| View previous topic :: View next topic |
| Author |
Message |
doodleman99
Joined: 02 Sep 2008
Posts: 38
|
 Posted: Wed Dec 02, 2015 12:02 pm Post subject: Reboot Pending Registry Key |
 |
|
Hey guys,
whilst looking into Windows Update monitoring, i came accross the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending
This Key gets created after any windows updates, software installs, features & roles get modified which requires a system reboot.
Because it doesn't actually contain any values, im not sure how to go about setting a reverse test to alert bad once this key is present and good when its not. If there was something in the key then i think i could work it out so i have to rely on the awesomeness of yourselves 
Many thanks! |
|
| Back to top |
|
 |
KS-Soft
Joined: 03 Apr 2002
Posts: 12795
Location: USA
|
| Posted: Wed Dec 02, 2015 4:08 pm Post subject: |
|
|
You need custom script. Like this
| Code: |
statusUnknown = "ScriptRes:Unknown:"
statusOk = "ScriptRes:Ok:"
statusBad = "ScriptRes:Bad:"
objArgs = WScript.Arguments;
if (objArgs.length!=1) {
WScript.StdOut.Write(statusUnknown + 'Script requires 1 parameter: <Registry path>.');
WScript.Quit;
}
var key = objArgs(0);
if (key.charAt(key.length-1)!='\\') { key+='\\'; }
try
{
var wsh = WScript.CreateObject('WScript.Shell');
var val = wsh.RegRead(key);
}
catch(e)
{
WScript.StdOut.Write(statusOk);
WScript.Quit;
}
WScript.StdOut.Write(statusBad);
|
Use Shell Script test method to execute script
Regards
Alex |
|
| Back to top |
|
|
doodleman99
Joined: 02 Sep 2008
Posts: 38
|
| Posted: Thu Dec 03, 2015 7:53 am Post subject: |
|
|
That's actually perfect.
I thought it was failing at first but it works a treat!
For anybody else interested - i'm using this in conjunction with Reg test for the value (If > 0) of:
| Code: | | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\UAS\UpdateCount |
this will tell you how many Items are sat there waiting to be installed. |
|
| Back to top |
|
|
doodleman99
Joined: 02 Sep 2008
Posts: 38
|
| Posted: Thu Dec 03, 2015 8:38 am Post subject: |
|
|
Actually. i am struggling to get it to work on a remote machine?
Any ideas?
JV |
|
| Back to top |
|
|
KS-Soft Europe
Joined: 16 May 2006
Posts: 2832
|
| Posted: Thu Dec 03, 2015 1:15 pm Post subject: |
|
|
Try the following Jscript:
| Code: | statusUnknown = "ScriptRes:Unknown:"
statusOk = "ScriptRes:Ok:"
statusBad = "ScriptRes:Bad:"
objArgs = WScript.Arguments;
strComputer = ".";
strLogin="";
strPsw="";
if (objArgs.length==1) { // KEY ONLY
REGKEY = objArgs(0);
} else if (objArgs.length==2) {
REGKEY = objArgs(0);
strComputer = objArgs(1);
} else if (objArgs.length==4) {
REGKEY = objArgs(0);
strComputer = objArgs(1);
strLogin=objArgs(2);
strPsw=objArgs(3);
} else {
WScript.StdOut.Write(statusUnknown + 'Script requires 1, 2 or 4 parameters: <KEY> [<Computer>, [<Login>,<Password>]]');
WScript.Quit;
}
if (REGKEY.indexOf("HKEY_")==0) {
WScript.StdOut.Write(statusUnknown + 'Script checks only HKEY_LOCAL_MACHINE subKeys. Please specify Registry key without HKEY_LOCAL_MACHINE. E.g.: SOFTWARE\\MICROSOFT\\Windows');
WScript.Quit;
}
HKEY_LOCAL_MACHINE = 0x80000002;
KEY_QUERY_VALUE = 0x0001;
try {
SWBemlocator = new ActiveXObject("WbemScripting.SWbemLocator");
objWMIService = SWBemlocator.ConnectServer(strComputer, "root\\default",strLogin,strPsw);
reg = objWMIService.Get("StdRegProv");
Method = reg.Methods_.Item("CheckAccess");
p_In = Method.InParameters.SpawnInstance_();
p_In.hDefKey=HKEY_LOCAL_MACHINE;
p_In.sSubKeyName = REGKEY;
p_In.uRequired = KEY_QUERY_VALUE;
p_Out = reg.ExecMethod_(Method.Name, p_In);
} catch(e) {
WScript.StdOut.Write(statusUnknown + e.message);
WScript.Quit;
}
if (p_Out.bGranted == true) {
WScript.StdOut.Write(statusBad + "HKLM\\" + REGKEY);
} else {
WScript.StdOut.Write(statusOk);
} |
Start cmd: cmd /c cscript /B /E:JScript %Script% %Params%
Script requies 1, 2 or 4 parameters: <KEY> [<Computer>, [<Login>,<Password>]]
Several Examples:
"SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending"
"SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending" WIN2008HOST myUser myPassword[/code]
Please note: script checks HKEY_LOCAL_MACHINE subkeys. Please specify key without HKEY_LOCAL_MACHINE\ (see examples above) |
|
| Back to top |
|
|
doodleman99
Joined: 02 Sep 2008
Posts: 38
|
| Posted: Fri Dec 04, 2015 8:01 am Post subject: |
|
|
Thanks for your reply.
