Reboot Pending Registry Key
-
- Posts: 38
- Joined: Tue Sep 02, 2008 5:45 am
Reboot Pending Registry Key
Hey guys,
whilst looking into Windows Update monitoring, i came accross the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending
This Key gets created after any windows updates, software installs, features & roles get modified which requires a system reboot.
Because it doesn't actually contain any values, im not sure how to go about setting a reverse test to alert bad once this key is present and good when its not. If there was something in the key then i think i could work it out so i have to rely on the awesomeness of yourselves
Many thanks!
whilst looking into Windows Update monitoring, i came accross the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending
This Key gets created after any windows updates, software installs, features & roles get modified which requires a system reboot.
Because it doesn't actually contain any values, im not sure how to go about setting a reverse test to alert bad once this key is present and good when its not. If there was something in the key then i think i could work it out so i have to rely on the awesomeness of yourselves
Many thanks!
You need custom script. Like this
Use Shell Script test method to execute script
Regards
Alex
Code: Select all
statusUnknown = "ScriptRes:Unknown:"
statusOk = "ScriptRes:Ok:"
statusBad = "ScriptRes:Bad:"
objArgs = WScript.Arguments;
if (objArgs.length!=1) {
WScript.StdOut.Write(statusUnknown + 'Script requires 1 parameter: <Registry path>.');
WScript.Quit;
}
var key = objArgs(0);
if (key.charAt(key.length-1)!='\\') { key+='\\'; }
try
{
var wsh = WScript.CreateObject('WScript.Shell');
var val = wsh.RegRead(key);
}
catch(e)
{
WScript.StdOut.Write(statusOk);
WScript.Quit;
}
WScript.StdOut.Write(statusBad);
Regards
Alex
-
- Posts: 38
- Joined: Tue Sep 02, 2008 5:45 am
That's actually perfect.
I thought it was failing at first but it works a treat!
For anybody else interested - i'm using this in conjunction with Reg test for the value (If > 0) of:
this will tell you how many Items are sat there waiting to be installed.
I thought it was failing at first but it works a treat!
For anybody else interested - i'm using this in conjunction with Reg test for the value (If > 0) of:
Code: Select all
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\UAS\UpdateCount
-
- Posts: 38
- Joined: Tue Sep 02, 2008 5:45 am
-
- Posts: 2832
- Joined: Tue May 16, 2006 4:41 am
- Contact:
Try the following Jscript:
Start cmd: cmd /c cscript /B /E:JScript %Script% %Params%
Script requies 1, 2 or 4 parameters: <KEY> [<Computer>, [<Login>,<Password>]]
Several Examples:
"SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending"
"SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending" WIN2008HOST myUser myPassword[/code]
Please note: script checks HKEY_LOCAL_MACHINE subkeys. Please specify key without HKEY_LOCAL_MACHINE\ (see examples above)
Code: Select all
statusUnknown = "ScriptRes:Unknown:"
statusOk = "ScriptRes:Ok:"
statusBad = "ScriptRes:Bad:"
objArgs = WScript.Arguments;
strComputer = ".";
strLogin="";
strPsw="";
if (objArgs.length==1) { // KEY ONLY
REGKEY = objArgs(0);
} else if (objArgs.length==2) {
REGKEY = objArgs(0);
strComputer = objArgs(1);
} else if (objArgs.length==4) {
REGKEY = objArgs(0);
strComputer = objArgs(1);
strLogin=objArgs(2);
strPsw=objArgs(3);
} else {
WScript.StdOut.Write(statusUnknown + 'Script requires 1, 2 or 4 parameters: <KEY> [<Computer>, [<Login>,<Password>]]');
WScript.Quit;
}
if (REGKEY.indexOf("HKEY_")==0) {
WScript.StdOut.Write(statusUnknown + 'Script checks only HKEY_LOCAL_MACHINE subKeys. Please specify Registry key without HKEY_LOCAL_MACHINE. E.g.: SOFTWARE\\MICROSOFT\\Windows');
WScript.Quit;
}
HKEY_LOCAL_MACHINE = 0x80000002;
KEY_QUERY_VALUE = 0x0001;
try {
SWBemlocator = new ActiveXObject("WbemScripting.SWbemLocator");
objWMIService = SWBemlocator.ConnectServer(strComputer, "root\\default",strLogin,strPsw);
reg = objWMIService.Get("StdRegProv");
Method = reg.Methods_.Item("CheckAccess");
p_In = Method.InParameters.SpawnInstance_();
p_In.hDefKey=HKEY_LOCAL_MACHINE;
p_In.sSubKeyName = REGKEY;
p_In.uRequired = KEY_QUERY_VALUE;
p_Out = reg.ExecMethod_(Method.Name, p_In);
} catch(e) {
WScript.StdOut.Write(statusUnknown + e.message);
WScript.Quit;
}
if (p_Out.bGranted == true) {
WScript.StdOut.Write(statusBad + "HKLM\\" + REGKEY);
} else {
WScript.StdOut.Write(statusOk);
}
Script requies 1, 2 or 4 parameters: <KEY> [<Computer>, [<Login>,<Password>]]
Several Examples:
"SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending"
"SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending" WIN2008HOST myUser myPassword[/code]
Please note: script checks HKEY_LOCAL_MACHINE subkeys. Please specify key without HKEY_LOCAL_MACHINE\ (see examples above)
-
- Posts: 38
- Joined: Tue Sep 02, 2008 5:45 am
Thanks for your reply.
if i just use a single Param it works well but it failing when add the 2nd param (it just responds OK regardless of which key i specify)
i have tried saving it as a .vbs file and running the following from CMD
And that works perfectly!?
i've tried both with and without credentials but get the same OK reply which would imply it's failing to connect and reporting the path is unavailable/missing.
