keyExists does not throw error when Registry editing has been disabled by your administrator.

fresc81 / node-winreg

node module that provides access to the Windows Registry through the REG commandline tool

210 stars 61 forks source link

keyExists does not throw error when Registry editing has been disabled by your administrator. #56

Open xmedeko opened 2 years ago

xmedeko commented 2 years ago

Current behaviour

When registry editing is prohibited, then keyExists return false.

Expected behaviour

keyExists should throw same ProcessUncleanExitError like other functions:

C: ADD command exited with code 1:

ERROR: Registry editing has been disabled by your administrator.

Proposed solution

keyExists should check for error message "The system was unable to find the specified registry key or value." too. Since reg.exe fails with error code 1 for various reasons. Note: seems to me, that reg.exe does not localize messages (while regedit.exe does localize).

How to simulate

See https://www.online-tech-tips.com/windows-xp/registry-disabled-by-administrator/ :

Run gpedit.msc,
Navigate to User Configuration – Administrative Templates – System,
Change Prevent access to registry editing tools.
Optional: run gpupdate.exe from command line.

promit-d commented 2 years ago

Hey! I have a question does it really exist or it doesn't?

Moreover you are disabling the access to registry editing tool ('regedit.exe' will be disabled) but the registry values are still accessible.

xmedeko commented 2 years ago

@promit-d-coder Yes, the error messages is real error message from reg.exe, i.e. from node-winreg. And yes, some administrators do disable access to registry for their users and is means for regedit.exe and reg.exe too, of course.

So, I have a script something like (pseudocode):

if (!keyExists(...)) destroy(...)

and it pass silently even when key exists. I want the error to bubble up and inform the user that the registry clean action cannot be performed.

promit-d commented 2 years ago

As from my experience, I think that it won't be possible because even if we are disabling the registry editor we should be able to read/access the key data through scripting.

In our case, we are using a c# console app with admin rights to set/reset some values in our registry file.

The user can also disable or enable the registry editor tools as per requirement. Now if we are not able to access the registry values after the registry is disabled we will not be able to enable it back.

Probable Solution: If you can access the key values even after you 'Disable the registry editing tools', you can try it.

Go to 'HKEY_CURRENT_USER/SOFTWARE/Microsoft/Windows/CurrentVersion/Policies/System'
Check value of 'DisableRegistryTools' key
If value is 1 that means regedit.exe is disabled. If the key doesn't exist or value is 0 that means it is disabled.
Create a flag isDisabled and use it along with your key exist check. If the flag is true then throw the error.

I hope this helps to solve your issue.

xmedeko commented 2 years ago

Yes, it may be a workaround for this particular problem, thanks. But still, keyExists has a problem that it returns false for every possible error code from reg.exe, but it should return false just when the key does exist only.