Home > Blockchain >  How to edit a registry key for all users on a remote machine
How to edit a registry key for all users on a remote machine

Time:09-30

I am trying to set a registry key for all users on a remote machine. I have a script that I've been using to edit registry entries in HKLM and it goes as follows:

$reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $computername)  
$regKey= $reg.OpenSubKey("SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon",$true)
$regKey.SetValue("DefaultUserName",$hostname,[Microsoft.Win32.RegistryValueKind]::String) 

I also have a piece that retreives user SIDs that goes like this:

$sids = (Get-WmiObject -Class Win32_UserProfile -computername $computername | Where{$_.LocalPath -notlike "*$env:SystemRoot*"}).sid

I am wanting to do a foreach loop to edit a registry setting for each individual SID, but I am having trouble going from using'local machine' to 'user'/'sid'. I have found ways to work with the user hive, but have been unable to find a way to plug in the sid.

CodePudding user response:

This connects to the RegHive HKEY_LOCAL_MACHINE

$reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $computername)

But as you say you want to set something for all users it has to be (HKEY_USERS):

$reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('Users', $computername)

If you want to set a key for all users the right path is:

#HKEY_USERS\.DEFAULT
$regkey = $reg.OpenSubKey(".Default")

If you want to set a key for a specific user the path is:

HKEY_USERS\[SID]
$regkey = $reg.OpenSubKey("[SID]")
#Sample how to loop
$sids = (Get-WmiObject -Class Win32_UserProfile -computername $computername | Where-Object {$_.LocalPath -notlike "$env:SystemRoot"}).sid

foreach ($sid in $sids){
    $regkey = $reg.OpenSubKey($sid)

}

Here $reg.OpenSubKey("$sid") you can add the path e.g. $reg.OpenSubKey("$sid\Control Panel")

CodePudding user response:

Thanks for the help Toni. I had to play with the syntax a bit and I threw in a try/catch since not every profile would have the registry key I'm looking for, but here is my final result:

$computername=Read-Host -prompt "Enter computer name"
$sids = (Get-WmiObject -Class Win32_UserProfile -computername $computername | Where{$_.LocalPath -notlike "*$env:SystemRoot*"}).sid
$reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('Users',$computername)
foreach ($sid in $sids)
{
$regkey = $reg.OpenSubKey("$sid\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Search",$true)
try{$regKey.SetValue("SearchboxTaskbarMode","0",[Microsoft.Win32.RegistryValueKind]::dword)}
catch{}
}
  • Related