IT Management Suite

Is there a way to send a task/job  consisting of registry edits that have to go into HKEY_CURRENT_USER regardless of the user being signed on or not?

Yes.  However, it's important to understand that when no user is logged in, there is no user registry hive loaded.  So you must first mount the hive of the user you want to modify then you can make edits to that hive.  What I recommend is a script that enumerates all user profiles on a machine, mount one user hive at a time, making the edit on each.  Similarly, if you want a script to run as one user (e.g. SYSTEM) and modify settings within a user hive for another user who is logged in, you would need to enumerate the mounted hives under HKU to update all mounted hives.  

Example steps to mount a user hive: 

reg load HKU\TEMP "C:\users\sampleuser\ntuser.dat"

reg add HKU\TEMP\Software\Acme\Product /v MySetting /t REG_DWORD /d 1

reg unload HKU\TEMP

------------------------------
Joe
------------------------------

Original Message:
Sent: Mar 07, 2023 02:58 PM
From: Stephen Jaeger
Subject: HKEY_CURRENT_USER

Is there a way to send a task/job  consisting of registry edits that have to go into HKEY_CURRENT_USER regardless of the user being signed on or not?

Hello,

This thread is very interesting for me also.

We have had the need to run a PS1 script (but as "current logged user")
within a batch script that must be executed with a local system account,
adding that bat file to a software package and use it within a software
policy.

The problem is that we dont know how to run PS1 script as "Current logged
user", so what I had to do is to run the batch script for one side and then
create a different task with the PS1 execution but in "Run options"
selecting as "Current logged user", adding this second task is also part of
the policy.

So if someone can tell me how to run the PS1 script within the batch script
but running as "current logged user" it would be wonderful !




Best Regards / Saludos
___________________________

PABLO LLORENTE ABAD
EMEA Workplace Services , Workplace Specialist

Calle Albasanz 14, 4th floor
Madrid , Spain
Mobile +34 672746460
*pablo.llorente@holcim.com <pablo.llorente@holcim.com>**
<http: www.holcim.com/="">*
*www.holcim.com <http: www.holcim.com/="">*

Follow us on Facebook <https: www.facebook.com/lafargeholcimitemea/=""> |
Twitter <https: twitter.com/lhitemea=""> | LinkedIn
<https: www.linkedin.com/company/lafargeholcimitemea/="">

*To visit our Workplace Connect site click here
<https: connect.lafargeholcim.com/emea-digital-center/functions/it-security/emea-workplace-services="">*

This email is confidential and intended only for the use of the above named
addressee. If you have received this email in error, please delete it
immediately and notify us by email or telephone.


Original Message:
Sent: 3/8/2023 12:35:00 AM
From: JOE.PS1
Subject: RE: HKEY_CURRENT_USER

Yes.  However, it's important to understand that when no user is logged in, there is no user registry hive loaded.  So you must first mount the hive of the user you want to modify then you can make edits to that hive.  What I recommend is a script that enumerates all user profiles on a machine, mount one user hive at a time, making the edit on each.  Similarly, if you want a script to run as one user (e.g. SYSTEM) and modify settings within a user hive for another user who is logged in, you would need to enumerate the mounted hives under HKU to update all mounted hives.  

Example steps to mount a user hive: 

reg load HKU\TEMP "C:\users\sampleuser\ntuser.dat"

reg add HKU\TEMP\Software\Acme\Product /v MySetting /t REG_DWORD /d 1

reg unload HKU\TEMP

------------------------------
Joe
------------------------------

Original Message:
Sent: Mar 07, 2023 02:58 PM
From: Stephen Jaeger
Subject: HKEY_CURRENT_USER

Is there a way to send a task/job  consisting of registry edits that have to go into HKEY_CURRENT_USER regardless of the user being signed on or not?

</https:></https:></https:></https:></http:></http:></pablo.llorente@holcim.com>

Pablo,

The way you're doing it is the best way, have two separate tasks / packages with one set to run as system and one set to run as current user.  Keep in mind that if no one is logged in, the current user task will fail.  

Your script running as system wouldn't have the ability to launch a child process as the logged in user unless you use a tool like PSEXEC and knew the users credentials.  

------------------------------
Joe
------------------------------

Original Message:
Sent: Mar 08, 2023 03:19 AM
From: Pablo Llorente
Subject: HKEY_CURRENT_USER

Hello,

This thread is very interesting for me also.

We have had the need to run a PS1 script (but as "current logged user")
within a batch script that must be executed with a local system account,
adding that bat file to a software package and use it within a software
policy.

The problem is that we dont know how to run PS1 script as "Current logged
user", so what I had to do is to run the batch script for one side and then
create a different task with the PS1 execution but in "Run options"
selecting as "Current logged user", adding this second task is also part of
the policy.

So if someone can tell me how to run the PS1 script within the batch script
but running as "current logged user" it would be wonderful !




