Registry /AllNTUserDats - Code 1314: Dem Client fehlt ein erforderliches Recht.

[isnoguter]

Hallo,

ich habe folgendes Problem und kann mir die Ursache nicht erklären.

1. Skripte wie dieses haben schon funktioniert ... funktionieren aber jetzt auch nicht mehr
2. An den GPOs habe ich nichts geändert
3. Auch der Vierenscanner ist unschuldig
4. Die Berechtigungen in Registry und der NTUser.dat sind Windows Standard

Der Code ...

Code: Alles auswählen

Registry_AcceptEULA /AllNTUserDats

[Registry_AcceptEULA]
openkey [HKEY_CURRENT_USER\SOFTWARE\Fortinet\FortiClient\FA_UI\VPN-6.4.0.1464]
set "installed"=reg_dword:0x5eb938a8

oder auch der Code ...

Code: Alles auswählen

registry loadUnicodeTextFile("%ScriptPath%\config\AcceptEULA.reg") /regedit /AllNTUserDats

erzeugt dieses Log:

Code: Alles auswählen

(6934)    [5] [Jun 17 09:56:19:499] [lra_forticlient]   Execution of: Registry_AcceptEULA /AllNTUserDats
(6935)    [5] [Jun 17 09:56:19:499] [lra_forticlient]   
(6936)    [6] [Jun 17 09:56:19:500] [lra_forticlient]     Registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18]  opened
(6937)    [6] [Jun 17 09:56:19:500] [lra_forticlient]     Key closed
(6938)    [6] [Jun 17 09:56:19:500] [lra_forticlient]     Registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19]  opened
(6939)    [6] [Jun 17 09:56:19:500] [lra_forticlient]     Key closed
(6940)    [6] [Jun 17 09:56:19:500] [lra_forticlient]     Registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20]  opened
(6941)    [6] [Jun 17 09:56:19:500] [lra_forticlient]     Key closed
(6942)    [6] [Jun 17 09:56:19:500] [lra_forticlient]     Registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2974151604-755877624-1240835612-500]  opened
(6943)    [6] [Jun 17 09:56:19:500] [lra_forticlient]     Key closed
(6944)    [6] [Jun 17 09:56:19:500] [lra_forticlient]     Registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-484763869-1580436667-725345543-1558]  opened
(6945)    [6] [Jun 17 09:56:19:500] [lra_forticlient]     Key closed
(6946)    [6] [Jun 17 09:56:19:500] [lra_forticlient]     
(6947)    [6] [Jun 17 09:56:19:500] [lra_forticlient]     Branch: Administrator
(6948)    [4] [Jun 17 09:56:19:502] [lra_forticlient]     Warning: NTUser.dat could not be loaded from path "C:\Users\Administrator\NTUser.dat". Code 1314: Dem Client fehlt ein erforderliches Recht.<
(6949)    [6] [Jun 17 09:56:19:502] [lra_forticlient]     
(6950)    [6] [Jun 17 09:56:19:502] [lra_forticlient]     Branch: admin
(6951)    [4] [Jun 17 09:56:19:502] [lra_forticlient]     Warning: NTUser.dat could not be loaded from path "C:\Users\admin\NTUser.dat". Code 1314: Dem Client fehlt ein erforderliches Recht.<
(6952)    [6] [Jun 17 09:56:19:502] [lra_forticlient]     
(6953)    [6] [Jun 17 09:56:19:502] [lra_forticlient]     Branch: Default
(6954)    [4] [Jun 17 09:56:19:503] [lra_forticlient]     Warning: NTUser.dat could not be loaded from path "C:\Users\Default\NTUser.dat". Code 1314: Dem Client fehlt ein erforderliches Recht.<
(6955)    [6] [Jun 17 09:56:19:503] [lra_forticlient]     
(6956)    [6] [Jun 17 09:56:19:503] [lra_forticlient]     Make it for user .DEFAULT
(6957)    [5] [Jun 17 09:56:19:503] [lra_forticlient]       
(6958)    [6] [Jun 17 09:56:19:504] [lra_forticlient]         Registry key [HKEY_USERS\.DEFAULT\SOFTWARE\Fortinet\FortiClient\FA_UI\VPN-6.4.0.1464]  created
(6959)    [6] [Jun 17 09:56:19:504] [lra_forticlient]                   Variable "installed"  set to "0x5eb938a8"
(6960)    [6] [Jun 17 09:56:19:504] [lra_forticlient]                   Key closed

Es werden natürlich keine Einträge gesetzt. Weder für bestehende noch für noch nie am Client angemeldete Benutzer.

Starte ich die Installation on_demand mit angemeldeten Benutzer, wird die Registry des angemeldeten Benutzer gepacht und ich erhalte das folgende Log:

