3 Replies Latest reply on Dec 12, 2016 4:42 PM by rcanino

    How to import a .reg file as part of package boot?


      I am trying to install Cisco Jabber client with Patch Manager. I can successfully create a package with the install MSI and deploy via WSUS without a problem.


      However, there are nine certificates for the Jabber Servers that need to be installed in the User's Enterprise Trust as well, so the user is not prompted to install them when they launch Jabber (HKEY_CURRENT_USER\Software\Microsoft\System Certificates\Trust). I have a .reg file with the certificates in them. This part is very important to management.


      I added a .reg file to the package and then had package boot run regedit.exe with /S jabbercert.reg as command line arguments, with the option set to continue if this task fails.


      When I deploy this package, it downloads to the workstation okay, and then says it installs successfully, but neither the client nor the certificates are present. This is the only difference between the two packages, is the inclusion of the instruction to run regedit.


      What could be causing this to happen? Any ideas how I can accomplish this with Patch Manager?

        • Re: How to import a .reg file as part of package boot?

          Patch Manager packages run under the SYSTEM context so any changes to HKEY_Current_User will affect the SYSTEM profile and not any other users. There is no simple way to modify specific user registry values within a package. The only way I would see this working is if you wrote a script that iterates through all the existing user hives and makes the changes but if a new user logged in after the fact the changes would not be present. If you can add the certs to the machine and have it work for all users that would be preferable. If that isn't an option then I would use Group Policy Preferences to set the required registry keys at a user level.

          1 of 1 people found this helpful
            • Re: How to import a .reg file as part of package boot?

              A script to add to the existing user hives would be fine, although I am not entirely sure how to do that, but that's a starting point. 


              There isn't a concern about a new user logging in, these are single user laptops. It just needs to be installed for the current profile.


              Group policy preferences are, unfortunately, not an option for a significant segment of our users who do not log into the domain, or if they do, they do not have DNS registration enabled and so the remote registry fails. I have been tasked to apply this uniformly to all users regardless of their connection.


              So you think the issue is that I am trying to write to HKCU, and if I run a regedit in a package to install to the user hives directly that would work?

              • Re: How to import a .reg file as part of package boot?

                I made an MSI file to copy my REG files over to the workstation, then had package boot execute the one for HKLM to set up the second to run as Active Setup under the user's context. It worked flawlessly. It was definitely the fact that the package was trying to write to the HKCU hive that was the issue.