cancel
Showing results for 
Search instead for 
Did you mean: 
bottsjw
New Member

One2Many registry changes for "CURRENT_USER" in a different user context than the authenticated user

We have tried various scripts to update our user's registry but the scripts seem to always run in the context of the account that has authenticated to run the script. This is less than ideal.

Is there a way, with a variable or something else to update the actual HKCU values for the user on that computer vs making edits to the registry in the context of the account that's been authenticated to run the script?

Happy to provide examples if that helps.

4 REPLIES 4
jdubyah
Active Contributor

Re: One2Many registry changes for "CURRENT_USER" in a different user context than the auth

Seeing this as well. 

 

Any way to resolve this? Can powershell resolve?

MaVeN
Contributor

Re: One2Many registry changes for "CURRENT_USER" in a different user context than the auth

In order to change anything in the HKCU registry range your need to be accessing the machine as that user so that those keys are effected. This is true with BAT or VBS. I am not sure if Powershell can provide a solution. Hope this helps.
randallcorn
Active Contributor

Re: One2Many registry changes for "CURRENT_USER" in a different user context than the auth

OK

 

So my machines are on a domain.  I don't have the users password so I cannot log in as them.  I do have domain admin credentials.  Do you have an example of how I can make a registry entry if I have this type of access?

 

Thanks,

 

Randall

KLumley
New Member

Re: One2Many registry changes for "CURRENT_USER" in a different user context than the auth

This is less then ideal but it will work:

     -Open the LogMeIn Dashboard for the machine you're working with

     -Under Computer Management select Command Prompt

     -Run the following: reg load HKEY_USERS\ImportKyle "C:\Users\Kyle\ntuser.dat"

The imported user hive will be visible at HKEY_USERS\ImportKyle

From here you can manipulate the hive as usual

     - Get-ChildItem -Path Registry::HKEY_USERS\ImportKyle

     - Get-ItemProperty -Path Registry::HKEY_USERS\ImportKyle\Software\Microsoft\Office\Outlook

     - New-Item -Path Registry::HKEY_USERS\ImportKyle\Software\Microsoft\Windows\CurrentVersion\Test

 

*The user will need to be logged out for this to work, only one process can lock the ntuser.dat file at a time.*