Ich versuche das nochmal kurz zusammenzufassen. Für mehr Infos bitte mal den anderen Thread anschauen.
Was sollte passieren?
Ziel ist das Patchen der Registry mit dem Aufruf /AllNTUserDats
Was ist passiert?
Wurde vor dem Aufruf der Sektion "Registry_AcceptEULA /AllNTUserDats" bereits ein Prozess mit "KillTask" beendet, funktioniert /AllNTUserDats nicht mehr. Die Registry wird nicht gepatcht.
Mit welchen Schritten kann das Problem nachgestellt werden?
------------------------------------
Beispiel:
setup.opsiscript
Code: Alles auswählen
[Actions]
requiredWinstVersion >= "4.11.3.3"
ScriptErrorMessages = false
Sub "%ScriptPath%\delsub.opsiscript"
Registry_AcceptEULA /AllNTUserDats
[Registry_AcceptEULA]
openkey [HKEY_CURRENT_USER\SOFTWARE\Test]
set "installed"=reg_dword:0x5eb938a8
Code: Alles auswählen
KillTask "spoolsv.exe"
Der angegebene Prozess muss von KillTask beendet werden. KillTask "blablabla.exe" verursacht den Fehler nicht.
Wichtig ist der Aufruf:
Code: Alles auswählen
Sub "%ScriptPath%\delsub.opsiscript"
Code: Alles auswählen
KillTask "spoolsv.exe"
Wird KillTask auskommentiert, gibt es keinen Fehler
Das verhalten ist unterschiedlich bei eingeloggten/nicht eingeloggten Benutzer.
nicht eingeloggter Benutzer:
Code: Alles auswählen
(6934) [5] [Jun 17 09:56:19:499] [lra_forticlient] Execution of: Registry_AcceptEULA /AllNTUserDats
(6935) [5] [Jun 17 09:56:19:499] [lra_forticlient]
(6936) [6] [Jun 17 09:56:19:500] [lra_forticlient] Registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18] opened
(6937) [6] [Jun 17 09:56:19:500] [lra_forticlient] Key closed
(6938) [6] [Jun 17 09:56:19:500] [lra_forticlient] Registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19] opened
(6939) [6] [Jun 17 09:56:19:500] [lra_forticlient] Key closed
(6940) [6] [Jun 17 09:56:19:500] [lra_forticlient] Registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20] opened
(6941) [6] [Jun 17 09:56:19:500] [lra_forticlient] Key closed
(6942) [6] [Jun 17 09:56:19:500] [lra_forticlient] Registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2974151604-755877624-1240835612-500] opened
(6943) [6] [Jun 17 09:56:19:500] [lra_forticlient] Key closed
(6944) [6] [Jun 17 09:56:19:500] [lra_forticlient] Registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-484763869-1580436667-725345543-1558] opened
(6945) [6] [Jun 17 09:56:19:500] [lra_forticlient] Key closed
(6946) [6] [Jun 17 09:56:19:500] [lra_forticlient]
(6947) [6] [Jun 17 09:56:19:500] [lra_forticlient] Branch: Administrator
(6948) [4] [Jun 17 09:56:19:502] [lra_forticlient] Warning: NTUser.dat could not be loaded from path "C:\Users\Administrator\NTUser.dat". Code 1314: Dem Client fehlt ein erforderliches Recht.<
(6949) [6] [Jun 17 09:56:19:502] [lra_forticlient]
(6950) [6] [Jun 17 09:56:19:502] [lra_forticlient] Branch: admin
(6951) [4] [Jun 17 09:56:19:502] [lra_forticlient] Warning: NTUser.dat could not be loaded from path "C:\Users\admin\NTUser.dat". Code 1314: Dem Client fehlt ein erforderliches Recht.<
(6952) [6] [Jun 17 09:56:19:502] [lra_forticlient]
(6953) [6] [Jun 17 09:56:19:502] [lra_forticlient] Branch: Default
(6954) [4] [Jun 17 09:56:19:503] [lra_forticlient] Warning: NTUser.dat could not be loaded from path "C:\Users\Default\NTUser.dat". Code 1314: Dem Client fehlt ein erforderliches Recht.<
(6955) [6] [Jun 17 09:56:19:503] [lra_forticlient]
(6956) [6] [Jun 17 09:56:19:503] [lra_forticlient] Make it for user .DEFAULT
(6957) [5] [Jun 17 09:56:19:503] [lra_forticlient]
(6958) [6] [Jun 17 09:56:19:504] [lra_forticlient] Registry key [HKEY_USERS\.DEFAULT\SOFTWARE\Fortinet\FortiClient\FA_UI\VPN-6.4.0.1464] created
(6959) [6] [Jun 17 09:56:19:504] [lra_forticlient] Variable "installed" set to "0x5eb938a8"
(6960) [6] [Jun 17 09:56:19:504] [lra_forticlient] Key closed
Auch dieser Aufruf erzeugt den Fehler.uncle_scrooge hat geschrieben:Gehen Sie direkt ins Forum 'Bugs'. Gehen Sie nicht über Los. Ziehen Sie keine 4000DM ein.
