Forum Discussion

bottsjw's avatar
bottsjw
New Member
5 years ago

One2Many registry changes for "CURRENT_USER" in a different user context than the authenticated user

We have tried various scripts to update our user's registry but the scripts seem to always run in the context of the account that has authenticated to run the script. This is less than ideal.

Is there a way, with a variable or something else to update the actual HKCU values for the user on that computer vs making edits to the registry in the context of the account that's been authenticated to run the script?

Happy to provide examples if that helps.

  • MaVeN's avatar
    MaVeN
    Contributor
    In order to change anything in the HKCU registry range your need to be accessing the machine as that user so that those keys are effected. This is true with BAT or VBS. I am not sure if Powershell can provide a solution. Hope this helps.
    • randallcorn's avatar
      randallcorn
      Active Contributor

      OK

       

      So my machines are on a domain.  I don't have the users password so I cannot log in as them.  I do have domain admin credentials.  Do you have an example of how I can make a registry entry if I have this type of access?

       

      Thanks,

       

      Randall

      • KLumley's avatar
        KLumley
        New Member

        This is less then ideal but it will work:

             -Open the LogMeIn Dashboard for the machine you're working with

             -Under Computer Management select Command Prompt

             -Run the following: reg load HKEY_USERS\ImportKyle "C:\Users\Kyle\ntuser.dat"

        The imported user hive will be visible at HKEY_USERS\ImportKyle

        From here you can manipulate the hive as usual

             - Get-ChildItem -Path Registry::HKEY_USERS\ImportKyle

             - Get-ItemProperty -Path Registry::HKEY_USERS\ImportKyle\Software\Microsoft\Office\Outlook

             - New-Item -Path Registry::HKEY_USERS\ImportKyle\Software\Microsoft\Windows\CurrentVersion\Test

         

        *The user will need to be logged out for this to work, only one process can lock the ntuser.dat file at a time.*

  • jdubyah's avatar
    jdubyah
    Active Contributor

    Seeing this as well. 

     

    Any way to resolve this? Can powershell resolve?