Code: Alles auswählen

(373)     [5] [Jun 18 08:29:52:916] [lra_forticlient]   Execution of: Registry_AcceptEULA /AllNTUserDats
(374)     [5] [Jun 18 08:29:52:916] [lra_forticlient]   
(375)     [6] [Jun 18 08:29:52:916] [lra_forticlient]     Registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18]  opened
(376)     [6] [Jun 18 08:29:52:917] [lra_forticlient]     Key closed
(377)     [6] [Jun 18 08:29:52:917] [lra_forticlient]     Registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19]  opened
(378)     [6] [Jun 18 08:29:52:917] [lra_forticlient]     Key closed
(379)     [6] [Jun 18 08:29:52:917] [lra_forticlient]     Registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20]  opened
(380)     [6] [Jun 18 08:29:52:917] [lra_forticlient]     Key closed
(381)     [6] [Jun 18 08:29:52:917] [lra_forticlient]     Registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2974151604-755877624-1240835612-500]  opened
(382)     [6] [Jun 18 08:29:52:917] [lra_forticlient]     Key closed
(383)     [6] [Jun 18 08:29:52:917] [lra_forticlient]     Registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-484763869-1580436667-725345543-1558]  opened
(384)     [6] [Jun 18 08:29:52:917] [lra_forticlient]     Key closed
(385)     [6] [Jun 18 08:29:52:917] [lra_forticlient]     
(386)     [6] [Jun 18 08:29:52:917] [lra_forticlient]     Branch: Administrator
(387)     [4] [Jun 18 08:29:52:918] [lra_forticlient]     Warning: NTUser.dat could not be loaded from path "C:\Users\Administrator\NTUser.dat". Code 1314: Dem Client fehlt ein erforderliches Recht.<
(388)     [6] [Jun 18 08:29:52:922] [lra_forticlient]     Info: Registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\[S-1-5-21-484763869-1580436667-725345543-1558]]   could not be opened by RegOpenKeyEx,  Errorno 2 "Das System kann die angegebene Datei nicht finden.<"
(389)     [5] [Jun 18 08:29:52:923] [lra_forticlient]       
(390)     [6] [Jun 18 08:29:52:924] [lra_forticlient]         Registry key [HKEY_USERS\S-1-5-21-484763869-1580436667-725345543-1558\SOFTWARE\Fortinet\FortiClient\FA_UI\VPN-6.4.0.1464]  created
(391)     [6] [Jun 18 08:29:52:924] [lra_forticlient]                   Variable "installed"  set to "0x5eb938a8"
(392)     [6] [Jun 18 08:29:52:924] [lra_forticlient]                   Key closed
(393)     [6] [Jun 18 08:29:52:949] [lra_forticlient]     
(394)     [6] [Jun 18 08:29:52:949] [lra_forticlient]     Branch: admin
(395)     [4] [Jun 18 08:29:52:950] [lra_forticlient]     Warning: NTUser.dat could not be loaded from path "C:\Users\admin\NTUser.dat". Code 1314: Dem Client fehlt ein erforderliches Recht.<
(396)     [5] [Jun 18 08:29:52:953] [lra_forticlient]       
(397)     [6] [Jun 18 08:29:52:953] [lra_forticlient]         Registry key [HKEY_USERS\S-1-5-21-484763869-1580436667-725345543-1558\SOFTWARE\Fortinet\FortiClient\FA_UI\VPN-6.4.0.1464]  opened
(398)     [6] [Jun 18 08:29:52:953] [lra_forticlient]                   Variable "installed"  is keeping its value "1589196968"
(399)     [6] [Jun 18 08:29:52:953] [lra_forticlient]                   Key closed
(400)     [6] [Jun 18 08:29:52:953] [lra_forticlient]     
(401)     [6] [Jun 18 08:29:52:953] [lra_forticlient]     Branch: Default
(402)     [4] [Jun 18 08:29:52:954] [lra_forticlient]     Warning: NTUser.dat could not be loaded from path "C:\Users\Default\NTUser.dat". Code 1314: Dem Client fehlt ein erforderliches Recht.<
(403)     [6] [Jun 18 08:29:52:956] [lra_forticlient]     Info: Registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\[S-1-5-21-484763869-1580436667-725345543-1558]]   could not be opened by RegOpenKeyEx,  Errorno 2 "Das System kann die angegebene Datei nicht finden.<"
(404)     [5] [Jun 18 08:29:52:958] [lra_forticlient]       
(405)     [6] [Jun 18 08:29:52:958] [lra_forticlient]         Registry key [HKEY_USERS\S-1-5-21-484763869-1580436667-725345543-1558\SOFTWARE\Fortinet\FortiClient\FA_UI\VPN-6.4.0.1464]  opened
(406)     [6] [Jun 18 08:29:52:958] [lra_forticlient]                   Variable "installed"  is keeping its value "1589196968"
(407)     [6] [Jun 18 08:29:52:958] [lra_forticlient]                   Key closed
(408)     [6] [Jun 18 08:29:52:958] [lra_forticlient]     
(409)     [6] [Jun 18 08:29:52:958] [lra_forticlient]     Make it for user .DEFAULT
(410)     [5] [Jun 18 08:29:52:958] [lra_forticlient]       
(411)     [6] [Jun 18 08:29:52:959] [lra_forticlient]         Registry key [HKEY_USERS\.DEFAULT\SOFTWARE\Fortinet\FortiClient\FA_UI\VPN-6.4.0.1464]  opened
(412)     [6] [Jun 18 08:29:52:959] [lra_forticlient]                   Variable "installed"  is keeping its value "1589196968"
(413)     [6] [Jun 18 08:29:52:959] [lra_forticlient]                   Key closed

Versionen:
opsi-client-agent : 4.1.0.0-40
opsi-winst : 4.12.3.12-1
Windows 10 1903

Ich hoffe ihr könnt mir helfen.

Viele Grüße

[uncle_scrooge]

Tritt das Problem nur bei ..\SOFTWARE\Fortinet\FortiClient\.. auf? Oder auch bei Zweigen, die nichts mit Fortinet zu tun haben?
Wenn das Script schon mal gelaufen ist, wann wurde der Fortinet Client aktualisiert? Oder anders gefragt: Ist nach der letzten Aktualisierung das Skript auch noch gelaufen?

[isnoguter]

Ich habe das Problem erstmalig bei dem Forticlient-Paket festgestellt. Es sind aber auch andere Pakete (vermutlich alle) betroffen die /AllNTUserDats nutzen. Es betrifft alle Teile der Registry unter HKEY_CURRENT_USER.

[uncle_scrooge]

Ich fürchte, da mußt Du bei euch intern suchen.

Ich habe gerade mal Dein snippet hergenommen, und auf eine Spielkiste losgelassen.
Läuft problemfrei.
Agent und Winst sind mit Deinen Versionen identisch.
Win10 1903 habe ich gerade nicht herumliegen. Darum gegen Win10 1909.
Und, es ist kein Fortinet Client drauf.

(Der Hintergrund meiner Fragen war, daß diverse Software gerne den Daumen auf ihre Konfiguration hat. Als Beispiel nur McAfee Agent/ENS. Da kommt man an bestimmte Teile der Registry oder Konfigurationen im Dateisystem nicht ran.)

[isnoguter]

(Der Hintergrund meiner Fragen war, daß diverse Software gerne den Daumen auf ihre Konfiguration hat. Als Beispiel nur McAfee Agent/ENS. Da kommt man an bestimmte Teile der Registry oder Konfigurationen im Dateisystem nicht ran.)

Ich kenne das auch von Symantec, ist hier aber nicht der Fall.

Ich habe das Problem weiter untersucht.

Erstmal habe ich alle Pakete gesucht die /AllNTUserDats nutzen.
Damit habe ich herausgefunden das mehrere Pakete betroffen sind aber nicht alle.
Danach habe ich Pakete die funktionieren und Pakete die nicht funktionieren zusammen auf setup gesetzt.

