Windows – Read Local “HKEY_CURRENT_USER” from another user, windows batch/powershell

batchwindowswindows-registry

Ok is a tricky question, I know.
I have a software that runs validation scripts in all computers in network. I can create my own scripts too. But I found a problem that the script runs as specific user with admin rights. So, when my script checks the registry path: Computer\HKEY_CURRENT_USER is not actually the registry of the logged user but the user used for run the script.

Is there any way to run the command reg.exe inside the other logged user (without having the password)?

So far was trying:

:: Get the current console logged user 
for /F "tokens=1" %%f in ('query user ^| find "Active"') do set "ConsoleUser=%%f" 
:: clear the ">" character that sometimes is on the left of the user 
set ConsoleFinal=%ConsoleUser:*>=% 
:: enter the user folder (* at the end, if the user is part of a domain)  
cd c:\users\%ConsoleUser%*  
:: Import the other user registry reg load HKU\test ntuser.dat

But then I got the error that the ntuser.dat is in use (thats because the other user is logged in)

In resume: I need to check a registry key on current user but from script that is ran on different user.

Best Answer

If the user is logged in their registry will already be mounted into HKEY_USERS/%SID%.

In powershell you could setup a mapping to HKEY_USERS and then access the registry there. If I wanted to get the Conhost settings for the 'system' account I could do it like this.

PS > New-PSDrive -Name HKU -PSProvider Registry -Root HKEY_USERS
PS > Get-ItemProperty HKU:\S-1-5-18\Console\
Related Topic