Any idea why this might be working in command prompt but failing through HM?
i read in another thread that the 32 vs 64 version of cscript.exe could affect the behavior of HM but it doesn't seem to make a difference in this case
Thanks for your help!
if i just use a single Param it works well but it failing when add the 2nd param (it just responds OK regardless of which key i specify)
i have tried saving it as a .vbs file and running the following from CMD
Code: Select all
cscript /E:JScript C:\Scripts\RebootPending.vbs "SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending" WIN2008HOST
i've tried both with and without credentials but get the same OK reply which would imply it's failing to connect and reporting the path is unavailable/missing.
Any idea why this might be working in command prompt but failing through HM?
i read in another thread that the 32 vs 64 version of cscript.exe could affect the behavior of HM but it doesn't seem to make a difference in this case
Thanks for your help!
-
- Posts: 2832
- Joined: Tue May 16, 2006 4:41 am
- Contact:
This script retrns OK Status when it can connect to target system Registry, however, user account has no access to the registry Key or registry key does not exist.
Is HostMonitor started as Application or Service?
What user account is used for HostMonitor Service (HostMonitor Service page of Options dialog and Windows services applet (services.msc))?
32 or 64 bit access make sense. Some registry keys can be accessed only by 64-bit applications/scripts.
Could you start script using 32 bit CMD shell and launching 32 bit cscript.exe:
e.g.
start: c:\Windows\SysWOW64\cmd.exe
then execute command (using full path for 32-bit cscript.exe):
c:\Windows\SysWOW64\cscript.exe /E:JScript C:\Scripts\RebootPending.vbs "SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending" WIN2008HOST
Is HostMonitor started as Application or Service?
What user account is used for HostMonitor Service (HostMonitor Service page of Options dialog and Windows services applet (services.msc))?
32 or 64 bit access make sense. Some registry keys can be accessed only by 64-bit applications/scripts.
Could you start script using 32 bit CMD shell and launching 32 bit cscript.exe:
e.g.
start: c:\Windows\SysWOW64\cmd.exe
then execute command (using full path for 32-bit cscript.exe):
c:\Windows\SysWOW64\cscript.exe /E:JScript C:\Scripts\RebootPending.vbs "SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending" WIN2008HOST
-
- Posts: 38
- Joined: Tue Sep 02, 2008 5:45 am
Thanks for your reply.
it is running as an application - i changed it to run as a service but that didn't help.
to test, i tried running CMD from both 32 & 64 folders and called the 32 & 64 cscript from both.
Turns out that it failed each time except when i ran the 32CMD with 32cscript.
i tried to set the start cmd to "C:\Windows\System32\cmd.exe /c C:\Windows\System32\cscript.exe /B /E:JScript %Script% %Params%" but this didn't help (i was still getting an OK reply when it should be bad)
Finally - i replaced the C:\Windows\SysWOW64\cscript.exe file with the 32bit version and this seemed to work!
From that, i assume that HM uses the x32 CMD and the x64 cscript by default regardless of if you specify the path or not.
I'm hoping you have a super fantastic fix/workaround for this
<<<<<<<<<<<<EDIT>>>>>>>>>>>>>>
i have had a reboot on both the host and the target. the path for the RebootPending key is no longer available to test (obviously), but i have just tried to look into it a little further and found that if i test another key in the path (SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Version) it returns with the expected value (Bad). the strange thing is - HM is returning the correct reply as is all 4 of the above mentioned CMD line variations?
once i get clarification on exactly whats going on here i'll try to update the thread.
Many thanks!
it is running as an application - i changed it to run as a service but that didn't help.
to test, i tried running CMD from both 32 & 64 folders and called the 32 & 64 cscript from both.
Turns out that it failed each time except when i ran the 32CMD with 32cscript.
i tried to set the start cmd to "C:\Windows\System32\cmd.exe /c C:\Windows\System32\cscript.exe /B /E:JScript %Script% %Params%" but this didn't help (i was still getting an OK reply when it should be bad)
Finally - i replaced the C:\Windows\SysWOW64\cscript.exe file with the 32bit version and this seemed to work!
From that, i assume that HM uses the x32 CMD and the x64 cscript by default regardless of if you specify the path or not.