Szenario:
PaketA -> funktioniert
PaketB -> funktioniert nicht
PaketC -> funktioniert

Beispiel:
1)
PaketA -> setup -> Registry wird gepacht
PaketB -> setup -> Registry wird nicht gepacht

2)
PaketA -> setup -> Registry wird gepacht
PaketC -> setup -> Registry wird gepacht

3)
PaketB -> setup -> Registry wird nicht gepacht
PaketC -> setup -> Registry wird nicht gepacht

D.h. Wenn einmal ein Paket den Fehler "Code 1314: Dem Client fehlt ein erforderliches Recht." erzeugt hat, funktioniert das nachfolgende Paket auch nicht mehr.

Also habe ich mich auf die Suche gemacht was an den Paketen die nicht funktionieren anders ist.
Das Problem war im delsub.opsiscript.

Bei dem Forticlient-Paket war es der Aufruf:

Code: Alles auswählen

ExecWith_AutoHotkey "%ScriptPath%\autohotkey.exe" WINST /letThemGo

Bei einem anderen Paket hatte es was mit KillTask zu tun:

Code: Alles auswählen

KillTask "d3login.exe"
KillTask "dvinstall.exe"
KillTask "dwatch.exe"
KillTask "dxplorer.exe"

Nach dem auskommentieren haben meine beiden Testpakete wieder funktioniert.

Trotzdem weiß ich nicht warum das Problem so plötzlich aufgetreten ist. Die Skripte haben alle mal funktioniert und gelöst ist mein Problem damit auch nicht. Schließlich habe ich mir bei ExecWith und KillTask etwas gedacht.

Evtl. kann das nochmal jemand in seiner Umgebung nachstellen?

[uncle_scrooge]

Das mit dem Nachstellen dürfte etwas schwierig werden.
- Wir haben keine Ahnung, welches Skript Du mit AHK aufrufst. Und ob es in diesem Kontext eine gute Idee ist, das in einem separaten thread (/letthemgo) laufen zu lassen.
- Die Reihenfolge irgendwelcher Aufrufe ist völlig unklar.
- Und was killtask angeht - klar wir können ein taskkill ntkernel.sys einbauen. Aber ob das dann denselben Effekt wie bei Dir hat?
In kurz: Ohne Deine Skripte und der Software, die Du installieren willst, wird das nix.

Und ich würde behaupten, wenn es wirklich (seit Version x.y) ein grundsätzliches Problem mit ExecWith und KillTask gäbe, wäre der Aufschrei hier im Forum unüberhörbar.

[isnoguter]

Das mit dem Nachstellen dürfte etwas schwierig werden.

Wenn du es mal in deiner Umgebung testen willst, kann ich dir mein Paket hochladen.

Und ich würde behaupten, wenn es wirklich (seit Version x.y) ein grundsätzliches Problem mit ExecWith und KillTask gäbe, wäre der Aufschrei hier im Forum unüberhörbar.

Ja, das denke ich auch. ABER: Das Problem tritt nur auf wenn KillTask/ExecWith genutzt wird und dann auch noch /AllNTUserDats irgendwo genutzt wird. Vllt. ist das nicht so häufig.

Trotzdem habe ich das Problem in einer anderen Umgebung (identische Version opsi-client-agent und opsi-winst) gerade nachstellen können.

Und jetzt kommts ... Ich habe meinen Uralt-Server wieder hochgefahren, das Paket dort installiert und auf einem alten Windows 7 Client getestet.
opsi-client-agent : 4.0.7.3-1
opsi-winst : 4.12.0.35-1
Paket läuft ohne Probleme und die Registry wird gepatcht.

[uncle_scrooge]

>>Wenn du es mal in deiner Umgebung testen willst, kann ich dir mein Paket hochladen.
Mach mal.

[isnoguter]

Mir ist gestern beim Sport noch etwas eingefallen.

ExecWith ist unschludig! Ich habe nach dem

Code: Alles auswählen

ExecWith_AutoHotkey "%ScriptPath%\autohotkey.exe" WINST /letThemGo

noch ein

Code: Alles auswählen

KillTask "autohotkey.exe"

am Ende von delsup.opsiscript. Sobald KillTask auskommentiert wird funktioniert das Skript.

Jetzt habe ich versucht das Problem mit einem möglichst kurzen Skript zu reproduzieren.
Dieses setup.opsiscript sollte mit dem Wissen meiner vorherigen Posts eigentlich nicht funktionieren. Es funktioniert aber ohne Probleme.

Code: Alles auswählen

[Actions]
requiredWinstVersion >= "4.11.3.3"
ScriptErrorMessages = false

KillTask "spoolsv.exe"

Registry_AcceptEULA /AllNTUserDats

[Registry_AcceptEULA]
openkey [HKEY_CURRENT_USER\SOFTWARE\Test]
set "installed"=reg_dword:0x5eb938a8

Nach weiterer Suche habe ich nun folgenden Stand.
Das setup.opsiscipt, muss das delsub.opsiscript aufrufen und damit entsteht der Fehler.
Wird KillTask im delsub.opsiscript auskommentiert funktioniert das Skript.
Der angegebene Prozess muss von KillTask beendet werden. KillTask "blablabla.exe" verursacht den Fehler nicht.
Beispiel:
setup.opsiscript

Code: Alles auswählen

[Actions]
requiredWinstVersion >= "4.11.3.3"
ScriptErrorMessages = false

Sub "%ScriptPath%\delsub.opsiscript"

delsup.opsiscript

Code: Alles auswählen

KillTask "spoolsv.exe"

Registry_AcceptEULA /AllNTUserDats

[Registry_AcceptEULA]
openkey [HKEY_CURRENT_USER\SOFTWARE\Test]
set "installed"=reg_dword:0x5eb938a8

Kannst du das mal bei dir testen?
Evtl. ist der Upload des genzen Paketes dann auch nicht mehr nötig.

[uncle_scrooge]

Gehen Sie direkt ins Forum 'Bugs'. Gehen Sie nicht über Los. Ziehen Sie keine 4000DM ein.

