Reputation: 945
Reading HKEY CURRENT USER from the registry in Python, specifying the user
In my application I run subprocesses under several different user accounts. I need to be able to read some of the information written to the registry by these subprocesses. Each one is writing to HKEY_CURRENT_USER, and I know the user account name that they are running under.
In Python, how can I read values from HKEY_CURRENT_USER for a specific user? I assume I need to somehow load the registry values under the user's name, and then read them from there, but how?
edit: Just to make sure it's clear, my Python program is running as Administrator, and I have accounts "user1", "user2", and "user3", which each have information in their own HKEY_CURRENT_USER. As Administrator, how do I read user1's HKEY_CURRENT_USER data?
Upvotes: 1
Views: 9946
Answers (3)
Reputation: 2388
If you don't want to install win32 stuff for Python and since you are already using subprocess, you can run built in Windows commands to get at the registry data you are looking for.
To query the SID of a particular user:
wmic useraccount where name='John' get sid
Then you can use that SID to query other registry entries for that particular user:
reg query HKEY_USERS\[SID]
For example, if you want to know the mounted network drives for a particular user:
reg query HKEY_USERS\S-1-5-21-4205028929-649740040-1951280400-500\Network /s /v RemotePath
The output will look something like this:
HKEY_USERS\S-1-5-21-4205028929-649740040-1951280400-500\Network\R
RemotePath REG_SZ \\MACHINENAME1\shared
HKEY_USERS\S-1-5-21-4205028929-649740040-1951280400-500\Network\T
RemotePath REG_SZ \\MACHINENAME2\testing
HKEY_USERS\S-1-5-21-4205028929-649740040-1951280400-500\Network\V
RemotePath REG_SZ \\MACHINENAME3\videos
End of search: 3 match(es) found.
which should be relatively simple to parse in Python.
References:
http://www.windows-commandline.com/get-sid-of-user/
https://superuser.com/questions/135752/list-mapped-network-drives-from-the-command-line-to-text-file
Upvotes: 0
Reputation: 41306
According to MSDN, HKEY_CURRENT_USER is a pointer to HKEY_USERS/SID of the current user. You can use pywin32 to look up the SID for an account name. Once you have this, you can use open and use the registry key with the _winreg module.
import win32security
import _winreg as winreg
sid = win32security.LookupAccountName(None, user_name)[0]
sidstr = win32security.ConvertSidToStringSid(sid)
key = winreg.OpenKey(winreg.HKEY_USERS, sidstr)
# do something with the key
Upvotes: 4
Reputation: 201
HKEY_CURRENT_USER maps to a HKEY_USERS\{id} key.
Try finding the id by matching the HKEY_USERS{id}\Volatile Environment\USERNAME key to the username of the user (by enumerating/iterating over the {id}s that are present on the system). When you find the match just use HKEY_USERS{id} as if it was HKEY_CURRENT_USER
Upvotes: 2
Related Questions
- Access denied writing to HKEY_CURRENT_USER in Python
- how can i know the user name that created the registry key in HKEY_LOCAL_MACHINE
- Read a single registry key value on a remote machine
- Windows Registry access for Python script
- write registry to hkey_current_user instead of hkey_users
- How do I use Python to retrieve Registry values?
- Accessing windows registry Python
- Read remote registry in python
- Setting Windows XP registry key permissions using Python
- Registry Entries for all users in Python