Announcement

Collapse
No announcement yet.

Which registry branch is the current user stored in?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Which registry branch is the current user stored in?

    I have a user, XYZ, who is logged onto a workstation but wants his wallpaper changed. He cannot do this himself as the GPOs have severly restricted his workstation, but I was wondering if I can use the Remote Registry to change it for him as I do not have remote access to this workstation.

    There are a number of user hives in the registry on his workstation, so how do I know which one belongs to his logon?

    Thanks.
    |
    +-- JDMils
    |
    +-- Regional Systems Engineer, DotNet programmer & Jack of all trades
    |

  • #2
    Re: Which registry branch is the current user stored in?

    HKey_Current_User is probably a good start.

    Failing that, search HKey_Users for the user guid (You can find it following the last post here: http://www.sadikhov.com/forum/index....owtopic=124525 or here: http://blogs.technet.com/b/heyscript...nd-domain.aspx) and edit that.
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Which registry branch is the current user stored in?

      As Ossian said, HKEY_CURRENT_USER is the key to look at for the currently logged on user. If you're acccessing the registry remotely, and the user is currently logged on to the workstation, then this is the key you want to look at.

      Comment


      • #4
        Re: Which registry branch is the current user stored in?

        Really ? I just sat my wife, with no IT experience, in front of Regedit, and asked her if she could figure out which hive related to the logged on user, and she got it in 15 seconds.

        I've also tried changing desktop pictures remotely using methods like this, and failed.. I'm not sure if you can actually do this.
        Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

        Comment


        • #5
          Re: Which registry branch is the current user stored in?

          If you have GPO's that are restricitng his logon session then why would you want him to change his desktop???

          Comment


          • #6
            Re: Which registry branch is the current user stored in?

            Originally posted by tehcamel View Post
            Really ? I just sat my wife, with no IT experience, in front of Regedit, and asked her if she could figure out which hive related to the logged on user, and she got it in 15 seconds.

            I've also tried changing desktop pictures remotely using methods like this, and failed.. I'm not sure if you can actually do this.
            I bet she can't do the same using a remote registry connection like I asked in my original post! From a remote registry connection, all you see is HKLM & HKU.
            |
            +-- JDMils
            |
            +-- Regional Systems Engineer, DotNet programmer & Jack of all trades
            |

            Comment


            • #7
              Re: Which registry branch is the current user stored in?

              true. but then, she's not a sysadmin, so I wouldn't expect her to know about sid2user.
              Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

              Comment


              • #8
                Re: Which registry branch is the current user stored in?

                In danger of going off topic here, guys.....

                See my post #2 for ways of establishing the user from the guid.
                Note this may have to be done when the user is logged off as, IIRC, HKCU overwrites the tree in HKU on logoff
                Tom Jones
                MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                PhD, MSc, FIAP, MIITT
                IT Trainer / Consultant
                Ossian Ltd
                Scotland

                ** Remember to give credit where credit is due and leave reputation points where appropriate **

                Comment


                • #9
                  Re: Which registry branch is the current user stored in?

                  Originally posted by Ossian View Post
                  See my post #2 for ways of establishing the user from the guid.
                  Note this may have to be done when the user is logged off as, IIRC, HKCU overwrites the tree in HKU on logoff
                  ) The user should be logged on as HKCU will be updated directly when you edit HKU\user'ssid
                  ) Cannot use the user object's GUID - user profile hives are located under the "HKEY_USERS\SID-of-a-currently-loggedon-user" key.


                  Obtain SID:
                  Code:
                  PsGetSid.exe \\computername username

                  First, install the wallpaper on a reference computer.
                  And copy the *.BMP file from "C:\Documents and Settings\My-Account\Local Settings\Application Data\Microsoft\*.BMP"
                  to: "\\computername\C$\Documents and Settings\username\Local Settings\Application Data\Microsoft\"

                  (Note, to be sure that for the user's profile path on the remote computer the excact user name was used (there could somtimes be unexpected trailing characters! added to the user's foldername) - this is how to retrieve the user's actual "Local Settings\Application Data\" path:
                  Code:
                  Reg.exe QUERY "\\computername\HKU\SID-of-a-currently-loggedon-user\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders" /v "Local AppData" |find /i "Local AppData"
                  Then, edit the registry
                  Code:
                  Reg.exe ADD "\\computername\HKU\SID-of-a-currently-loggedon-user\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d "path\to\wallpaperfile.bmp" /f
                  or, Probably this will work too (this sample will copy all items in the key and subkeys! from this computer to the remote computer):
                  Reg.exe copy "HKCU\Control Panel\Desktop" "\\computername\HKU\SID-of-a-currently-logged on-user\Control Panel\Desktop" /f /s


                  Finally, to load the new wallpaper, eighter the user have to log-off &-on
                  OR, run (remotely by using psExec.exe):
                  Code:
                  %windir%\System32\RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
                  (Mind case in UpdatePerUserSystemParameters)


                  \Rems
                  Last edited by Rems; 12th October 2010, 08:26.

                  This posting is provided "AS IS" with no warranties, and confers no rights.

                  __________________

                  ** Remember to give credit where credit's due **
                  and leave Reputation Points for meaningful posts

                  Comment

                  Working...
                  X