Log mit KillTask:

Code: Alles auswählen

(62)      [1] [Jun 22 11:00:46:176] [dummy] ============ Version 4.12.3.12 script "p:\dummy\dummy.ins"
(63)      [1] [Jun 22 11:00:46:176] [dummy]              used script encoding: Ansi
(64)      [1] [Jun 22 11:00:46:176] [dummy]              used system encoding: cp1252
(65)      [1] [Jun 22 11:00:46:176] [dummy]              start: 2020-06-22  11:00:46
(66)      [1] [Jun 22 11:00:46:176] [dummy]              installing product: dummy_1.0-1
(67)      [1] [Jun 22 11:00:46:176] [dummy]              on client named    "w10test.ta.ag"
(68)      [1] [Jun 22 11:00:46:176] [dummy]              loggedin user    "Administrator"
(69)      [1] [Jun 22 11:00:46:176] [dummy]              opsi-script running as    "SYSTEM"
(70)      [1] [Jun 22 11:00:46:176] [dummy]              opsi-script running with admin privileges
(71)      [1] [Jun 22 11:00:46:176] [dummy]              opsi-script running in standard script mode
(72)      [1] [Jun 22 11:00:46:176] [dummy] executing: "C:\Program Files (x86)\opsi.org\opsi-client-agent\opsi-winst\winst32.exe"
(73)      [1] [Jun 22 11:00:46:176] [dummy] system infos:
(74)      [1] [Jun 22 11:00:46:178] [dummy] 00-50-56-25-E6-65  -  PC hardware address
(75)      [1] [Jun 22 11:00:46:178] [dummy] w10test  -  IP name
(76)      [1] [Jun 22 11:00:46:178] [dummy] 192.100.100.112  -  IP address
(77)      [1] [Jun 22 11:00:46:178] [dummy] DEU  -  System default locale
(78)      [7] [Jun 22 11:00:46:178] [dummy] Registry started without redirection (64 Bit)
(79)      [7] [Jun 22 11:00:46:178] [dummy] Registry started readonly
(80)      [7] [Jun 22 11:00:46:178] [dummy] Registry started without redirection (64 Bit)
(81)      [6] [Jun 22 11:00:46:178] [dummy] Registry key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion]  opened
(82)      [6] [Jun 22 11:00:46:178] [dummy] Key closed
(83)      [1] [Jun 22 11:00:46:178] [dummy] MS Windows 10.0 64 Bit, Release: 1909, Edition: PRODUCT_PROFESSIONAL
(84)      [1] [Jun 22 11:00:46:178] [dummy] opsi service version : 4
(85)      [1] [Jun 22 11:00:46:178] [dummy] 
(86)      [7] [Jun 22 11:00:46:178] [dummy] Registry started readonly
(87)      [7] [Jun 22 11:00:46:178] [dummy] Registry started without redirection (64 Bit)
(88)      [6] [Jun 22 11:00:46:178] [dummy] Registry key [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion]  opened
(89)      [6] [Jun 22 11:00:46:178] [dummy] Key closed
(90)      [7] [Jun 22 11:00:46:244] [dummy] Starting with script...
(91)      [7] [Jun 22 11:00:46:257] [dummy] Loaded sub from: p:\dummy\delsub.opsiscript with encoding: cp1252
(92)      [6] [Jun 22 11:00:46:257] [dummy] 
(93)      [6] [Jun 22 11:00:46:257] [dummy] ~~~~~~~ Start Sub ~~~~~~~  Sub "p:\dummy\delsub.opsiscript"
(94)      [7] [Jun 22 11:00:46:257] [dummy] Session owner found: W10TEST\Administrator
(95)      [7] [Jun 22 11:00:46:260] [dummy] winst owner found: NT-AUTORIT�T\SYSTEM
(96)      [7] [Jun 22 11:00:46:284] [dummy] Will kill exe: spoolsv.exe pid: 4156 from user: NT-AUTORIT�T\SYSTEM
(97)      [7] [Jun 22 11:00:46:284] [dummy] Try to kill process with pid: 4156
(98)      [7] [Jun 22 11:00:46:284] [dummy] killed process with pid: 4156
(99)      [6] [Jun 22 11:00:46:285] [dummy] 1 instance(s) of "spoolsv.exe" stopped
(100)     [5] [Jun 22 11:00:46:285] [dummy] Execution of: Registry_All /AllNTUserDats
(101)     [5] [Jun 22 11:00:46:285] [dummy] 
(102)     [7] [Jun 22 11:00:46:285] [dummy]   Registry started without redirection (64 Bit)
(103)     [7] [Jun 22 11:00:46:285] [dummy]   Registry started readonly
(104)     [7] [Jun 22 11:00:46:285] [dummy]   Registry started without redirection (64 Bit)
(105)     [6] [Jun 22 11:00:46:285] [dummy]   Registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18]  opened
(106)     [6] [Jun 22 11:00:46:285] [dummy]   Key closed
(107)     [7] [Jun 22 11:00:46:285] [dummy]   Registry started readonly
(108)     [7] [Jun 22 11:00:46:285] [dummy]   Registry started without redirection (64 Bit)
(109)     [6] [Jun 22 11:00:46:285] [dummy]   Registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19]  opened
(110)     [6] [Jun 22 11:00:46:285] [dummy]   Key closed
(111)     [7] [Jun 22 11:00:46:285] [dummy]   Registry started readonly
(112)     [7] [Jun 22 11:00:46:285] [dummy]   Registry started without redirection (64 Bit)
(113)     [6] [Jun 22 11:00:46:285] [dummy]   Registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20]  opened
(114)     [6] [Jun 22 11:00:46:286] [dummy]   Key closed
(115)     [7] [Jun 22 11:00:46:286] [dummy]   Registry started readonly
(116)     [7] [Jun 22 11:00:46:286] [dummy]   Registry started without redirection (64 Bit)