Log mit KillTask:Log ohne KillTask:Code: Alles auswählen
(62) [1] [Jun 22 11:00:46:176] [dummy] ============ Version 4.12.3.12 script "p:\dummy\dummy.ins" (63) [1] [Jun 22 11:00:46:176] [dummy] used script encoding: Ansi (64) [1] [Jun 22 11:00:46:176] [dummy] used system encoding: cp1252 (65) [1] [Jun 22 11:00:46:176] [dummy] start: 2020-06-22 11:00:46 (66) [1] [Jun 22 11:00:46:176] [dummy] installing product: dummy_1.0-1 (67) [1] [Jun 22 11:00:46:176] [dummy] on client named "w10test.ta.ag" (68) [1] [Jun 22 11:00:46:176] [dummy] loggedin user "Administrator" (69) [1] [Jun 22 11:00:46:176] [dummy] opsi-script running as "SYSTEM" (70) [1] [Jun 22 11:00:46:176] [dummy] opsi-script running with admin privileges (71) [1] [Jun 22 11:00:46:176] [dummy] opsi-script running in standard script mode (72) [1] [Jun 22 11:00:46:176] [dummy] executing: "C:\Program Files (x86)\opsi.org\opsi-client-agent\opsi-winst\winst32.exe" (73) [1] [Jun 22 11:00:46:176] [dummy] system infos: (74) [1] [Jun 22 11:00:46:178] [dummy] 00-50-56-25-E6-65 - PC hardware address (75) [1] [Jun 22 11:00:46:178] [dummy] w10test - IP name (76) [1] [Jun 22 11:00:46:178] [dummy] 192.100.100.112 - IP address (77) [1] [Jun 22 11:00:46:178] [dummy] DEU - System default locale (78) [7] [Jun 22 11:00:46:178] [dummy] Registry started without redirection (64 Bit) (79) [7] [Jun 22 11:00:46:178] [dummy] Registry started readonly (80) [7] [Jun 22 11:00:46:178] [dummy] Registry started without redirection (64 Bit) (81) [6] [Jun 22 11:00:46:178] [dummy] Registry key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] opened (82) [6] [Jun 22 11:00:46:178] [dummy] Key closed (83) [1] [Jun 22 11:00:46:178] [dummy] MS Windows 10.0 64 Bit, Release: 1909, Edition: PRODUCT_PROFESSIONAL (84) [1] [Jun 22 11:00:46:178] [dummy] opsi service version : 4 (85) [1] [Jun 22 11:00:46:178] [dummy] (86) [7] [Jun 22 11:00:46:178] [dummy] Registry started readonly (87) [7] [Jun 22 11:00:46:178] [dummy] Registry started without redirection (64 Bit) (88) [6] [Jun 22 11:00:46:178] [dummy] Registry key [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion] opened (89) [6] [Jun 22 11:00:46:178] [dummy] Key closed (90) [7] [Jun 22 11:00:46:244] [dummy] Starting with script... (91) [7] [Jun 22 11:00:46:257] [dummy] Loaded sub from: p:\dummy\delsub.opsiscript with encoding: cp1252 (92) [6] [Jun 22 11:00:46:257] [dummy] (93) [6] [Jun 22 11:00:46:257] [dummy] ~~~~~~~ Start Sub ~~~~~~~ Sub "p:\dummy\delsub.opsiscript" (94) [7] [Jun 22 11:00:46:257] [dummy] Session owner found: W10TEST\Administrator (95) [7] [Jun 22 11:00:46:260] [dummy] winst owner found: NT-AUTORIT�T\SYSTEM (96) [7] [Jun 22 11:00:46:284] [dummy] Will kill exe: spoolsv.exe pid: 4156 from user: NT-AUTORIT�T\SYSTEM (97) [7] [Jun 22 11:00:46:284] [dummy] Try to kill process with pid: 4156 (98) [7] [Jun 22 11:00:46:284] [dummy] killed process with pid: 4156 (99) [6] [Jun 22 11:00:46:285] [dummy] 1 instance(s) of "spoolsv.exe" stopped (100) [5] [Jun 22 11:00:46:285] [dummy] Execution of: Registry_All /AllNTUserDats (101) [5] [Jun 22 11:00:46:285] [dummy] (102) [7] [Jun 22 11:00:46:285] [dummy] Registry started without redirection (64 Bit) (103) [7] [Jun 22 11:00:46:285] [dummy] Registry started readonly (104) [7] [Jun 22 11:00:46:285] [dummy] Registry started without redirection (64 