regcreateval "(default)"? (was Re: ILOVEYOU version 2.0 ..)

Peter Samuelson peter at
Fri May 19 15:40:27 GMT 2000

  [Peter Samuelson <peter at>]
> > Does that sound too drastic?  Any better ideas?  I am *really*
> > getting tired of this stuff.

[Michael H. Warfield <mhw at>]
> Not drastic enough...  If you find one, raise hell...  This one
> destroys systems by zeroing out all the files that it finds that are
> not in use.

Yeah.  Haven't seen it so far.  But I *have* discovered something this
morning, or rather I have failed to discover something.

How to create the default value for a registry key.  Remotely.

- NT REGEDT32.EXE won't go near a remote hkey_classes_root.
- NT REGEDIT.EXE pleads lack of permission to add values.
- TNG rpcclient ... well, it can add keys and values just fine, but I
  can't get it to add the *default* value for a key.

The issue is that I went through and deleted everyone's reg key:


which I now can't recreate for the machines I want to, because it's
supposed to have a default value of "VBScript".

In REGEDIT.EXE this shows up as the value named "(default)".  If you
export to a .REG file it is represented by "@".

Luke?  Anyone?  Is there a way to do this in rpcclient?  It's not
urgent or anything, just annoying.


More information about the samba-ntdom mailing list