(117)     [6] [Jun 22 11:00:46:286] [dummy]   Registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2353905032-159805905-49043801-1001]  opened
(118)     [6] [Jun 22 11:00:46:286] [dummy]   Key closed
(119)     [7] [Jun 22 11:00:46:286] [dummy]   Registry started readonly
(120)     [7] [Jun 22 11:00:46:286] [dummy]   Registry started without redirection (64 Bit)
(121)     [6] [Jun 22 11:00:46:286] [dummy]   Registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2353905032-159805905-49043801-1002]  opened
(122)     [6] [Jun 22 11:00:46:286] [dummy]   Key closed
(123)     [7] [Jun 22 11:00:46:286] [dummy]   Registry started readonly
(124)     [7] [Jun 22 11:00:46:286] [dummy]   Registry started without redirection (64 Bit)
(125)     [6] [Jun 22 11:00:46:286] [dummy]   Registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2353905032-159805905-49043801-500]  opened
(126)     [6] [Jun 22 11:00:46:286] [dummy]   Key closed
(127)     [6] [Jun 22 11:00:46:286] [dummy]   
(128)     [6] [Jun 22 11:00:46:286] [dummy]   Branch: paul
(129)     [4] [Jun 22 11:00:46:288] [dummy]   Warning: NTUser.dat could not be loaded from path "C:\Users\paul\NTUser.dat". Code 1314: Dem Client fehlt ein erforderliches Recht.<
(130)     [7] [Jun 22 11:00:46:288] [dummy]   Registry started with redirection (32 Bit)
(131)     [7] [Jun 22 11:00:46:289] [dummy]   Registry started with redirection (32 Bit)
(132)     [7] [Jun 22 11:00:46:290] [dummy]   Registry started readonly
(133)     [7] [Jun 22 11:00:46:290] [dummy]   Registry started without redirection (64 Bit)
(134)     [6] [Jun 22 11:00:46:290] [dummy]   Info: Registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\[S-1-5-21-2353905032-159805905-49043801-500]]   could not be opened by RegOpenKeyEx,  Errorno 2 "Das System kann die angegebene Datei nicht finden.<"
(135)     [7] [Jun 22 11:00:46:290] [dummy]   Registry started with redirection (32 Bit)
(136)     [7] [Jun 22 11:00:46:290] [dummy]   The Branch for :paul seems to be the logged in user,
(137)     [7] [Jun 22 11:00:46:290] [dummy]   so let us try to patch it via HKUsers\SID
(138)     [7] [Jun 22 11:00:46:291] [dummy]     sidStr :S-1-5-21-2353905032-159805905-49043801-500
(139)     [5] [Jun 22 11:00:46:291] [dummy]     
(140)     [7] [Jun 22 11:00:46:291] [dummy]       Registry started with redirection (32 Bit)
(141)     [7] [Jun 22 11:00:46:291] [dummy]       Key is: HKEY_CURRENT_USER\SOFTWARE\Test
(142)     [6] [Jun 22 11:00:46:291] [dummy]       Registry key [HKEY_USERS\S-1-5-21-2353905032-159805905-49043801-500\SOFTWARE\Test]  opened
(143)     [6] [Jun 22 11:00:46:291] [dummy]           Variable "installed"  had value  "1589196968"
(144)     [6] [Jun 22 11:00:46:291] [dummy]           Info:    "installed"  changed to "1589196985"
(145)     [6] [Jun 22 11:00:46:291] [dummy]           Key closed
(146)     [7] [Jun 22 11:00:46:291] [dummy]     
(147)     [7] [Jun 22 11:00:46:292] [dummy]   Flushed
(148)     [6] [Jun 22 11:00:46:292] [dummy]   
(149)     [6] [Jun 22 11:00:46:292] [dummy]   Branch: mary
(150)     [4] [Jun 22 11:00:46:293] [dummy]   Warning: NTUser.dat could not be loaded from path "C:\Users\mary\NTUser.dat". Code 1314: Dem Client fehlt ein erforderliches Recht.<
(151)     [7] [Jun 22 11:00:46:293] [dummy]   Registry started with redirection (32 Bit)
(152)     [7] [Jun 22 11:00:46:294] [dummy]   Registry started with redirection (32 Bit)
(153)     [7] [Jun 22 11:00:46:295] [dummy]   Registry started readonly
(154)     [7] [Jun 22 11:00:46:295] [dummy]   Registry started without redirection (64 Bit)
(155)     [6] [Jun 22 11:00:46:295] [dummy]   Info: Registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\[S-1-5-21-2353905032-159805905-49043801-500]]   could not be opened by RegOpenKeyEx,  Errorno 2 "Das System kann die angegebene Datei nicht finden.<"
(156)     [7] [Jun 22 11:00:46:295] [dummy]   Registry started with redirection (32 Bit)
(157)     [7] [Jun 22 11:00:46:295] [dummy]   The Branch for :mary seems to be the logged in user,
(158)     [7] [Jun 22 11:00:46:295] [dummy]   so let us try to patch it via HKUsers\SID
(159)     [7] [Jun 22 11:00:46:296] [dummy]     sidStr :S-1-5-21-2353905032-159805905-49043801-500
(160)     [5] [Jun 22 11:00:46:296] [dummy]     
(161)     [7] [Jun 22 11:00:46:296] [dummy]       Registry started with redirection (32 Bit)
(162)     [7] [Jun 22 11:00:46:296] [dummy]       Key is: HKEY_CURRENT_USER\SOFTWARE\Test
(163)     [6] [Jun 22 11:00:46:296] [dummy]       Registry key [HKEY_USERS\S-1-5-21-2353905032-159805905-49043801-500\SOFTWARE\Test]  opened
(164)     [6] [Jun 22 11:00:46:296] [dummy]           Variable "installed"  is keeping its value "1589196985"
(165)     [6] [Jun 22 11:00:46:296] [dummy]           Key closed
(166)     [7] [Jun 22 11:00:46:296] [dummy]     