Bit) (105) [6] [Jun 22 11:00:46:285] [dummy] Registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18] opened (106) [6] [Jun 22 11:00:46:285] [dummy] Key closed (107) [7] [Jun 22 11:00:46:285] [dummy] Registry started readonly (108) [7] [Jun 22 11:00:46:285] [dummy] Registry started without redirection (64 Bit) (109) [6] [Jun 22 11:00:46:285] [dummy] Registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19] opened (110) [6] [Jun 22 11:00:46:285] [dummy] Key closed (111) [7] [Jun 22 11:00:46:285] [dummy] Registry started readonly (112) [7] [Jun 22 11:00:46:285] [dummy] Registry started without redirection (64 Bit) (113) [6] [Jun 22 11:00:46:285] [dummy] Registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20] opened (114) [6] [Jun 22 11:00:46:286] [dummy] Key closed (115) [7] [Jun 22 11:00:46:286] [dummy] Registry started readonly (116) [7] [Jun 22 11:00:46:286] [dummy] Registry started without redirection (64 Bit) (117) [6] [Jun 22 11:00:46:286] [dummy] Registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2353905032-159805905-49043801-1001] opened (118) [6] [Jun 22 11:00:46:286] [dummy] Key closed (119) [7] [Jun 22 11:00:46:286] [dummy] Registry started readonly (120) [7] [Jun 22 11:00:46:286] [dummy] Registry started without redirection (64 Bit) (121) [6] [Jun 22 11:00:46:286] [dummy] Registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2353905032-159805905-49043801-1002] opened (122) [6] [Jun 22 11:00:46:286] [dummy] Key closed (123) [7] [Jun 22 11:00:46:286] [dummy] Registry started readonly (124) [7] [Jun 22 11:00:46:286] [dummy] Registry started without redirection (64 Bit) (125) [6] [Jun 22 11:00:46:286] [dummy] Registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2353905032-159805905-49043801-500] opened (126) [6] [Jun 22 11:00:46:286] [dummy] Key closed (127) [6] [Jun 22 11:00:46:286] [dummy] (128) [6] [Jun 22 11:00:46:286] [dummy] Branch: paul (129) [4] [Jun 22 11:00:46:288] [dummy] Warning: NTUser.dat could not be loaded from path "C:\Users\paul\NTUser.dat". Code 1314: Dem Client fehlt ein erforderliches Recht.< (130) [7] [Jun 22 11:00:46:288] [dummy] Registry started with redirection (32 Bit) (131) [7] [Jun 22 11:00:46:289] [dummy] Registry started with redirection (32 Bit) (132) [7] [Jun 22 11:00:46:290] [dummy] Registry started readonly (133) [7] [Jun 22 11:00:46:290] [dummy] Registry started without redirection (64 Bit) (134) [6] [Jun 22 11:00:46:290] [dummy] Info: Registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\[S-1-5-21-2353905032-159805905-49043801-500]] could not be opened by RegOpenKeyEx, Errorno 2 "Das System kann die angegebene Datei nicht finden.<" (135) [7] [Jun 22 11:00:46:290] [dummy] Registry started with redirection (32 Bit) (136) [7] [Jun 22 11:00:46:290] [dummy] The Branch for :paul seems to be the logged in user, (137) [7] [Jun 22 11:00:46:290] [dummy] so let us try to patch it via HKUsers\SID (138) [7] [Jun 22 11:00:46:291] [dummy] sidStr :S-1-5-21-2353905032-159805905-49043801-500 (139) [5] [Jun 22 11:00:46:291] [dummy] (140) [7] [Jun 22 11:00:46:291] [dummy] Registry started with redirection (32 Bit) (141) [7] [Jun 22 11:00:46:291] [dummy] Key is: HKEY_CURRENT_USER\SOFTWARE\Test (142) [6] [Jun 22 11:00:46:291] [dummy] Registry key [HKEY_USERS\S-1-5-21-2353905032-159805905-49043801-500\SOFTWARE\Test] opened (143) [6] [Jun 22 11:00:46:291] [dummy] Variable "installed" had value "1589196968" (144) [6] [Jun 22 11:00:46:291] [dummy] Info: "installed" changed to "1589196985" (145) [6] [Jun 22 11:00:46:291] [dummy] Key closed (146) [7] [Jun 22 11:00:46:291] [dummy] (147) [7] [Jun 22 11:00:46:292] [dummy] Flushed (148) [6] [Jun 22 11:00:46:292] [dummy] (149) [6] [Jun 22 11:00:46:292] [dummy] Branch: mary (150) [4] [Jun 22 11:00:46:293] [dummy] Warning: NTUser.dat could not be loaded from path "C:\Users\mary\NTUser.dat". Code 1314: Dem Client fehlt ein erforderliches Recht.< (151) [7] [Jun 22 11:00:46:293] [dummy] Registry started with redirection (32 Bit) (152) [7] [Jun 22 11:00:46:294] [dummy] Registry started with redirection (32 Bit) (153) [7] [Jun 22 11:00:46:295] [dummy] Registry started readonly (154) [7] [Jun 22 11:00:46:295] [dummy] Registry started without redirection (64 Bit) (155) [6] [Jun 22 11:00:46:295] [dummy] Info: Registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\[S-1-5-21-2353905032-159805905-49043801-500]] could not be opened by RegOpenKeyEx, Errorno 2 "Das System kann die angegebene Datei nicht finden.<" (156) [7] [Jun 22 11:00:46:295] [dummy] Registry started with redirection (32 Bit) (157) [7] [Jun 22 11:00:46:295] [dummy] The Branch for :mary seems to be the logged in user, (158) [7] [Jun 22 11:00:46:295] [dummy] so let us try to patch it via HKUsers\SID (159) [7] [Jun 22 11:00:46:296] [dummy] sidStr :S-1-5-21-2353905032-159805905-49043801-500 (160) [5] [Jun 22 11:00:46:296] [dummy] (161) [7] [Jun 22 11:00:46:296] [dummy] Registry started with redirection (32 Bit) (162) [7] [Jun 22 11:00:46:296] [dummy] Key is: HKEY_CURRENT_USER\SOFTWARE\Test (163) [6] [Jun 22 11:00:46:296] [dummy] Registry key [HKEY_USERS\S-1-5-21-2353905032-159805905-49043801-500\SOFTWARE\Test] opened (164) [6] [Jun 22 11:00:46:296] [dummy] Variable "installed" is keeping its value "1589196985" (165) [6] [Jun 22 11:00:46:296] [dummy] Key closed (166) [7] [Jun 22 11:00:46:296] [dummy] (167) [7] [Jun 22 11:00:46:296] [dummy] Flushed (168) [6] [Jun 22 11:00:46:296] [dummy] (169) [6] [Jun 22 11:00:46:296] [dummy] Branch: Administrator (170) [4] [Jun 22 11:00:46:297] [dummy] Warning: NTUser.dat could not be loaded from path "C:\Users\Administrator\NTUser.dat". Code 1314: Dem Client fehlt ein erforderliches Recht.< (171) [7] [Jun 22 11:00:46:297] [dummy] Registry started with redirection (32 Bit) (172) [7] [Jun 22 11:00:46:298] [dummy] Registry started with redirection (32 Bit) (173) [7] [Jun 22 11:00:46:298] [dummy] The Branch for :Administrator seems to be the logged in user, (174) [7] [Jun 22 11:00:46:298] [dummy] so let us try to patch it via HKUsers\SID (175) [7] [Jun 22 11:00:46:298] [dummy] sidStr :S-1-5-21-2353905032-159805905-49043801-500 (176) [5] [Jun 22 11:00:46:298] [dummy] (177) [7] [Jun 22 11:00:46:298] [dummy] Registry started with redirection (32 Bit) (178) [7] [Jun 22 11:00:46:298] [dummy] Key is: HKEY_CURRENT_USER\SOFTWARE\Test (179) [6] [Jun 22 11:00:46:298] [dummy] Registry key [HKEY_USERS\S-1-5-21-2353905032-159805905-49043801-500\SOFTWARE\Test] opened (180) [6] [Jun 22 11:00:46:298] [dummy] Variable "installed" is keeping its value "1589196985" (181) [6] [Jun 22 11:00:46:298] [dummy] Key closed (182) [7] [Jun 22 11:00:46:299] [dummy] (183) [7] [Jun 22 11:00:46:299] [dummy] Flushed (184) [6] [Jun 22 11:00:46:299] [dummy] (185) [6] [Jun 22 11:00:46:299] [dummy] Branch: Default (186) [4] [Jun 22 11:00:46:299] [dummy] Warning: NTUser.dat could not be loaded from path "C:\Users\Default\NTUser.dat". Code 1314: Dem Client fehlt ein erforderliches Recht.