Under which root key hive would you find registry settings pertaining to active user profiles?
|
Have you ever wondered how to modify the registry of another user? The HKEY_CURRENT_USER registry hive is specific to each user, so in order to modify this for another user, we first need to identify where that information is stored. Show
In the later versions of Windows, it’s stored in the user directory in the file called NTUSER.DAT. This file is loaded every time a user logs on: C:\Users\ Now that we’ve identified the file that we’d like to modify, let’s dive in and modify the registry! There are many ways that we can modify the registry (Active Setup and Active Directory Group Policy Preferences come to mind), but since I am rather fond of PowerShell, I’d like to keep it as PowerShell-friendly as possible. Whatever your reasons, here’s a solution that will hopefully work for you. I’m going to split this blog post into two parts. The first part will cover the basics. The second part will cover the fancier stuff. Disclaimer: Use this information with a healthy dose of caution. It is never wise to modify the registry without a good reason, and even some good reasons aren’t always great justification. In other words, be responsible and test your scripts before using on production systems. We cannot be held responsible for any issues that you may encounter. Modify the Registry of Another UserBefore we can modify the HKEY_CURRENT_USER (HKCU) key of another user, we need to understand it a little bit better. The HKCU key is actually a pointer for the HKEY_USERS (HKU) key specific to a logged-in user and their security identifier (SID). You can see that in the Registry Editor: The HKU\ In order to modify the registry keys for a different user, we need to load their registry first. In the later versions of windows, it’s stored in the user directory as the file NTUSER.DAT. C:\Users\ Loading/Unloading ntuser.datIn order to load and unload a user’s ntuser.dat file, we’re going to use reg.exe (link for info). This built-in program allows us to access the registry directly from Powershell (or a command line). Usage of reg.exe to load and unload ntuser.dat files is pretty straightforward: Loading ntuser.datreg load reg load HKU\Fancy C:\Users\Vincent\ntuser.dat  Unloading ntuser.datThe Key has to include a valid root key, but the subkey can be anything you’d like. In my examples, I used the HKU (HKEY_USERS) root key and then loaded/unloaded Vincent’s ntuser.dat to the subkey Fancy. Putting it all togetherNow that we know how to load and unload the registry of a different user, we can use this in a PowerShell script to add/remove any keys for any user. Let’s say we want to create the following key for Vincent: HKCU\Software\FancyKey (see New-Item) # Load ntuser.dat reg load HKU\Vincent C:\users\vincent\NTUSER.DAT # Create a new key, close the handle, and trigger garbage collection $result = New-Item -Path 'Registry::HKEY_USERS\Vincent\Software\FancyStuff' $result.Handle.Close() [gc]::Collect() #Unload ntuser.dat reg unload HKU\Vincent Sometimes the user profile handle doesn’t close as quickly as you’d expect. Because of this, the section about garbage collection is necessary in order to close the handle that was created when creating a new key in the loaded ntuser.dat. See this StackOverflow post for more details. Kris Powell Kris was an employee at PDQ. Download PC Repair Tool to quickly find & fix Windows errors automatically The Windows Registry is the centralized configuration database for Windows NT and Windows 2000, as well as for applications. The
Registry in Windows 11/10/8/7 stores information about tuning parameters, device configuration, and user preferences. On disk, the Windows Registry isn’t simply one large file, but a set of discrete files called hives. Each hive contains a Registry tree, which has a key that serves as the root (i.e., starting point) of the tree. Subkeys and their values reside beneath the root. Location of Windows Registry filesThe Registry files are located in the following folder locations. The location of these registry hives are as follows:</p><ul><li>HKEY_LOCAL_MACHINE\SYSTEM : <em>\system32\config\system</em></li><li>HKEY_LOCAL_MACHINE\SAM : <em>\system32\config\sam</em></li><li>HKEY_LOCAL_MACHINE\SECURITY : <em>\system32\config\security</em></li><li>HKEY_LOCAL_MACHINE\SOFTWARE : <em>\system32\config\software</em></li><li>HKEY_USERS\UserProfile : <em>\winnt\profiles\username</em></li><li>HKEY_USERS.DEFAULT : <em>\system32\config\default</em></li></ul><p style="text-align:justify">The supporting files are as follows:</p><span id="ezoic-pub-ad-placeholder-826" class="ezoic-adpicker-ad"></span><span class="ezoic-ad ezoic-at-0 box-4 box-4826 adtester-container adtester-container-826" data-ez-name="thewindowsclub_com-box-4"><span id="div-gpt-ad-thewindowsclub_com-box-4-0" ezaw="728" ezah="90" style="position:relative;z-index:0;display:inline-block;padding:0;min-height:90px;min-width:728px" class="ezoic-ad"><script data-ezscrex="false" data-cfasync="false" style="display:none">if(typeof ez_ad_units!='undefined'){ez_ad_units.push([[728,90],'thewindowsclub_com-box-4','ezslot_2',826,'0','0'])};__ez_fad_position('div-gpt-ad-thewindowsclub_com-box-4-0'); Some hives are volatile and don’t have associated files. The system creates and manages these hives entirely in memory; the hives are therefore temporary. The system creates volatile hives every time the system boots. Examples are:
These files are database files, and only RegEdit, Regedit32, and Kernel32 can read them. The primary tool in Windows 11/10/8/7 for working directly with the registry is Registry Editor. Read: Make Windows automatically backup Registry. To access it, simply type Regedit in Start Menu Search Bar and hit Enter. If you need to read more on this, head over to TechNet. Bài Viết Liên Quan
Bản quyền © 2021 hoivdap.com Inc.
|
