how do i run the script to modify registry changes, not sure if the script is not working or the command to call the file is incorrect

Question

i am trying to create a package in Tanium to add registry key and values. below is the code that i am using and this is all saved as ms11-124.py

import winreg as rg
createnewkey = rg.CreateKeyEx(rg.HKEY_LOCAL_MACHINE,"SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING",0,rg.KEY_ALL_ACCESS)
creatingkeyvalue = rg.SetValueEx(createnewkey,"iexplorer.exe",0,rg.REG_DWORD, "1" )

createnewkey2 = rg.CreateKeyEx(rg.HKEY_LOCAL_MACHINE,"SOFTWARE\\Wow6432Node\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING",0,rg.KEY_ALL_ACCESS)
creatingvalue = rg.SetValueEx(createnewkey2,"iexplorer.exe",0,rg.REG_DWORD, "1" )

to call this attached .pyfile : cmd /c ..\..\Python27\Tpython.exe ms15-124.py

---

When I run the package to a test machine, the deployment says its successfully completed with exit code 0 but when I login to server to check the registry key, no changes are found there. Need help in executing/calling the script successfully.

Answer 1

Does the code successfully updates the key if you run it locally?

Also, does the sub_key

FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING

exists in the remote machine?

I also recommend to address the sub_key path as raw string due to the backslash esacping:

REG_PATH = r'SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING'

Lastly, do you run the script as administrator?

I've used your code with minor changes, and it seems to work on my machine after I created the sub_key (FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING) manually as it didn't exist in my machine.

import winreg as rg

REG_PATH = r'SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING'


def set_reg(name, value):
    try:
        key = rg.CreateKey(rg.HKEY_LOCAL_MACHINE, REG_PATH)
        rg.SetValueEx(key, name, 0, rg.REG_SZ, value)
        return True
    except WindowsError as e:
        return e


def get_reg(name):
    try:
        registry_key = rg.OpenKey(rg.HKEY_LOCAL_MACHINE, REG_PATH, 0, rg.KEY_READ)
        value, regtype = rg.QueryValueEx(registry_key, name)
        return value
    except WindowsError as e:
        return e


print(REG_PATH)
print("current value:", get_reg('iexplorer.exe'))
print("setting key value to 1")
set_reg('iexplorer.exe', str(1))
print("current value:", get_reg('iexplorer.exe'))

output:

SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING
current value: 0
setting key value to 1
current value: 1