Reboot Pending Registry Key

[doodleman99]

Hey guys,
whilst looking into Windows Update monitoring, i came accross the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending

This Key gets created after any windows updates, software installs, features & roles get modified which requires a system reboot.
Because it doesn't actually contain any values, im not sure how to go about setting a reverse test to alert bad once this key is present and good when its not. If there was something in the key then i think i could work it out so i have to rely on the awesomeness of yourselves

Many thanks!

[KS-Soft]

You need custom script. Like this

Code: Select all

statusUnknown     = "ScriptRes:Unknown:"
statusOk          = "ScriptRes:Ok:"
statusBad         = "ScriptRes:Bad:"

objArgs = WScript.Arguments;
if (objArgs.length!=1) {
  WScript.StdOut.Write(statusUnknown + 'Script requires 1 parameter: <Registry path>.');
  WScript.Quit;
}

var key = objArgs(0);
if (key.charAt(key.length-1)!='\\') { key+='\\'; }

try
{
 var wsh = WScript.CreateObject('WScript.Shell');
 var val = wsh.RegRead(key);
}
catch(e) 
{
  WScript.StdOut.Write(statusOk);
  WScript.Quit;
}
WScript.StdOut.Write(statusBad);

Use Shell Script test method to execute script

Regards
Alex

[doodleman99]

That's actually perfect.
I thought it was failing at first but it works a treat!
For anybody else interested - i'm using this in conjunction with Reg test for the value (If > 0) of:

Code: Select all

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\UAS\UpdateCount

this will tell you how many Items are sat there waiting to be installed.

[doodleman99]

Actually. i am struggling to get it to work on a remote machine?
Any ideas?

JV

[KS-Soft Europe]

Try the following Jscript:

Code: Select all

statusUnknown     = "ScriptRes:Unknown:"
statusOk          = "ScriptRes:Ok:"
statusBad         = "ScriptRes:Bad:"

objArgs = WScript.Arguments;

strComputer = ".";
strLogin="";
strPsw="";

if (objArgs.length==1) { // KEY ONLY
  REGKEY = objArgs(0);
} else if (objArgs.length==2) {
  REGKEY = objArgs(0);
  strComputer = objArgs(1);
} else if (objArgs.length==4) {
  REGKEY = objArgs(0);
  strComputer = objArgs(1);
  strLogin=objArgs(2);
  strPsw=objArgs(3);
} else {
  WScript.StdOut.Write(statusUnknown + 'Script requires 1, 2 or 4 parameters: <KEY> [<Computer>, [<Login>,<Password>]]');
  WScript.Quit;
}

if (REGKEY.indexOf("HKEY_")==0) {
  WScript.StdOut.Write(statusUnknown + 'Script checks only HKEY_LOCAL_MACHINE subKeys. Please specify Registry key without HKEY_LOCAL_MACHINE. E.g.: SOFTWARE\\MICROSOFT\\Windows');
  WScript.Quit;
}

HKEY_LOCAL_MACHINE = 0x80000002;
KEY_QUERY_VALUE = 0x0001;

try {
  SWBemlocator = new ActiveXObject("WbemScripting.SWbemLocator");
  objWMIService = SWBemlocator.ConnectServer(strComputer, "root\\default",strLogin,strPsw);
  reg = objWMIService.Get("StdRegProv");
  Method = reg.Methods_.Item("CheckAccess");
  p_In = Method.InParameters.SpawnInstance_();
  p_In.hDefKey=HKEY_LOCAL_MACHINE;
  p_In.sSubKeyName = REGKEY;
  p_In.uRequired = KEY_QUERY_VALUE;
  p_Out = reg.ExecMethod_(Method.Name, p_In);
} catch(e) {
  WScript.StdOut.Write(statusUnknown + e.message);
  WScript.Quit;
}

if (p_Out.bGranted == true) {
  WScript.StdOut.Write(statusBad + "HKLM\\" + REGKEY);  
  } else {
  WScript.StdOut.Write(statusOk);
  }

Start cmd: cmd /c cscript /B /E:JScript %Script% %Params%
Script requies 1, 2 or 4 parameters: <KEY> [<Computer>, [<Login>,<Password>]]
Several Examples:
"SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending"
"SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending" WIN2008HOST myUser myPassword[/code]

Please note: script checks HKEY_LOCAL_MACHINE subkeys. Please specify key without HKEY_LOCAL_MACHINE\ (see examples above)

[doodleman99]

Thanks for your reply.
if i just use a single Param it works well but it failing when add the 2nd param (it just responds OK regardless of which key i specify)

i have tried saving it as a .vbs file and running the following from CMD

Code: Select all

cscript /E:JScript C:\Scripts\RebootPending.vbs "SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending" WIN2008HOST

And that works perfectly!?

i've tried both with and without credentials but get the same OK reply which would imply it's failing to connect and reporting the path is unavailable/missing.

Any idea why this might be working in command prompt but failing through HM?
i read in another thread that the 32 vs 64 version of cscript.exe could affect the behavior of HM but it doesn't seem to make a difference in this case
Thanks for your help!

[KS-Soft Europe]

This script retrns OK Status when it can connect to target system Registry, however, user account has no access to the registry Key or registry key does not exist.

Is HostMonitor started as Application or Service?
What user account is used for HostMonitor Service (HostMonitor Service page of Options dialog and Windows services applet (services.msc))?

32 or 64 bit access make sense. Some registry keys can be accessed only by 64-bit applications/scripts.