if i just use a single Param it works well but it failing when add the 2nd param (it just responds OK regardless of which key i specify)
i have tried saving it as a .vbs file and running the following from CMD
| Code: |
cscript /E:JScript C:\Scripts\RebootPending.vbs "SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending" WIN2008HOST
|
And that works perfectly!?
i've tried both with and without credentials but get the same OK reply which would imply it's failing to connect and reporting the path is unavailable/missing.
Any idea why this might be working in command prompt but failing through HM?
i read in another thread that the 32 vs 64 version of cscript.exe could affect the behavior of HM but it doesn't seem to make a difference in this case
Thanks for your help! |
|
| Back to top |
|
|
KS-Soft Europe
Joined: 16 May 2006
Posts: 2832
|
| Posted: Fri Dec 04, 2015 10:48 am Post subject: |
|
|
This script retrns OK Status when it can connect to target system Registry, however, user account has no access to the registry Key or registry key does not exist.
Is HostMonitor started as Application or Service?
What user account is used for HostMonitor Service (HostMonitor Service page of Options dialog and Windows services applet (services.msc))?
32 or 64 bit access make sense. Some registry keys can be accessed only by 64-bit applications/scripts.
Could you start script using 32 bit CMD shell and launching 32 bit cscript.exe:
e.g.
start: c:\Windows\SysWOW64\cmd.exe
then execute command (using full path for 32-bit cscript.exe):
c:\Windows\SysWOW64\cscript.exe /E:JScript C:\Scripts\RebootPending.vbs "SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending" WIN2008HOST |
|
| Back to top |
|
|
doodleman99
Joined: 02 Sep 2008
Posts: 38
|
| Posted: Mon Dec 07, 2015 5:44 am Post subject: |
|
|
Thanks for your reply.
it is running as an application - i changed it to run as a service but that didn't help.
to test, i tried running CMD from both 32 & 64 folders and called the 32 & 64 cscript from both.
Turns out that it failed each time except when i ran the 32CMD with 32cscript.
i tried to set the start cmd to "C:\Windows\System32\cmd.exe /c C:\Windows\System32\cscript.exe /B /E:JScript %Script% %Params%" but this didn't help (i was still getting an OK reply when it should be bad)
Finally - i replaced the C:\Windows\SysWOW64\cscript.exe file with the 32bit version and this seemed to work!
From that, i assume that HM uses the x32 CMD and the x64 cscript by default regardless of if you specify the path or not.
I'm hoping you have a super fantastic fix/workaround for this 
<<<<<<<<<<<<EDIT>>>>>>>>>>>>>>
i have had a reboot on both the host and the target. the path for the RebootPending key is no longer available to test (obviously), but i have just tried to look into it a little further and found that if i test another key in the path (SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Version) it returns with the expected value (Bad). the strange thing is - HM is returning the correct reply as is all 4 of the above mentioned CMD line variations?
once i get clarification on exactly whats going on here i'll try to update the thread.
Many thanks! |
|
| Back to top |
|
|
doodleman99
Joined: 02 Sep 2008
Posts: 38
|
| Posted: Mon Dec 07, 2015 9:46 am Post subject: |
|
|
OK. All confirmed.
