windows 10 – Startup script can’t read registry

I am trying to run a (PoSh) script as SYSTEM (i.e. at startup, via SCCM or otherwise) that needs to read some protected registry keys, and it can’t see them.

A normal user doesn’t have permission to see the keys. (Using a Mozilla key as an example, but there can be dozens under the “Tree” node.)

PS C:> whoami
contosotestuser
PS C:>    $KeyPath = "HKLM:SOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTreeMozilla"
PS C:> $Key = Get-Item $KeyPath
Get-Item : Requested registry access is not allowed.

An admin user can see (but not change) the keys:

PS C:> whoami
LocalComputeradministrator
PS C:> $KeyPath = "HKLM:SOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTreeMozilla"
PS C:> Get-Item $KeyPath

    Hive: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTree

Name                           Property
----                           --------
Mozilla                        SD : {1, 0, 4, 140...}

But the SYSTEM account just doesn’t see anything:

PS C:> whoami
nt authoritysystem
PS C:> $KeyPath = "HKLM:SOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTreeMozilla"
PS C:> Get-Item $KeyPath
Get-Item : Cannot find path 'HKLM:SOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTreeMozilla'
because it does not exist.

SYSTEM has full control over the registry key and the parent key. How can SYSTEM not see it? How can I read this key via startup script (or other SYSTEM activity)?

Thanks.

Does the .co.uk registry (Nominet) have a 60 day waiting period for domain transfer?

Nominet.uk (the registry behind .co.uk) do not have any explicit terms on transfers of .co.uk domains, unless the domain is “expired” or “suspended” (from 30 days after expiry, lasts for 60 days). Domains in these statuses would need to be renewed prior to them being transferred.

From the .UK Registry-Registrar Agreement 26 May 2020, section B.1.15:

You may not transfer a domain name during the expiry period, except as set out in paragraph E.3.6

However, some registrars do seem to enforce a 60 day limit on transfers, for example GoDaddy’s rules on transferring out state:

You won’t be able to transfer your domain away if it’s within 60 days of registration or a previous transfer, if a 60-day lock was applied after updating domain contact information, or if your domain has Ownership Protection.

and:

Note Option showing disabled? You can’t transfer your domain if it’s within 60 days of registration or a previous transfer, if a 60-day lock was applied after updating domain contact information, or if your domain has Ownership Protection.

Fasthosts also state:

You can transfer .co.uk, .uk, .org.uk, .ltd.uk, .me.uk and .plc.uk domain names away from Fasthosts, provided that the domain name has been registered for at least 60 days.

Which seems to imply that you can transfer a domain within 60 days of another transfer, but not from the initial registration.

However, other registrars, such as namecheap will follow the registry guidelines and allow for immediate transfers.

windows registry – office activation with kms fails (ERROR CODE: 0x80070005)

I tried to activate my office with a persnoak working kms of mine.

c:Program FilesMicrosoft OfficeOffice16>cscript ospp.vbs /act
Microsoft (R) Windows Script Host Version 5.812
Copyright (C) Microsoft Corporation. All rights reserved.

---Processing--------------------------
---------------------------------------
Installed product key detected - attempting to activate the following product:
SKU ID: 85dd8b5f-eaa4-4af3-a628-cce9e77c9a03
LICENSE NAME: Office 19, Office19ProPlus2019VL_KMS_Client_AE edition
LICENSE DESCRIPTION: Office 19, VOLUME_KMSCLIENT channel
Last 5 characters of installed product key: 6MWKP
ERROR CODE: 0x80070005
ERROR DESCRIPTION: Run the following: cscript ospp.vbs /ddescr:0x80070005
NOTICE: A KB article has been detected for activation failure: 0x80070005
FOR MORE INFORMATION PLEASE VISIT: https://support.microsoft.com/kb/2870357#Error0x80070005
---------------------------------------
---------------------------------------
---Exiting-----------------------------

I checked in the web and I tried to change the key’s permission in safe mode:

ComputerHKEY_USERSS-1-5-20

I tried to enable network service full control and checked the option to change all the subkeys.
and I get the error that registry editor cannot set security in the key selected , or some of its subkeys.

does anyone have a clue how to solve this issue? the office activation fails.

How can I modify Windows registry programmatically? [migrated]

Which programming language I can use to modify Windows registry? Can I use js or powershell?

syntax – Powershell : Update Registry value for RDPFileContent by making change in server port to XXX from XXX

Requirement: to update registry value i.e. server port for one of the property : RDPFileContent using powershell.

Attempt Taken: Tried fetching entire value first of RDPFileContent using get-childitem method and redirected the content to text file and replaced only server port value using replace parameter. But, while setting it back using set-item property, we are not able to set back in proper format by extracting it from updated text file.

Please help us here .

Thanks in advance,

Looking for a more elegant C# solution for my registry class

My code writes, reads, and removes program settings in the registry. I’m using Visual Studio 2019 and my target Framework is .NET Framework 4.8.

I’m looking for more elegant functions.
Is there error handling I missed in these functions?
How can I optimize the code?

Please provide an example, so that I can learn.