(167)     [7] [Jun 22 11:00:46:296] [dummy]   Flushed
(168)     [6] [Jun 22 11:00:46:296] [dummy]   
(169)     [6] [Jun 22 11:00:46:296] [dummy]   Branch: Administrator
(170)     [4] [Jun 22 11:00:46:297] [dummy]   Warning: NTUser.dat could not be loaded from path "C:\Users\Administrator\NTUser.dat". Code 1314: Dem Client fehlt ein erforderliches Recht.<
(171)     [7] [Jun 22 11:00:46:297] [dummy]   Registry started with redirection (32 Bit)
(172)     [7] [Jun 22 11:00:46:298] [dummy]   Registry started with redirection (32 Bit)
(173)     [7] [Jun 22 11:00:46:298] [dummy]   The Branch for :Administrator seems to be the logged in user,
(174)     [7] [Jun 22 11:00:46:298] [dummy]   so let us try to patch it via HKUsers\SID
(175)     [7] [Jun 22 11:00:46:298] [dummy]     sidStr :S-1-5-21-2353905032-159805905-49043801-500
(176)     [5] [Jun 22 11:00:46:298] [dummy]     
(177)     [7] [Jun 22 11:00:46:298] [dummy]       Registry started with redirection (32 Bit)
(178)     [7] [Jun 22 11:00:46:298] [dummy]       Key is: HKEY_CURRENT_USER\SOFTWARE\Test
(179)     [6] [Jun 22 11:00:46:298] [dummy]       Registry key [HKEY_USERS\S-1-5-21-2353905032-159805905-49043801-500\SOFTWARE\Test]  opened
(180)     [6] [Jun 22 11:00:46:298] [dummy]           Variable "installed"  is keeping its value "1589196985"
(181)     [6] [Jun 22 11:00:46:298] [dummy]           Key closed
(182)     [7] [Jun 22 11:00:46:299] [dummy]     
(183)     [7] [Jun 22 11:00:46:299] [dummy]   Flushed
(184)     [6] [Jun 22 11:00:46:299] [dummy]   
(185)     [6] [Jun 22 11:00:46:299] [dummy]   Branch: Default
(186)     [4] [Jun 22 11:00:46:299] [dummy]   Warning: NTUser.dat could not be loaded from path "C:\Users\Default\NTUser.dat". Code 1314: Dem Client fehlt ein erforderliches Recht.<
(187)     [7] [Jun 22 11:00:46:300] [dummy]   Registry started with redirection (32 Bit)
(188)     [7] [Jun 22 11:00:46:300] [dummy]   Registry started with redirection (32 Bit)
(189)     [7] [Jun 22 11:00:46:301] [dummy]   Registry started readonly
(190)     [7] [Jun 22 11:00:46:301] [dummy]   Registry started without redirection (64 Bit)
(191)     [6] [Jun 22 11:00:46:301] [dummy]   Info: Registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\[S-1-5-21-2353905032-159805905-49043801-500]]   could not be opened by RegOpenKeyEx,  Errorno 2 "Das System kann die angegebene Datei nicht finden.<"
(192)     [7] [Jun 22 11:00:46:301] [dummy]   Registry started with redirection (32 Bit)
(193)     [7] [Jun 22 11:00:46:301] [dummy]   The Branch for :Default seems to be the logged in user,
(194)     [7] [Jun 22 11:00:46:301] [dummy]   so let us try to patch it via HKUsers\SID
(195)     [7] [Jun 22 11:00:46:302] [dummy]     sidStr :S-1-5-21-2353905032-159805905-49043801-500
(196)     [5] [Jun 22 11:00:46:302] [dummy]     
(197)     [7] [Jun 22 11:00:46:302] [dummy]       Registry started with redirection (32 Bit)
(198)     [7] [Jun 22 11:00:46:302] [dummy]       Key is: HKEY_CURRENT_USER\SOFTWARE\Test
(199)     [6] [Jun 22 11:00:46:302] [dummy]       Registry key [HKEY_USERS\S-1-5-21-2353905032-159805905-49043801-500\SOFTWARE\Test]  opened
(200)     [6] [Jun 22 11:00:46:302] [dummy]           Variable "installed"  is keeping its value "1589196985"
(201)     [6] [Jun 22 11:00:46:302] [dummy]           Key closed
(202)     [7] [Jun 22 11:00:46:302] [dummy]     
(203)     [7] [Jun 22 11:00:46:302] [dummy]   Flushed
(204)     [6] [Jun 22 11:00:46:302] [dummy]   
(205)     [6] [Jun 22 11:00:46:302] [dummy]   Make it for user .DEFAULT
(206)     [5] [Jun 22 11:00:46:302] [dummy]     
(207)     [7] [Jun 22 11:00:46:302] [dummy]       Registry started with redirection (32 Bit)
(208)     [7] [Jun 22 11:00:46:302] [dummy]       Key is: HKEY_CURRENT_USER\SOFTWARE\Test
(209)     [6] [Jun 22 11:00:46:305] [dummy]       Registry key [HKEY_USERS\.DEFAULT\SOFTWARE\Test]  opened
(210)     [6] [Jun 22 11:00:46:305] [dummy]           Variable "installed"  had value  "1589196968"
(211)     [6] [Jun 22 11:00:46:305] [dummy]           Info:    "installed"  changed to "1589196985"
(212)     [6] [Jun 22 11:00:46:305] [dummy]           Key closed
(213)     [6] [Jun 22 11:00:46:305] [dummy] Section ending since next line is starting with "["
(214)     [6] [Jun 22 11:00:46:305] [dummy] 
(215)     [6] [Jun 22 11:00:46:305] [dummy] ~~~~~~~ End Sub   ~~~~~~~  Sub "p:\dummy\delsub.opsiscript"
(216)     [6] [Jun 22 11:00:46:305] [dummy] 
(217)     [1] [Jun 22 11:00:46:305] [dummy] ___________________
(218)     [1] [Jun 22 11:00:46:305] [dummy] script finished: success
(219)     [1] [Jun 22 11:00:46:305] [dummy] 0 errors
(220)     [1] [Jun 22 11:00:46:305] [dummy] 4 warnings
(221)     [1] [Jun 22 11:00:46:305] [dummy] 
(222)     [1] [Jun 22 11:00:46:305] [dummy] installed product: dummy Version: 1.0-1

