Nice

It is great that you can ask and get the anwer you need. It is one of the reasons why I like this website.  I wish I could add something special but I cannot do it yet. As for me, I'm just a beginner. Now I 'm only leaning. It has always been my dream to learn programming for a long time. This summer I advanced into actions, found numerous books at the rapidshare search engine  http://rapidpedia.com  and started to work at it hard. Though sometimes I read your conversations to get inspired.

 

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
270,016