I'm hoping you have a super fantastic fix/workaround for this
<<<<<<<<<<<<EDIT>>>>>>>>>>>>>>
i have had a reboot on both the host and the target. the path for the RebootPending key is no longer available to test (obviously), but i have just tried to look into it a little further and found that if i test another key in the path (SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Version) it returns with the expected value (Bad). the strange thing is - HM is returning the correct reply as is all 4 of the above mentioned CMD line variations?
once i get clarification on exactly whats going on here i'll try to update the thread.
Many thanks!
-
- Posts: 38
- Joined: Tue Sep 02, 2008 5:45 am
OK. All confirmed.
It's that(RebootPending) key specifically that's causing the test to fail via HM.
Other keys in that folder such as the Version Key are queryable, from HM and from any variation of 32/64 CMD/cscript.
But if you want to check the RebootPending Key, you have to be using the C:\Windows\System32\cmd.exe and C:\Windows\System32\cscript.exe specifically.
Any thoughts on what we can do about this? i'm sure this isn't the only key in the registry that behaves like this so it might be worth looking into being able to specify the cscript.exe path in the Start CMD criteria of the test properties maybe?
Any help is always appreciated.
Thanks!
It's that(RebootPending) key specifically that's causing the test to fail via HM.
Other keys in that folder such as the Version Key are queryable, from HM and from any variation of 32/64 CMD/cscript.
But if you want to check the RebootPending Key, you have to be using the C:\Windows\System32\cmd.exe and C:\Windows\System32\cscript.exe specifically.
Any thoughts on what we can do about this? i'm sure this isn't the only key in the registry that behaves like this so it might be worth looking into being able to specify the cscript.exe path in the Start CMD criteria of the test properties maybe?
Any help is always appreciated.
Thanks!
-
- Posts: 2832
- Joined: Tue May 16, 2006 4:41 am
- Contact:
Actually there are 2 Registry providers: 32 and 64 bit.
Each can provide/store different values for the same key!
You may check some datails at:
https://msdn.microsoft.com/en-us/librar ... S.85).aspx
We've rebuilt script in order to access required Registry hive (32 or 64 bit):
Script requires 2, 3 or 5 parameters: <KEY> <Architecture: 32 or 64> [<Computer>, [<Login>,<Password>]]
Several Examples:
"SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending" 64
"SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending" 32 WIN2008HOST myUser myPassword[/code]
Each can provide/store different values for the same key!
You may check some datails at:
https://msdn.microsoft.com/en-us/librar ... S.85).aspx
We've rebuilt script in order to access required Registry hive (32 or 64 bit):
Code: Select all
statusUnknown = "ScriptRes:Unknown:"
statusOk = "ScriptRes:Ok:"
statusBad = "ScriptRes:Bad:"
objArgs = WScript.Arguments;
strComputer = ".";
strLogin="";
strPsw="";
RegType=32;
if (objArgs.length==2) { // KEY ONLY
REGKEY = objArgs(0);
} else if (objArgs.length==3) {
REGKEY = objArgs(0);
strComputer = objArgs(2);
} else if (objArgs.length==5) {
REGKEY = objArgs(0);
strComputer = objArgs(2);
strLogin=objArgs(3);
strPsw=objArgs(4);
} else {
WScript.StdOut.Write(statusUnknown + 'Script requires 2,3 or 5 parameters: <KEY> <Architecture: 32 or 64> [<Computer>, [<Login>,<Password>]]');
WScript.Quit;
}
if (objArgs(1)=="64") {RegType=64;} else {RegType=32;}
if (REGKEY.indexOf("HKEY_")==0) {
WScript.StdOut.Write(statusUnknown + 'Script checks only HKEY_LOCAL_MACHINE subKeys. Please specify Registry key without HKEY_LOCAL_MACHINE. E.g.: SOFTWARE\\MICROSOFT\\Windows');
WScript.Quit;
}
HKEY_LOCAL_MACHINE = 0x80000002;
KEY_QUERY_VALUE = 0x0001;
try {
SWBemlocator = new ActiveXObject("WbemScripting.SWbemLocator");
Arch = new ActiveXObject("WbemScripting.SWbemNamedValueSet");
Arch.Add("__ProviderArchitecture", RegType);
objWMIService = SWBemlocator.ConnectServer(strComputer, "root\\default",strLogin,strPsw,null,null,null,Arch);
reg = objWMIService.Get("StdRegProv");
Method = reg.Methods_.Item("CheckAccess");
p_In = Method.InParameters.SpawnInstance_();
p_In.hDefKey=HKEY_LOCAL_MACHINE;
p_In.sSubKeyName = REGKEY;
p_In.uRequired = KEY_QUERY_VALUE;
p_Out = reg.ExecMethod_(Method.Name, p_In);
} catch(e) {
WScript.StdOut.Write(statusUnknown + e.message);
WScript.Quit;
}
if (p_Out.bGranted == true) {
WScript.StdOut.Write(statusBad + "HKLM\\" + REGKEY);
} else {
WScript.StdOut.Write(statusOk);
}
Several Examples:
"SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending" 64
"SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending" 32 WIN2008HOST myUser myPassword[/code]
-
- Posts: 2832
- Joined: Tue May 16, 2006 4:41 am
- Contact: