Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

HKEY_USERS/NTUSER.Dat Question

Status
Not open for further replies.
greg0303

greg0303

Technical User
May 5, 2006
94
CA
I am wondering if this is possible or not. What I would like to do is connect to a computer and scan through users registries for certain keys and values. I have a script which checks the values of the current logged on user going through HKEY_Users and resolving their username to and SID then doing the scan. What I want to do is to script loading the NTUSER.Dat of each user and scanning the registry. Is there a way to script loading a hive then unloading a hive of a remote computer?
 
Sort by date Sort by votes
Sounds like you already have what you need. HKEY_CURRENT_USER is a dynamic hive that only points to the HKEY_USERS hive with a starting point of the SID.

You will need to use WMI to do your recursive search of the remote registries since vbscript only works local for registry reads.


I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
 
Upvote 0 Downvote
I have been using my WMI query using HKEY_USER\User's SID\Path? But this will only return for the current logged on user. Should I use HKEY_CURRENT_USER\User's Sid\Reg Path?
 
Upvote 0 Downvote
Use HKEY_USERS

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
 
Upvote 0 Downvote
I still cannot read the reg of a user that is not currently loaded. I have already obtained the Sid and placed it in variable 'asid' Here is my code:

HKEY_USERS = &H80000003
strcomputer = "Network1"
strKeyPath = asid & "\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles"

Set oReg=GetObject( _
"winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")
strValueName = "DefaultProfile"
oReg.GetStringValue _
HKEY_USERS,strKeyPath,strValueName,dwValue

msgbox "Default Profile: " & dwValue

If I remotely connect to the computers registry and manualy load the hive of the users NTUser.dat file then rerun the script it works. Am I missing something in this code or do I need to load the hive first and if so how do you do that with VBScript?
 
Upvote 0 Downvote
See this thread to see if it helps in what you are trying to accomplish:


You might be able to use or create a combination of yours and the one posted to read remote user reg info.

--------------------------------------------------------------------------------
dm4ever
My philosophy: K.I.S.S - Keep It Simple Stupid
 
Upvote 0 Downvote
Thanks, that "reg load" part is what I needed.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

jarves123
  • Locked
  • Question
vbscript split array question
Replies
8
Views
279
strongm
strongm
bloaty
  • Locked
  • Question
help needed with attempt at Windows Backticks equivelant or Stdout-to-var question please!
Replies
0
Views
101
bloaty
bloaty
Petersburg
  • Locked
  • Question
MS Outlook Notes field functional question
Replies
0
Views
70
Petersburg
Petersburg
boesdorf
  • Locked
  • Question
AS400 Upload Macro PCOMM Script - Variable Loop Question
Replies
4
Views
211
guitarzan
guitarzan
Briandr
  • Locked
  • Question
question on WshShell.Runas
Replies
2
Views
60
markdmac
markdmac

Part and Inventory Search

Sponsor

Back
Top