Best Regards / Saludos
___________________________

PABLO LLORENTE ABAD
EMEA Workplace Services , Workplace Specialist

Calle Albasanz 14, 4th floor
Madrid , Spain
Mobile +34 672746460
*pablo.llorente@holcim.com

------------------------------
Giles
------------------------------

Original Message:
Sent: Mar 07, 2023 02:58 PM
From: Stephen Jaeger
Subject: HKEY_CURRENT_USER

Is there a way to send a task/job  consisting of registry edits that have to go into HKEY_CURRENT_USER regardless of the user being signed on or not?

I do this with PowerShell-

Go to this section below to modify the reg key  you want -  # This is where you can read/modify a users portion of the registry 

# Regex pattern for SIDs
$PatternSID = 'S-1-5-21-\d+-\d+\-\d+\-\d+$'
 
# Get Username, SID, and location of ntuser.dat for all users
$ProfileList = gp 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\*' | Where-Object {$_.PSChildName -match $PatternSID} | 
    Select  @{name="SID";expression={$_.PSChildName}}, 
            @{name="UserHive";expression={"$($_.ProfileImagePath)\ntuser.dat"}}, 
            @{name="Username";expression={$_.ProfileImagePath -replace '^(.*[\\\/])', ''}}
 
# Get all user SIDs found in HKEY_USERS (ntuder.dat files that are loaded)
$LoadedHives = gci Registry::HKEY_USERS | ? {$_.PSChildname -match $PatternSID} | Select @{name="SID";expression={$_.PSChildName}}
 
# Get all users that are not currently logged
$UnloadedHives = Compare-Object $ProfileList.SID $LoadedHives.SID | Select @{name="SID";expression={$_.InputObject}}, UserHive, Username
 
# Loop through each profile on the machine
Foreach ($item in $ProfileList) {
    # Load User ntuser.dat if it's not already loaded
    IF ($item.SID -in $UnloadedHives.SID) {
        reg load HKU\$($Item.SID) $($Item.UserHive) | Out-Null
    }
 
    #####################################################################
    # This is where you can read/modify a users portion of the registry 
 

 $key = "Registry::HKEY_USERS\$($Item.SID)\Software\Policies\Microsoft\office\16.0\outlook\preferences"
New-Item -Path $key -Force | Out-Null
New-ItemProperty -Path $key -Name "ShowAutoSug" -Value 0x00000000 -PropertyType DWORD -Force | Out-Null
    
    #####################################################################
 
    # Unload ntuser.dat        
    IF ($item.SID -in $UnloadedHives.SID) {
        ### Garbage collection and closing of ntuser.dat ###
        [gc]::Collect()
        reg unload HKU\$($Item.SID) | Out-Null
    }
}

Original Message:
Sent: Mar 07, 2023 02:58 PM
From: Stephen Jaeger
Subject: HKEY_CURRENT_USER

Is there a way to send a task/job  consisting of registry edits that have to go into HKEY_CURRENT_USER regardless of the user being signed on or not?

I create a task and run as Poweshell -

Go to this part below and make the reg changes you need. - # This is where you can read/modify a users portion of the registry 

# Regex pattern for SIDs
$PatternSID = 'S-1-5-21-\d+-\d+\-\d+\-\d+$'
 
# Get Username, SID, and location of ntuser.dat for all users
$ProfileList = gp 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\*' | Where-Object {$_.PSChildName -match $PatternSID} | 
    Select  @{name="SID";expression={$_.PSChildName}}, 
            @{name="UserHive";expression={"$($_.ProfileImagePath)\ntuser.dat"}}, 
            @{name="Username";expression={$_.ProfileImagePath -replace '^(.*[\\\/])', ''}}
 
# Get all user SIDs found in HKEY_USERS (ntuder.dat files that are loaded)
$LoadedHives = gci Registry::HKEY_USERS | ? {$_.PSChildname -match $PatternSID} | Select @{name="SID";expression={$_.PSChildName}}
 
# Get all users that are not currently logged
$UnloadedHives = Compare-Object $ProfileList.SID $LoadedHives.SID | Select @{name="SID";expression={$_.InputObject}}, UserHive, Username
 
# Loop through each profile on the machine
Foreach ($item in $ProfileList) {
    # Load User ntuser.dat if it's not already loaded
    IF ($item.SID -in $UnloadedHives.SID) {
        reg load HKU\$($Item.SID) $($Item.UserHive) | Out-Null
    }
 
    #####################################################################
    # This is where you can read/modify a users portion of the registry 
 

 $key = "Registry::HKEY_USERS\$($Item.SID)\Software\Policies\Microsoft\office\16.0\outlook\preferences"
New-Item -Path $key -Force | Out-Null
New-ItemProperty -Path $key -Name "ShowAutoSug" -Value 0x00000000 -PropertyType DWORD -Force | Out-Null
    
    #####################################################################
 
    # Unload ntuser.dat        
    IF ($item.SID -in $UnloadedHives.SID) {
        ### Garbage collection and closing of ntuser.dat ###
        [gc]::Collect()
        reg unload HKU\$($Item.SID) | Out-Null
    }
}

Original Message:
Sent: Mar 07, 2023 02:58 PM
From: Stephen Jaeger
Subject: HKEY_CURRENT_USER

Is there a way to send a task/job  consisting of registry edits that have to go into HKEY_CURRENT_USER regardless of the user being signed on or not?