Reputation: 41827
How to access HKCU registry of currently logged on user(s), from a service?
From within a windows service I want to check some user preferences that are stored within each users' HKCU registry area. How can I do this?
I see that HKEY_USERS has subkeys of each user that has logged in to the machine (or something like that?), and within these are the HKCU areas for each user. However, these subkeys are the SIDs of the users, so somehow I'd need to work out the SID of the currently logged in user(s).
I would then query HKEY_USERS\<the users SID>\whichever\key\i\need in place of querying HKEY_CURRENT_USER\whichever\key\i\need.
From this question I can get a list of the current users on the machine in DOMAIN\USER format. Is there a way to get the SID of a user from their windows login? Or is there a more direct way to get the registry path that is HKCU for the currently logged in user(s)?
Upvotes: 5
Views: 20007
Answers (4)
Reputation: 1712
Using PowerShell you can match them up:
Get-ItemProperty -path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\*" | select ProfileImagePath, PSChildName
You can even search by username (eg john):
Get-ItemProperty -path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\*" | ? {$_.ProfileImagePath -match "john"} | select ProfileImagePath, PSChildName
Bonus: reverse SID lookup using PowerShell (will return DOMAIN\USERNAME)
$objSID = New-Object System.Security.Principal.SecurityIdentifier ("S-1-5-21-2139915555-1840087203-3974481593-26737")
$objUser = $objSID.Translate( [System.Security.Principal.NTAccount])
$objUser.Value
Upvotes: 0
Reputation: 21
In HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList you will find the SID's of the existing profiles. The ProfileImagePath will give the path of the profile.
Most of the time this path is the username. But it could be another path if a similar path already existed when the profile was created.
The short SID's like S-1-5-18 (=> Local System) are default local accounts (https://support.microsoft.com/en-us/kb/243330)
Upvotes: 2
Reputation: 11
You can connect to their remote registry, then search the entire HKU key for their username (i.e. jsmith). Various entries reference their user profile; these will pop up then you can just look under which SID those entries are located. Bit of a roundabout way of doing it, but seems to work.
Upvotes: 1
Reputation: 754953
In order to do this you will need to do one of the following
- Impersonate the users credentials and access HKCU from that impersonation context
- Read the registry file directly off of disk (this has threading and data integrity implications).
I'm not 100% sure that #1 will work but I believe it will.
For either solution though you will need either the users credentials or access token in your process. This is not easily available because it's a security issue.
Upvotes: 1
Related Questions
- C# Access registry of another user
- Access the HKCU registry hive for an impersonated user in C#
- Cannot get user level registry value even using RegOpenCurrentUser from system service
- Getting Windows Service To Read Registry HKLM
- Updating HKEY_CURRENT_USER hive from a service
- c# Privileges for HKCU
- Access Guest account System Registry hive from a service application
- Access Windows Service Parameters in Registry from C#
- Read HKLM from windows service on windows 7
- Reading from registry as user on Vista / win 7