Get remote registry for logged in user

Question

I have seen many examples on the net about getting remote registry but I want to check the folder redirection for logged in users not the user I run the script as.

Is this even possible using PowerShell? Before I joined this company their IT was outsourced and the whole AD/GPO everything is a big big mess. Some users are redirecting and some are not so I want to check who has the redirection enabled without having to go to each computer physically.

$reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('CurrentUser','10.0.0.113')
$regkey = $reg.OpenSubKey("Software\\Microsoft\\Windows\CurrentVersion\\Explorer\\User Shell Folders")
$regkey.GetValue("Personal")

I tried this but again only shows me information about the admin user account that the script runs as.

Answer 1

It's possible, but would require finding out who is currently logged in, then loading their ntuser.dat file into the registry.

$computer = '...'
$qry = 'SELECT * FROM Win32_Process WHERE Name="explorer.exe"'
$key = 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'

$username = (Get-WmiObject -Computer $computer -Query $qry).GetOwner().User

Invoke-Command -Computer $computer -ScriptBlock {
  & reg load "HKU\foo C:\Users\$using:username\ntuser.dat" | Out-Null
  (Get-ItemProperty "HKU:\foo\$using:key").Personal
  & reg unload 'HKU\foo' | Out-Null
}

A simpler approach might be using a logon script to write the information to a file (either on the user's computer or a central share), so you can collect the information from there:

$key    = 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
$output = "\\server\share\$env:USERNAME.txt"

Get-ItemProperty "HKCU:\$key" | Select-Object -Expand Personal |
  Set-Content $output