Log ohne KillTask:

Code: Alles auswählen

(62)      [1] [Jun 22 11:17:42:013] [dummy] ============ Version 4.12.3.12 script "p:\dummy\dummy.ins"
(63)      [1] [Jun 22 11:17:42:013] [dummy]              used script encoding: Ansi
(64)      [1] [Jun 22 11:17:42:013] [dummy]              used system encoding: cp1252
(65)      [1] [Jun 22 11:17:42:013] [dummy]              start: 2020-06-22  11:17:42
(66)      [1] [Jun 22 11:17:42:013] [dummy]              installing product: dummy_1.0-1
(67)      [1] [Jun 22 11:17:42:013] [dummy]              on client named    "w10test.ta.ag"
(68)      [1] [Jun 22 11:17:42:013] [dummy]              loggedin user    "Administrator"
(69)      [1] [Jun 22 11:17:42:013] [dummy]              opsi-script running as    "SYSTEM"
(70)      [1] [Jun 22 11:17:42:013] [dummy]              opsi-script running with admin privileges
(71)      [1] [Jun 22 11:17:42:013] [dummy]              opsi-script running in standard script mode
(72)      [1] [Jun 22 11:17:42:013] [dummy] executing: "C:\Program Files (x86)\opsi.org\opsi-client-agent\opsi-winst\winst32.exe"
(73)      [1] [Jun 22 11:17:42:013] [dummy] system infos:
(74)      [1] [Jun 22 11:17:42:015] [dummy] 00-50-56-25-E6-65  -  PC hardware address
(75)      [1] [Jun 22 11:17:42:015] [dummy] w10test  -  IP name
(76)      [1] [Jun 22 11:17:42:015] [dummy] 192.100.100.112  -  IP address
(77)      [1] [Jun 22 11:17:42:015] [dummy] DEU  -  System default locale
(78)      [7] [Jun 22 11:17:42:015] [dummy] Registry started without redirection (64 Bit)
(79)      [7] [Jun 22 11:17:42:015] [dummy] Registry started readonly
(80)      [7] [Jun 22 11:17:42:015] [dummy] Registry started without redirection (64 Bit)
(81)      [6] [Jun 22 11:17:42:015] [dummy] Registry key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion]  opened
(82)      [6] [Jun 22 11:17:42:015] [dummy] Key closed
(83)      [1] [Jun 22 11:17:42:015] [dummy] MS Windows 10.0 64 Bit, Release: 1909, Edition: PRODUCT_PROFESSIONAL
(84)      [1] [Jun 22 11:17:42:015] [dummy] opsi service version : 4
(85)      [1] [Jun 22 11:17:42:015] [dummy] 
(86)      [7] [Jun 22 11:17:42:017] [dummy] Registry started readonly
(87)      [7] [Jun 22 11:17:42:017] [dummy] Registry started without redirection (64 Bit)
(88)      [6] [Jun 22 11:17:42:017] [dummy] Registry key [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion]  opened
(89)      [6] [Jun 22 11:17:42:017] [dummy] Key closed
(90)      [7] [Jun 22 11:17:42:077] [dummy] Starting with script...
(91)      [7] [Jun 22 11:17:42:090] [dummy] Loaded sub from: p:\dummy\delsub.opsiscript with encoding: cp1252
(92)      [6] [Jun 22 11:17:42:090] [dummy] 
(93)      [6] [Jun 22 11:17:42:090] [dummy] ~~~~~~~ Start Sub ~~~~~~~  Sub "p:\dummy\delsub.opsiscript"
(94)      [5] [Jun 22 11:17:42:090] [dummy] Execution of: Registry_All /AllNTUserDats /SysNative
(95)      [5] [Jun 22 11:17:42:090] [dummy] 
(96)      [7] [Jun 22 11:17:42:090] [dummy]   Registry started without redirection (64 Bit)
(97)      [7] [Jun 22 11:17:42:090] [dummy]   Registry started readonly
(98)      [7] [Jun 22 11:17:42:090] [dummy]   Registry started without redirection (64 Bit)
(99)      [6] [Jun 22 11:17:42:090] [dummy]   Registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18]  opened
(100)     [6] [Jun 22 11:17:42:090] [dummy]   Key closed
(101)     [7] [Jun 22 11:17:42:090] [dummy]   Registry started readonly
(102)     [7] [Jun 22 11:17:42:090] [dummy]   Registry started without redirection (64 Bit)
(103)     [6] [Jun 22 11:17:42:090] [dummy]   Registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19]  opened
(104)     [6] [Jun 22 11:17:42:090] [dummy]   Key closed
(105)     [7] [Jun 22 11:17:42:091] [dummy]   Registry started readonly
(106)     [7] [Jun 22 11:17:42:091] [dummy]   Registry started without redirection (64 Bit)
(107)     [6] [Jun 22 11:17:42:091] [dummy]   Registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20]  opened
(108)     [6] [Jun 22 11:17:42:091] [dummy]   Key closed
(109)     [7] [Jun 22 11:17:42:091] [dummy]   Registry started readonly
(110)     [7] [Jun 22 11:17:42:091] [dummy]   Registry started without redirection (64 Bit)
(111)     [6] [Jun 22 11:17:42:091] [dummy]   Registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2353905032-159805905-49043801-1001]  opened
(112)     [6] [Jun 22 11:17:42:091] [dummy]   Key closed
(113)     [7] [Jun 22 11:17:42:091] [dummy]   Registry started readonly
(114)     [7] [Jun 22 11:17:42:091] [dummy]   Registry started without redirection (64 Bit)
(115)     [6] [Jun 22 11:17:42:091] [dummy]   Registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2353905032-159805905-49043801-1002]  opened
(116)     [6] [Jun 22 11:17:42:091] [dummy]   Key closed
(117)     [7] [Jun 22 11:17:42:091] [dummy]   Registry started readonly
(118)     [7] [Jun 22 11:17:42:091] [dummy]   Registry started without redirection (64 Bit)
(119)     [6] [Jun 22 11:17:42:091] [dummy]   Registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2353905032-159805905-49043801-500]  opened
(120)     [6] [Jun 22 11:17:42:091] [dummy]   Key closed
(121)     [6] [Jun 22 11:17:42:091] [dummy]   
(122)     [6] [Jun 22 11:17:42:091] [dummy]   Branch: paul
(123)     [6] [Jun 22 11:17:42:096] [dummy]   "C:\Users\paul\NTUser.dat" loaded.
(124)     [5] [Jun 22 11:17:42:096] [dummy]     
(125)     [7] [Jun 22 11:17:42:096] [dummy]       Registry started without redirection (64 Bit)
(126)     [7] [Jun 22 11:17:42:096] [dummy]       Key is: HKEY_CURRENT_USER\SOFTWARE\Test
(127)     [6] [Jun 22 11:17:42:096] [dummy]       Registry key [HKEY_USERS\PatchNTUserdatTempUser\SOFTWARE\Test]  opened