< (187) [7] [Jun 22 11:00:46:300] [dummy] Registry started with redirection (32 Bit) (188) [7] [Jun 22 11:00:46:300] [dummy] Registry started with redirection (32 Bit) (189) [7] [Jun 22 11:00:46:301] [dummy] Registry started readonly (190) [7] [Jun 22 11:00:46:301] [dummy] Registry started without redirection (64 Bit) (191) [6] [Jun 22 11:00:46:301] [dummy] Info: Registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\[S-1-5-21-2353905032-159805905-49043801-500]] could not be opened by RegOpenKeyEx, Errorno 2 "Das System kann die angegebene Datei nicht finden.<" (192) [7] [Jun 22 11:00:46:301] [dummy] Registry started with redirection (32 Bit) (193) [7] [Jun 22 11:00:46:301] [dummy] The Branch for :Default seems to be the logged in user, (194) [7] [Jun 22 11:00:46:301] [dummy] so let us try to patch it via HKUsers\SID (195) [7] [Jun 22 11:00:46:302] [dummy] sidStr :S-1-5-21-2353905032-159805905-49043801-500 (196) [5] [Jun 22 11:00:46:302] [dummy] (197) [7] [Jun 22 11:00:46:302] [dummy] Registry started with redirection (32 Bit) (198) [7] [Jun 22 11:00:46:302] [dummy] Key is: HKEY_CURRENT_USER\SOFTWARE\Test (199) [6] [Jun 22 11:00:46:302] [dummy] Registry key [HKEY_USERS\S-1-5-21-2353905032-159805905-49043801-500\SOFTWARE\Test] opened (200) [6] [Jun 22 11:00:46:302] [dummy] Variable "installed" is keeping its value "1589196985" (201) [6] [Jun 22 11:00:46:302] [dummy] Key closed (202) [7] [Jun 22 11:00:46:302] [dummy] (203) [7] [Jun 22 11:00:46:302] [dummy] Flushed (204) [6] [Jun 22 11:00:46:302] [dummy] (205) [6] [Jun 22 11:00:46:302] [dummy] Make it for user .DEFAULT (206) [5] [Jun 22 11:00:46:302] [dummy] (207) [7] [Jun 22 11:00:46:302] [dummy] Registry started with redirection (32 Bit) (208) [7] [Jun 22 11:00:46:302] [dummy] Key is: HKEY_CURRENT_USER\SOFTWARE\Test (209) [6] [Jun 22 11:00:46:305] [dummy] Registry key [HKEY_USERS\.DEFAULT\SOFTWARE\Test] opened (210) [6] [Jun 22 11:00:46:305] [dummy] Variable "installed" had value "1589196968" (211) [6] [Jun 22 11:00:46:305] [dummy] Info: "installed" changed to "1589196985" (212) [6] [Jun 22 11:00:46:305] [dummy] Key closed (213) [6] [Jun 22 11:00:46:305] [dummy] Section ending since next line is starting with "[" (214) [6] [Jun 22 11:00:46:305] [dummy] (215) [6] [Jun 22 11:00:46:305] [dummy] ~~~~~~~ End Sub ~~~~~~~ Sub "p:\dummy\delsub.opsiscript" (216) [6] [Jun 22 11:00:46:305] [dummy] (217) [1] [Jun 22 11:00:46:305] [dummy] ___________________ (218) [1] [Jun 22 11:00:46:305] [dummy] script finished: success (219) [1] [Jun 22 11:00:46:305] [dummy] 0 errors (220) [1] [Jun 22 11:00:46:305] [dummy] 4 warnings (221) [1] [Jun 22 11:00:46:305] [dummy] (222) [1] [Jun 22 11:00:46:305] [dummy] installed product: dummy Version: 1.0-1
Bemerkenswert:Code: Alles auswählen
(62) [1] [Jun 22 11:17:42:013] [dummy] ============ Version 4.12.3.12 script "p:\dummy\dummy.ins" (63) [1] [Jun 22 11:17:42:013] [dummy] used script encoding: Ansi (64) [1] [Jun 22 11:17:42:013] [dummy] used system encoding: cp1252 (65) [1] [Jun 22 11:17:42:013] [dummy] start: 2020-06-22 11:17:42 (66) [1] [Jun 22 11:17:42:013] [dummy] installing product: dummy_1.0-1 (67) [1] [Jun 22 11:17:42:013] [dummy] on client named "w10test.ta.ag" (68) [1] [Jun 22 11:17:42:013] [dummy] loggedin user "Administrator" (69) [1] [Jun 22 11:17:42:013] [dummy] opsi-script running as "SYSTEM" (70) [1] [Jun 22 11:17:42:013] [dummy] opsi-script running with admin privileges (71) [1] [Jun 22 11:17:42:013] [dummy] opsi-script running in standard script mode (72) [1] [Jun 22 11:17:42:013] [dummy] executing: "C:\Program Files (x86)\opsi.org\opsi-client-agent\opsi-winst\winst32.exe" (73) [1] [Jun 22 11:17:42:013] [dummy] system infos: (74) [1] [Jun 22 11:17:42:015] [dummy] 00-50-56-25-E6-65 - PC hardware address (75) [1] [Jun 22 11:17:42:015] [dummy] w10test - IP name (76) [1] [Jun 22 11:17:42:015] [dummy] 192.100.100.112 - IP address (77) [1] [Jun 22 11:17:42:015] [dummy] DEU - System default locale (78) [7] [Jun 22 11:17:42:015] [dummy] Registry started without redirection (64 Bit) (79) [7] [Jun 22 11:17:42:015] [dummy] Registry started readonly (80) [7] [Jun 22 11:17:42:015] [dummy] Registry started without redirection (64 Bit) (81) [6] [Jun 22 11:17:42:015] [dummy] Registry key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] opened (82) [6] [Jun 22 11:17:42:015] [dummy] Key closed (83) [1] [Jun 22 11:17:42:015] [dummy] MS Windows 10.0 64 Bit, Release: 1909, Edition: PRODUCT_PROFESSIONAL (84) [1] [Jun 22 11:17:42:015] [dummy] opsi service version : 4 (85) [1] [Jun 22 11:17:42:015] [dummy] (86) [7] [Jun 22 11:17:42:017] [dummy] Registry started readonly (87) [7] [Jun 22 11:17:42:017] [dummy] Registry started without redirection (64 Bit) (88) [6] [Jun 22 11:17:42:017] [dummy] Registry key [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion] opened (89) [6] [Jun 22 11:17:42:017] [dummy] Key closed (90) [7] [Jun 22 11:17:42:077] [dummy] Starting with script... (91) [7] [Jun 22 11:17:42:090] [dummy] Loaded sub from: p:\dummy\delsub.opsiscript with encoding: cp1252 (92) [6] [Jun 22 11:17:42:090] [dummy] (93) [6] [Jun 22 11:17:42:090] [dummy] ~~~~~~~ Start Sub ~~~~~~~ Sub "p:\dummy\delsub.opsiscript" (94) [5] [Jun 22 11:17:42:090] [dummy] Execution of: Registry_All /AllNTUserDats /SysNative (95) [5] [Jun 22 11:17:42:090] [dummy] (96) [7] [Jun 22 11:17:42:090] [dummy] Registry started without redirection (64 Bit) (97) [7] [Jun 22 11:17:42:090] [dummy] Registry started readonly (98) [7] [Jun 22 11:17:42:090] [dummy] Registry started without redirection (64 Bit) (99) [6] [Jun 22 11:17:42:090] [dummy] Registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18] opened (100) [6] [Jun 22 11:17:42:090] [dummy] Key closed (101) [7] [Jun 22 11:17:42:090] [dummy] Registry started readonly (102) [7] [Jun 22 11:17:42:090] [dummy] Registry started without redirection (64 Bit) (103) [6] [Jun 22 11:17:42:090] [dummy] Registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19] opened (104) [6] [Jun 22 11:17:42:090] [dummy] Key closed (105) [7] [Jun 22 11:17:42:091] [dummy] Registry started readonly (106) [7] [Jun 22 11:17:42:091] [dummy] Registry started without redirection (64 Bit) (107) [6] [Jun 22 11:17:42:091] [dummy] Registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20] opened (108) [6] [Jun 22 11:17:42:091] [dummy] Key