I have the following functions at the moment:

public static class Settings
{

    public static void SaveSetting(string sCompanyName, string sAppName, string sSection, string sValueName, string sValue)
    {
        RegistryKey softKey = Registry.CurrentUser.OpenSubKey("Software", true);
        RegistryKey compKey = softKey.CreateSubKey(sCompanyName);
        RegistryKey appKey = compKey.CreateSubKey(sAppName);
        RegistryKey secKey = appKey.CreateSubKey(sSection);
        secKey.SetValue(sValueName, sValue);
    }

    public static string GetSetting(string sCompanyName, string sAppName, string sSection, string sValueName, string sDefault)
    {
      
        RegistryKey softKey = Registry.CurrentUser.OpenSubKey("Software", true);
        RegistryKey compKey = softKey.CreateSubKey(sCompanyName);
        RegistryKey appKey = compKey.CreateSubKey(sAppName);
        RegistryKey secKey = appKey.CreateSubKey(sSection);

        return (string)secKey.GetValue(sValueName, sDefault);
    }

    public static void DeleteSetting(string sCompanyName, string sAppName, string sSection, string sValueName)
    {
        RegistryKey softKey = Registry.CurrentUser.OpenSubKey("Software", true);
        RegistryKey compKey = softKey.CreateSubKey(sCompanyName);
        RegistryKey appKey = compKey.CreateSubKey(sAppName);
        RegistryKey secKey = appKey.CreateSubKey(sSection);

        if (secKey.GetValue(sValueName) != null)
        {
            secKey.DeleteValue(sValueName);
        }

    }

}

connection can not be established between schema registry docker and kafka broker

I am running a schema registry server using the following code:

version: "2.2"
services:
    schema-registry:
        container_name: schema-registry
        image: confluentinc/cp-schema-registry:5.5.0
        restart: always
        volumes:
          - ./config:/tmp/conf
        ports:
          - "8081:8081"
        environment:
          - SCHEMA_REGISTRY_KAFKASTORE_BOOTSTRAP_SERVERS=localhost:9092
          - SCHEMA_REGISTRY_KAFKASTORE_TOPIC=_schemas
          - SCHEMA_REGISTRY_HOST_NAME=schema-registry
          - SCHEMA_REGISTRY_LISTENERS=http://0.0.0.0:8081
          - SCHEMA_REGISTRY_DEBUG=true
        ulimits:
          nproc: 65535
          nofile:
            soft: 65535
            hard: 65535
        logging:
            driver: json-file
            options:
              max-size: "100m"
              max-file: "3"

After deploying it with a docker compose up I get the following error :

(kafka-admin-client-thread | adminclient-1) WARN org.apache.kafka.clients.NetworkClient - (AdminClient clientId=adminclient-1) Connection to node -1 (localhost/127.0.0.1:9092) could not be established. Broker may not be available.

Kafka is running locally (it is not running in docker), by the way , the kafka server properties has the following conf:

broker.id=0

listeners=PLAINTEXT://localhost:9092

listener.security.protocol.map=PLAINTEXT:PLAINTEXT,SSL:SSL,SASL_PLAINTEXT:SASL_PLAINTEXT,SASL_SSL:SASL_SSL

How to get yarn 1.x (1.22) to install private npm packages from GitHub registry

I’ve already looked through a bunch of StackOverflow posts and nothing works.

I have a package, we’ll call it @myorg/some-package. How can I get yarn add to recognize and install this, whether it’s locally on a dev machine, or during a CI/CD process?

Certificates in docker local registry

I’m trying to set up a docker local registry within my university network. Since they offer certificates from rediris I requested one, so I have now three different files:

  1. cert.pem
  2. intermediate.pem
  3. chain.pem

In addition to this, I kept my .key and .csr as well. Following the docker website example (https://docs.docker.com/registry/deploying/#get-a-certificate)

-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt

I’m not able to comprehend how concatenate/transform those pem files into the domain.crt file I need, all my tries led to the docker local registry treating the cert as self-signed.

Thank you very much in advance and am really sorry if this question is dumb, my knowledge on system administration is minimal.

active directory – Why would a server in an AD environment allow Remote Registry access by FQDN, but deny and lock out accounts over IP address?

We have a situation where a software application cannot be installed because the admin account used during installation gets locked out during prerequisite checks. After some investigation, we found the cause: The prerequisite check looks at remote registry settings of other servers by RPC call to the server’s IP address rather than its FQDN, and for some reason this causes authentication to fail and lock out the account.

We validated this by doing the following:

  • When using regedit and attempting to connect to another AD server’s registry using the server’s FQDN, it connects without issue.
  • When we attempt the same connection using the server’s IP address, it prompts for new credentials.
  • All AD credentials will fail and eventually lockout the account being used, but using a Local Admin account has no problems.

We performed this test from other servers in the environment as well, but they had no issues with connecting and authenticating by IP. We compared NIC/DNS/WINS settings, but there was no notable difference. We’re at the point of cross-checking GPO settings, but we don’t expect to find anything.

We could obviously just use Local Admin accounts, but we want to understand why an RPC call using an IP address rather than the FQDN causes AD authentication to fail and lock out AD accounts. Any ideas?