(128)     [6] [Jun 22 11:17:42:096] [dummy]           Variable "installed"  had value  "1589196968"
(129)     [6] [Jun 22 11:17:42:096] [dummy]           Info:    "installed"  changed to "1589196993"
(130)     [6] [Jun 22 11:17:42:096] [dummy]           Key closed
(131)     [7] [Jun 22 11:17:42:096] [dummy]     
(132)     [7] [Jun 22 11:17:42:099] [dummy]   Flushed
(133)     [7] [Jun 22 11:17:42:102] [dummy]   Unloaded
(134)     [6] [Jun 22 11:17:42:102] [dummy]   
(135)     [6] [Jun 22 11:17:42:102] [dummy]   Branch: mary
(136)     [6] [Jun 22 11:17:42:107] [dummy]   "C:\Users\mary\NTUser.dat" loaded.
(137)     [5] [Jun 22 11:17:42:107] [dummy]     
(138)     [7] [Jun 22 11:17:42:107] [dummy]       Registry started without redirection (64 Bit)
(139)     [7] [Jun 22 11:17:42:107] [dummy]       Key is: HKEY_CURRENT_USER\SOFTWARE\Test
(140)     [6] [Jun 22 11:17:42:107] [dummy]       Registry key [HKEY_USERS\PatchNTUserdatTempUser\SOFTWARE\Test]  opened
(141)     [6] [Jun 22 11:17:42:107] [dummy]           Variable "installed"  had value  "1589196968"
(142)     [6] [Jun 22 11:17:42:107] [dummy]           Info:    "installed"  changed to "1589196993"
(143)     [6] [Jun 22 11:17:42:107] [dummy]           Key closed
(144)     [7] [Jun 22 11:17:42:107] [dummy]     
(145)     [7] [Jun 22 11:17:42:109] [dummy]   Flushed
(146)     [7] [Jun 22 11:17:42:111] [dummy]   Unloaded
(147)     [6] [Jun 22 11:17:42:111] [dummy]   
(148)     [6] [Jun 22 11:17:42:111] [dummy]   Branch: Administrator
(149)     [4] [Jun 22 11:17:42:112] [dummy]   Warning: NTUser.dat could not be loaded from path "C:\Users\Administrator\NTUser.dat". Code 32: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.<
(150)     [7] [Jun 22 11:17:42:112] [dummy]   Registry started with redirection (32 Bit)
(151)     [7] [Jun 22 11:17:42:113] [dummy]   Registry started with redirection (32 Bit)
(152)     [7] [Jun 22 11:17:42:113] [dummy]   The Branch for :Administrator seems to be the logged in user,
(153)     [7] [Jun 22 11:17:42:113] [dummy]   so let us try to patch it via HKUsers\SID
(154)     [7] [Jun 22 11:17:42:114] [dummy]     sidStr :S-1-5-21-2353905032-159805905-49043801-500
(155)     [5] [Jun 22 11:17:42:114] [dummy]     
(156)     [7] [Jun 22 11:17:42:114] [dummy]       Registry started without redirection (64 Bit)
(157)     [7] [Jun 22 11:17:42:114] [dummy]       Key is: HKEY_CURRENT_USER\SOFTWARE\Test
(158)     [6] [Jun 22 11:17:42:114] [dummy]       Registry key [HKEY_USERS\S-1-5-21-2353905032-159805905-49043801-500\SOFTWARE\Test]  opened
(159)     [6] [Jun 22 11:17:42:114] [dummy]           Variable "installed"  had value  "1589196985"
(160)     [6] [Jun 22 11:17:42:114] [dummy]           Info:    "installed"  changed to "1589196993"
(161)     [6] [Jun 22 11:17:42:114] [dummy]           Key closed
(162)     [7] [Jun 22 11:17:42:114] [dummy]     
(163)     [7] [Jun 22 11:17:42:115] [dummy]   Flushed
(164)     [6] [Jun 22 11:17:42:115] [dummy]   
(165)     [6] [Jun 22 11:17:42:115] [dummy]   Branch: Default
(166)     [6] [Jun 22 11:17:42:119] [dummy]   "C:\Users\Default\NTUser.dat" loaded.
(167)     [5] [Jun 22 11:17:42:119] [dummy]     
(168)     [7] [Jun 22 11:17:42:119] [dummy]       Registry started without redirection (64 Bit)
(169)     [7] [Jun 22 11:17:42:119] [dummy]       Key is: HKEY_CURRENT_USER\SOFTWARE\Test
(170)     [6] [Jun 22 11:17:42:119] [dummy]       Registry key [HKEY_USERS\PatchNTUserdatTempUser\SOFTWARE\Test]  opened
(171)     [6] [Jun 22 11:17:42:119] [dummy]           Variable "installed"  had value  "1589196968"
(172)     [6] [Jun 22 11:17:42:119] [dummy]           Info:    "installed"  changed to "1589196993"
(173)     [6] [Jun 22 11:17:42:119] [dummy]           Key closed
(174)     [7] [Jun 22 11:17:42:120] [dummy]     
(175)     [7] [Jun 22 11:17:42:121] [dummy]   Flushed
(176)     [7] [Jun 22 11:17:42:124] [dummy]   Unloaded
(177)     [6] [Jun 22 11:17:42:124] [dummy]   
(178)     [6] [Jun 22 11:17:42:124] [dummy]   Make it for user .DEFAULT
(179)     [5] [Jun 22 11:17:42:124] [dummy]     
(180)     [7] [Jun 22 11:17:42:124] [dummy]       Registry started without redirection (64 Bit)
(181)     [7] [Jun 22 11:17:42:124] [dummy]       Key is: HKEY_CURRENT_USER\SOFTWARE\Test
(182)     [6] [Jun 22 11:17:42:124] [dummy]       Registry key [HKEY_USERS\.DEFAULT\SOFTWARE\Test]  opened
(183)     [6] [Jun 22 11:17:42:124] [dummy]           Variable "installed"  had value  "1589196985"
(184)     [6] [Jun 22 11:17:42:124] [dummy]           Info:    "installed"  changed to "1589196993"
(185)     [6] [Jun 22 11:17:42:124] [dummy]           Key closed
(186)     [6] [Jun 22 11:17:42:124] [dummy] Section ending since next line is starting with "["
(187)     [6] [Jun 22 11:17:42:124] [dummy] 
(188)     [6] [Jun 22 11:17:42:124] [dummy] ~~~~~~~ End Sub   ~~~~~~~  Sub "p:\dummy\delsub.opsiscript"
(189)     [6] [Jun 22 11:17:42:124] [dummy] 
(190)     [1] [Jun 22 11:17:42:124] [dummy] ___________________
(191)     [1] [Jun 22 11:17:42:124] [dummy] script finished: success
(192)     [1] [Jun 22 11:17:42:124] [dummy] 0 errors
(193)     [1] [Jun 22 11:17:42:124] [dummy] 1 warning
(194)     [1] [Jun 22 11:17:42:124] [dummy] 
(195)     [1] [Jun 22 11:17:42:124] [dummy] installed product: dummy Version: 1.0-1

Bemerkenswert:
The Branch for :paul seems to be the logged in user,
so let us try to patch it via HKUsers\SID
sidStr :S-1-5-21-2353905032-159805905-49043801-500

Das ist - mit Verlaub - bullshit.
Angemeldet war administrator. Und die SID gehört auch zu ebendiesem.
Bei Mary haben wir das gleiche Spiel.