closed (109) [7] [Jun 22 11:17:42:091] [dummy] Registry started readonly (110) [7] [Jun 22 11:17:42:091] [dummy] Registry started without redirection (64 Bit) (111) [6] [Jun 22 11:17:42:091] [dummy] Registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2353905032-159805905-49043801-1001] opened (112) [6] [Jun 22 11:17:42:091] [dummy] Key closed (113) [7] [Jun 22 11:17:42:091] [dummy] Registry started readonly (114) [7] [Jun 22 11:17:42:091] [dummy] Registry started without redirection (64 Bit) (115) [6] [Jun 22 11:17:42:091] [dummy] Registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2353905032-159805905-49043801-1002] opened (116) [6] [Jun 22 11:17:42:091] [dummy] Key closed (117) [7] [Jun 22 11:17:42:091] [dummy] Registry started readonly (118) [7] [Jun 22 11:17:42:091] [dummy] Registry started without redirection (64 Bit) (119) [6] [Jun 22 11:17:42:091] [dummy] Registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2353905032-159805905-49043801-500] opened (120) [6] [Jun 22 11:17:42:091] [dummy] Key closed (121) [6] [Jun 22 11:17:42:091] [dummy] (122) [6] [Jun 22 11:17:42:091] [dummy] Branch: paul (123) [6] [Jun 22 11:17:42:096] [dummy] "C:\Users\paul\NTUser.dat" loaded. (124) [5] [Jun 22 11:17:42:096] [dummy] (125) [7] [Jun 22 11:17:42:096] [dummy] Registry started without redirection (64 Bit) (126) [7] [Jun 22 11:17:42:096] [dummy] Key is: HKEY_CURRENT_USER\SOFTWARE\Test (127) [6] [Jun 22 11:17:42:096] [dummy] Registry key [HKEY_USERS\PatchNTUserdatTempUser\SOFTWARE\Test] opened (128) [6] [Jun 22 11:17:42:096] [dummy] Variable "installed" had value "1589196968" (129) [6] [Jun 22 11:17:42:096] [dummy] Info: "installed" changed to "1589196993" (130) [6] [Jun 22 11:17:42:096] [dummy] Key closed (131) [7] [Jun 22 11:17:42:096] [dummy] (132) [7] [Jun 22 11:17:42:099] [dummy] Flushed (133) [7] [Jun 22 11:17:42:102] [dummy] Unloaded (134) [6] [Jun 22 11:17:42:102] [dummy] (135) [6] [Jun 22 11:17:42:102] [dummy] Branch: mary (136) [6] [Jun 22 11:17:42:107] [dummy] "C:\Users\mary\NTUser.dat" loaded. (137) [5] [Jun 22 11:17:42:107] [dummy] (138) [7] [Jun 22 11:17:42:107] [dummy] Registry started without redirection (64 Bit) (139) [7] [Jun 22 11:17:42:107] [dummy] Key is: HKEY_CURRENT_USER\SOFTWARE\Test (140) [6] [Jun 22 11:17:42:107] [dummy] Registry key [HKEY_USERS\PatchNTUserdatTempUser\SOFTWARE\Test] opened (141) [6] [Jun 22 11:17:42:107] [dummy] Variable "installed" had value "1589196968" (142) [6] [Jun 22 11:17:42:107] [dummy] Info: "installed" changed to "1589196993" (143) [6] [Jun 22 11:17:42:107] [dummy] Key closed (144) [7] [Jun 22 11:17:42:107] [dummy] (145) [7] [Jun 22 11:17:42:109] [dummy] Flushed (146) [7] [Jun 22 11:17:42:111] [dummy] Unloaded (147) [6] [Jun 22 11:17:42:111] [dummy] (148) [6] [Jun 22 11:17:42:111] [dummy] Branch: Administrator (149) [4] [Jun 22 11:17:42:112] [dummy] Warning: NTUser.dat could not be loaded from path "C:\Users\Administrator\NTUser.dat". Code 32: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.