At what point is regedit available?

JoshAld · May 1, 2024

Hello All,

I'm working on a process that creates an EC2 instance running Windows Server 2022 Datacenter, installs software and then tries to add registry entries in order to set some default preferences for the software. It adds registry entries by writing a .reg file and executing it with regedit. If I run this process as part of the start up/install process, it writes the .reg file but running it doesn't add it's registry entries (it's run using AWS ssm and the command executes successfully). If I run the process after a few minutes, it will successfully edit the registry entires. My question is if anyone knows if there is a process early on in the life-cycle of the machine that may be blocking the regedit execution, or perhaps it can't be executed while another installation is active? Are there any logs anywhere to see what's happening?

I'm really at a stand-still here if anyone has any troubleshooting ideas.

Josh

Berton · May 1, 2024

I'd say that having Windows fully loaded would be the time to make a change, e.g. having all the drivers loaded and Profile settings loaded. Also, many times changes to the Registry does require rebooting to make the changes available to Windows. Other than that, I'm not a gamer nor a programmer, but others may have a solution.

garlin · May 1, 2024

The registry is simply a datastore, and how individual apps or Windows processes react to your key's presence can vary:

- Some processes will accept any valid keys, as soon as they execute for the first time.
- Some processes (mostly security-related) may stop working because they expected to provision all their settings on first-run. And you trampled in their space.
- Some processes will do their own provisioning, and overwrite any keys you inserted beforehand.

Unless there's clear docs on the matter, it's a matter of trial & error. Sometimes you can embed reg values into an install image's registry hives, and they work. Other times you have to inject them post-install, or after the first run.

garlin · May 1, 2024

I might add:

- There are no exclusion locks on reg keys. Last write (or update) wins.
- There are no registry update logs.
- One debug trick is to take a series of "reg query" snapshots on the desired key/subkeys. Save the current key state to a named file before your app runs. Start the app, and if you can run another process in the background, take another snapshot. When the app's done with setup, take a third snapshot. In the absence of detailed logging, or process profiling, you can get an idea of what's happening over time. Did your pre-existing key get clobbered?

JoshAld · May 2, 2024

garlin said:
I might add:

- There are no exclusion locks on reg keys. Last write (or update) wins.
- There are no registry update logs.
- One debug trick is to take a series of "reg query" snapshots on the desired key/subkeys. Save the current key state to a named file before your app runs. Start the app, and if you can run another process in the background, take another snapshot. When the app's done with setup, take a third snapshot. In the absence of detailed logging, or process profiling, you can get an idea of what's happening over time. Did your pre-existing key get clobbered?

The registry I'm writing is for an application that isn't yet installed. Once the app is installed, the registries don't get overridden and are preserved.

I've read the only one instance of reg.ex can be used at a time. Is it possible that registry is already being edit, so my regedit command gets ignored? If that's the case, is there a way to way for regedit to be available?

Thanks for the help, by the way!

zbook · May 2, 2024

Years ago there was a registry backup change.

Microsoft had modified the default settings.

The settings can be modified to see if there is any impact.

Enable Automatic Backup of System Registry when Restart in Windows 11 Tutorial

This tutorial will show you how to enable automatic backup of the system registry to the RegBack folder when the computer restarts in Windows 10 and Windows 11. Starting with Windows 10, version 1803, Windows no longer automatically backs up the system registry to the RegBack folder when the...

www.elevenforum.com

garlin · May 2, 2024

Most apps or their installers don't use reg.exe or regedit, they use direct API calls to update the registry. There is no concept of exclusive locks for Registry. It's a datastore, and not a database. Last write wins.

This really boils down to the software devs. When you make a write to the registry, your API may inform you that a key already exists. A smart dev will think about how to handle this case. Some devs don't really care, and force overwrite keys (or even delete any previous entries) just to guarantee a clean environment for their app. When you're making a Task Sequence to install apps, you have to figure out a way to insert your reg key before the app starts. Or if possible, install the app but not have it auto-start. Then configure it to auto-start.

x BlueRobot · May 2, 2024

JoshAld said:
Are there any logs anywhere to see what's happening?

There's a Win32 API function which you can use to be notified of when a key has been changed: RegNotifyChangeKeyValue function (winreg.h) - Win32 apps

Alternatively, you could look at using Sysmon? Sysmon - Sysinternals

garlin said:
There is no concept of exclusive locks for Registry. It's a datastore, and not a database. Last write wins.

I don't think that is the case, from a dump file I've been looking at, there does seem to be a registry lock: nt!CmpIsRegistryLockAcquired. I doubt this is publicly exposed though since it is a private function.

johnlgalt · May 2, 2024

JoshAld said:
Hello All,

I'm working on a process that creates an EC2 instance running Windows Server 2022 Datacenter, installs software and then tries to add registry entries in order to set some default preferences for the software. It adds registry entries by writing a .reg file and executing it with regedit. If I run this process as part of the start up/install process, it writes the .reg file but running it doesn't add it's registry entries (it's run using AWS ssm and the command executes successfully). If I run the process after a few minutes, it will successfully edit the registry entires. My question is if anyone knows if there is a process early on in the life-cycle of the machine that may be blocking the regedit execution, or perhaps it can't be executed while another installation is active? Are there any logs anywhere to see what's happening?

I'm really at a stand-still here if anyone has any troubleshooting ideas.

Josh

One thing you could try, since this is an EC2 instance, is to install the software, then write to the registry, assuming the install is not instantaneous, and that enough time has passed to allow writing to the registry.

If the installation creates its own default set of items that you don't want, remove the entire hive for that software by prefacing the generated .reg file with a -[main hive name] at the top, removing all the settings it created.

If, OTOH, you're writing only certain keys and don't want the rest of the hive for that software removed, have the file that you generate first delete any existing key that you're about to write, before writing your own key, so it is exactly as you want. You'd do it similarly as above, except for every key you create, you first create the deletion:

Code:

-[HKCU\XXX\yyy\key]

+[HKCU\XXX\yyy\key]

At what point is regedit available?

New member

My Computer

Well-known member

My Computers

Well-known member

My Computer

Well-known member

My Computer

New member

My Computer

Well-known member

My Computer

Well-known member

My Computer

Account Closed

My Computer

Antidisestablishmentarianist

My Computers

Similar threads