0
We need to delete a Security value from CD-ROM drive registry key. The main location is HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\IDE. From there it would depend on the make and model of the CD Drive, but there should be a Security value that must be deleted. I found the following VBS code but it doesn’t seem to be working or give an error code:
'****SCRIPT START****
' this script searches for all "security"-keys under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\IDE\ and deletes them
Option Explicit
Const HKEY_LOCAL_MACHINE = &H80000002
Dim oReg : Set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")
Dim oShell : Set oShell = CreateObject("WScript.Shell")
Dim sPath, aSub, sKey, aSubToo, sKeyToo, dwValue
' Get all keys within sPath
sPath = "SYSTEM\CurrentControlSet\Enum\IDE"
oReg.EnumKey HKEY_LOCAL_MACHINE, sPath, aSub
' Loop through each key
For Each sKey In aSub
'Get all subkeys within the key 'sKey'
oReg.EnumKey HKEY_LOCAL_MACHINE, sPath & "\" & sKey, aSubToo
For Each sKeyToo In aSubToo
oReg.deleteValue HKEY_LOCAL_MACHINE, sPath & "\" & sKey & "\" & sKeyToo , "Security"
if Err.Number<>0 then
MsgBox Err.Description ' FOR TESTING ONLY
Err.Clear
end if
Next
Next
'****SCRIPT END****
Upon closer inspection the value can only be deleted by SYSTEM. I need to add the administrator permission full permissions to delete. Not sure if I should continue using VBS or another method to get this done on all the PCs (about 1,000).
Thanks.
Rick
Posted 2015-07-14T12:34:43.757
Reputation: 419
You can use psexec from sysinternals "psexec -s \RemoteComputer cscript script.vbs" to run as system – Zalmy – 2015-07-15T02:43:29.120
When I run the command with the -s argument, it hangs on Windows Script Host. If I view the Task Manager the Microsoft Console Based Script Host (32 bit) is running and stays running even if I pause/break the command. – Rick – 2015-07-16T13:20:37.560
Did you consider using GPO preference to delete this key?I – Zalmy – 2015-07-16T22:14:33.220
I would also propose GPO if there are not too many different possible names for the key. Otherwise powershell has the ability to modify registry acls. If it has to be vbscript it seems you need to use regini.exe probably – Syberdoor – 2015-07-17T09:35:06.250
Not sure how to use GPO Preferences to delete a key name within a varying subkey. – Rick – 2015-07-17T11:55:42.357
Well if you have 3 different Drives and thus 3 different keys you can just the GPP delete each of them, if you have 20 different keys it might be less practical – Syberdoor – 2015-07-20T07:43:08.820