It's that(RebootPending) key specifically that's causing the test to fail via HM.
Other keys in that folder such as the Version Key are queryable, from HM and from any variation of 32/64 CMD/cscript.
But if you want to check the RebootPending Key, you have to be using the C:\Windows\System32\cmd.exe and C:\Windows\System32\cscript.exe specifically.
Any thoughts on what we can do about this? i'm sure this isn't the only key in the registry that behaves like this so it might be worth looking into being able to specify the cscript.exe path in the Start CMD criteria of the test properties maybe?
Any help is always appreciated.
Thanks! |
|
| Back to top |
|
|
KS-Soft Europe
Joined: 16 May 2006
Posts: 2832
|
| Posted: Mon Dec 07, 2015 11:51 am Post subject: |
|
|
Actually there are 2 Registry providers: 32 and 64 bit.
Each can provide/store different values for the same key!
You may check some datails at:
https://msdn.microsoft.com/en-us/library/aa393067(VS.85).aspx
We've rebuilt script in order to access required Registry hive (32 or 64 bit):
| Code: | statusUnknown = "ScriptRes:Unknown:"
statusOk = "ScriptRes:Ok:"
statusBad = "ScriptRes:Bad:"
objArgs = WScript.Arguments;
strComputer = ".";
strLogin="";
strPsw="";
RegType=32;
if (objArgs.length==2) { // KEY ONLY
REGKEY = objArgs(0);
} else if (objArgs.length==3) {
REGKEY = objArgs(0);
strComputer = objArgs(2);
} else if (objArgs.length==5) {
REGKEY = objArgs(0);
strComputer = objArgs(2);
strLogin=objArgs(3);
strPsw=objArgs(4);
} else {
WScript.StdOut.Write(statusUnknown + 'Script requires 2,3 or 5 parameters: <KEY> <Architecture: 32 or 64> [<Computer>, [<Login>,<Password>]]');
WScript.Quit;
}
if (objArgs(1)=="64") {RegType=64;} else {RegType=32;}
if (REGKEY.indexOf("HKEY_")==0) {
WScript.StdOut.Write(statusUnknown + 'Script checks only HKEY_LOCAL_MACHINE subKeys. Please specify Registry key without HKEY_LOCAL_MACHINE. E.g.: SOFTWARE\\MICROSOFT\\Windows');
WScript.Quit;
}
HKEY_LOCAL_MACHINE = 0x80000002;
KEY_QUERY_VALUE = 0x0001;
try {
SWBemlocator = new ActiveXObject("WbemScripting.SWbemLocator");
Arch = new ActiveXObject("WbemScripting.SWbemNamedValueSet");
Arch.Add("__ProviderArchitecture", RegType);
objWMIService = SWBemlocator.ConnectServer(strComputer, "root\\default",strLogin,strPsw,null,null,null,Arch);
reg = objWMIService.Get("StdRegProv");
Method = reg.Methods_.Item("CheckAccess");
p_In = Method.InParameters.SpawnInstance_();
p_In.hDefKey=HKEY_LOCAL_MACHINE;
p_In.sSubKeyName = REGKEY;
p_In.uRequired = KEY_QUERY_VALUE;
p_Out = reg.ExecMethod_(Method.Name, p_In);
} catch(e) {
WScript.StdOut.Write(statusUnknown + e.message);
WScript.Quit;
}
if (p_Out.bGranted == true) {
WScript.StdOut.Write(statusBad + "HKLM\\" + REGKEY);
} else {
WScript.StdOut.Write(statusOk);
} |
Script requires 2, 3 or 5 parameters: <KEY> <Architecture: 32 or 64> [<Computer>, [<Login>,<Password>]]
Several Examples:
"SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending" 64
"SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending" 32 WIN2008HOST myUser myPassword[/code] |
|
| Back to top |
|
|
doodleman99
Joined: 02 Sep 2008
Posts: 38
|
| Posted: Mon Dec 07, 2015 12:16 pm Post subject: |
|
|
perfect perfect perfect!
thanks guys! |
|
| Back to top |
|
|
KS-Soft Europe
Joined: 16 May 2006
Posts: 2832
|
| Posted: Mon Dec 07, 2015 12:29 pm Post subject: |
|
|
| You are welcome! |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in