< (150) [7] [Jun 22 11:17:42:112] [dummy] Registry started with redirection (32 Bit) (151) [7] [Jun 22 11:17:42:113] [dummy] Registry started with redirection (32 Bit) (152) [7] [Jun 22 11:17:42:113] [dummy] The Branch for :Administrator seems to be the logged in user, (153) [7] [Jun 22 11:17:42:113] [dummy] so let us try to patch it via HKUsers\SID (154) [7] [Jun 22 11:17:42:114] [dummy] sidStr :S-1-5-21-2353905032-159805905-49043801-500 (155) [5] [Jun 22 11:17:42:114] [dummy] (156) [7] [Jun 22 11:17:42:114] [dummy] Registry started without redirection (64 Bit) (157) [7] [Jun 22 11:17:42:114] [dummy] Key is: HKEY_CURRENT_USER\SOFTWARE\Test (158) [6] [Jun 22 11:17:42:114] [dummy] Registry key [HKEY_USERS\S-1-5-21-2353905032-159805905-49043801-500\SOFTWARE\Test] opened (159) [6] [Jun 22 11:17:42:114] [dummy] Variable "installed" had value "1589196985" (160) [6] [Jun 22 11:17:42:114] [dummy] Info: "installed" changed to "1589196993" (161) [6] [Jun 22 11:17:42:114] [dummy] Key closed (162) [7] [Jun 22 11:17:42:114] [dummy] (163) [7] [Jun 22 11:17:42:115] [dummy] Flushed (164) [6] [Jun 22 11:17:42:115] [dummy] (165) [6] [Jun 22 11:17:42:115] [dummy] Branch: Default (166) [6] [Jun 22 11:17:42:119] [dummy] "C:\Users\Default\NTUser.dat" loaded. (167) [5] [Jun 22 11:17:42:119] [dummy] (168) [7] [Jun 22 11:17:42:119] [dummy] Registry started without redirection (64 Bit) (169) [7] [Jun 22 11:17:42:119] [dummy] Key is: HKEY_CURRENT_USER\SOFTWARE\Test (170) [6] [Jun 22 11:17:42:119] [dummy] Registry key [HKEY_USERS\PatchNTUserdatTempUser\SOFTWARE\Test] opened (171) [6] [Jun 22 11:17:42:119] [dummy] Variable "installed" had value "1589196968" (172) [6] [Jun 22 11:17:42:119] [dummy] Info: "installed" changed to "1589196993" (173) [6] [Jun 22 11:17:42:119] [dummy] Key closed (174) [7] [Jun 22 11:17:42:120] [dummy] (175) [7] [Jun 22 11:17:42:121] [dummy] Flushed (176) [7] [Jun 22 11:17:42:124] [dummy] Unloaded (177) [6] [Jun 22 11:17:42:124] [dummy] (178) [6] [Jun 22 11:17:42:124] [dummy] Make it for user .DEFAULT (179) [5] [Jun 22 11:17:42:124] [dummy] (180) [7] [Jun 22 11:17:42:124] [dummy] Registry started without redirection (64 Bit) (181) [7] [Jun 22 11:17:42:124] [dummy] Key is: HKEY_CURRENT_USER\SOFTWARE\Test (182) [6] [Jun 22 11:17:42:124] [dummy] Registry key [HKEY_USERS\.DEFAULT\SOFTWARE\Test] opened (183) [6] [Jun 22 11:17:42:124] [dummy] Variable "installed" had value "1589196985" (184) [6] [Jun 22 11:17:42:124] [dummy] Info: "installed" changed to "1589196993" (185) [6] [Jun 22 11:17:42:124] [dummy] Key closed (186) [6] [Jun 22 11:17:42:124] [dummy] Section ending since next line is starting with "[" (187) [6] [Jun 22 11:17:42:124] [dummy] (188) [6] [Jun 22 11:17:42:124] [dummy] ~~~~~~~ End Sub ~~~~~~~ Sub "p:\dummy\delsub.opsiscript" (189) [6] [Jun 22 11:17:42:124] [dummy] (190) [1] [Jun 22 11:17:42:124] [dummy] ___________________ (191) [1] [Jun 22 11:17:42:124] [dummy] script finished: success (192) [1] [Jun 22 11:17:42:124] [dummy] 0 errors (193) [1] [Jun 22 11:17:42:124] [dummy] 1 warning (194) [1] [Jun 22 11:17:42:124] [dummy] (195) [1] [Jun 22 11:17:42:124] [dummy] installed product: dummy Version: 1.0-1
The Branch for :paul seems to be the logged in user,
so let us try to patch it via HKUsers\SID
sidStr :S-1-5-21-2353905032-159805905-49043801-500
Das ist - mit Verlaub - bullshit.
Angemeldet war administrator. Und die SID gehört auch zu ebendiesem.
Bei Mary haben wir das gleiche Spiel.
Code: Alles auswählen
registry loadUnicodeTextFile("%ScriptPath%\config\AcceptEULA.reg") /regedit /AllNTUserDats
opsi-client-agent : 4.1.0.0-40
opsi-winst : 4.12.3.12-1
Viele Grüße
isnoguter