Could you start script using 32 bit CMD shell and launching 32 bit cscript.exe:
e.g.
start: c:\Windows\SysWOW64\cmd.exe
then execute command (using full path for 32-bit cscript.exe):
c:\Windows\SysWOW64\cscript.exe /E:JScript C:\Scripts\RebootPending.vbs "SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending" WIN2008HOST

[doodleman99]

Thanks for your reply.

it is running as an application - i changed it to run as a service but that didn't help.

to test, i tried running CMD from both 32 & 64 folders and called the 32 & 64 cscript from both.

Turns out that it failed each time except when i ran the 32CMD with 32cscript.
i tried to set the start cmd to "C:\Windows\System32\cmd.exe /c C:\Windows\System32\cscript.exe /B /E:JScript %Script% %Params%" but this didn't help (i was still getting an OK reply when it should be bad)

Finally - i replaced the C:\Windows\SysWOW64\cscript.exe file with the 32bit version and this seemed to work!
From that, i assume that HM uses the x32 CMD and the x64 cscript by default regardless of if you specify the path or not.

I'm hoping you have a super fantastic fix/workaround for this

<<<<<<<<<<<<EDIT>>>>>>>>>>>>>>

i have had a reboot on both the host and the target. the path for the RebootPending key is no longer available to test (obviously), but i have just tried to look into it a little further and found that if i test another key in the path (SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Version) it returns with the expected value (Bad). the strange thing is - HM is returning the correct reply as is all 4 of the above mentioned CMD line variations?

once i get clarification on exactly whats going on here i'll try to update the thread.

Many thanks!

[doodleman99]

OK. All confirmed.

It's that(RebootPending) key specifically that's causing the test to fail via HM.
Other keys in that folder such as the Version Key are queryable, from HM and from any variation of 32/64 CMD/cscript.
But if you want to check the RebootPending Key, you have to be using the C:\Windows\System32\cmd.exe and C:\Windows\System32\cscript.exe specifically.

Any thoughts on what we can do about this? i'm sure this isn't the only key in the registry that behaves like this so it might be worth looking into being able to specify the cscript.exe path in the Start CMD criteria of the test properties maybe?

Any help is always appreciated.

Thanks!

[KS-Soft Europe]

Actually there are 2 Registry providers: 32 and 64 bit.
Each can provide/store different values for the same key!
You may check some datails at:
https://msdn.microsoft.com/en-us/librar ... S.85).aspx

We've rebuilt script in order to access required Registry hive (32 or 64 bit):

Code: Select all

statusUnknown     = "ScriptRes:Unknown:"
statusOk          = "ScriptRes:Ok:"
statusBad         = "ScriptRes:Bad:"

objArgs = WScript.Arguments;

strComputer = ".";
strLogin="";
strPsw="";
RegType=32;

if (objArgs.length==2) { // KEY ONLY
  REGKEY = objArgs(0);
} else if (objArgs.length==3) {
  REGKEY = objArgs(0);
  strComputer = objArgs(2);
} else if (objArgs.length==5) {
  REGKEY = objArgs(0);
  strComputer = objArgs(2);
  strLogin=objArgs(3);
  strPsw=objArgs(4);
} else {
  WScript.StdOut.Write(statusUnknown + 'Script requires 2,3 or 5 parameters: <KEY> <Architecture: 32 or 64> [<Computer>, [<Login>,<Password>]]');
  WScript.Quit;
}
if (objArgs(1)=="64") {RegType=64;} else {RegType=32;}


if (REGKEY.indexOf("HKEY_")==0) {
  WScript.StdOut.Write(statusUnknown + 'Script checks only HKEY_LOCAL_MACHINE subKeys. Please specify Registry key without HKEY_LOCAL_MACHINE. E.g.: SOFTWARE\\MICROSOFT\\Windows');
  WScript.Quit;
}

HKEY_LOCAL_MACHINE = 0x80000002;
KEY_QUERY_VALUE = 0x0001;

try {
  SWBemlocator = new ActiveXObject("WbemScripting.SWbemLocator");
  Arch = new ActiveXObject("WbemScripting.SWbemNamedValueSet");
  Arch.Add("__ProviderArchitecture", RegType);

  objWMIService = SWBemlocator.ConnectServer(strComputer, "root\\default",strLogin,strPsw,null,null,null,Arch);
  reg = objWMIService.Get("StdRegProv");

  Method = reg.Methods_.Item("CheckAccess");
  p_In = Method.InParameters.SpawnInstance_();
  p_In.hDefKey=HKEY_LOCAL_MACHINE;
  p_In.sSubKeyName = REGKEY;
  p_In.uRequired = KEY_QUERY_VALUE;
  p_Out = reg.ExecMethod_(Method.Name, p_In);
} catch(e) {
  WScript.StdOut.Write(statusUnknown + e.message);
  WScript.Quit;
}

if (p_Out.bGranted == true) {
  WScript.StdOut.Write(statusBad + "HKLM\\" + REGKEY);  
  } else {
  WScript.StdOut.Write(statusOk);
  }

Script requires 2, 3 or 5 parameters: <KEY> <Architecture: 32 or 64> [<Computer>, [<Login>,<Password>]]

Several Examples:
"SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending" 64
"SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending" 32 WIN2008HOST myUser myPassword[/code]

[doodleman99]

perfect perfect perfect!

thanks guys!

[KS-Soft Europe]

You are welcome!