0

I have a TFS build that runs on a server and requires a registry key to be available. More details about this here:

https://stackoverflow.com/a/25054572/426422

My problem is that once in a while this key vanishes from HKCU without a trace.

To my knowledge there aren't any server restores or anything going on. The user account the key is under is a tfs service account and so no user is logging in and doing anything out of the ordinary either.

What could cause a registry key in HKCU to just intermittently disappear like this?

Community
  • 1
Mike Cheel
  • 185
  • 1
  • 7

1 Answers1

0

You could run Process Monitor on the server and filter on that specific registry key. When it's deleted it will show up with who did it and then you can investigate why

Mass Nerder
  • 1,007
  • 5
  • 6
  • I don't think anyone is logging in as the service account and deleting anything. There are only two folks who know the password and one of them is me. – Mike Cheel Sep 29 '16 at 19:28
  • Running this will tell you who/what/when deleted it and then you can start you investigation of why – Mass Nerder Sep 29 '16 at 19:33
  • I understand about Process Monitor but I am asking if there are any common reasons aside from human intervention as to why a key could disappear. I've never heard of keys just vanishing. – Mike Cheel Sep 29 '16 at 19:35
  • you could have some configuration management software that is removing it, AV software, ect. You wont know until you perform the auditing with a tool – Mass Nerder Sep 29 '16 at 19:43