How can I retrieve the home directory/profile path of a different local user with Windows Powershell-CodePudding

Rather than looking for "$env:HOMEDIR", I'm looking for a way to query the home directory of a different user account. The powershell equivalent of "~bob".

I attempted using [ADSI]:

# After creating a local account called 'other.user'
PS> $user = [ADSI]'WinNT://localhost/other.user,user'
PS> $user.name
other.user
PS> $user.HomeDirectory

PS>

even when executed from the Administrator account in an elevated powershell.

For sanity, I tried doing the same check on the existing user:

PS> $user = [ADSI]('WinNT://localhost/{0},user' -f [Environment]::UserName)
PS> $user.name
this.user    # paraphrase
PS> $user.HomeDirectory

PS> $user.properties.HomeDirectory

PS>

CodePudding user response：

You can combine Get-CimInstance with Get-LocalUser:

$userName = 'other.user'
(
  Get-CimInstance Win32_UserProfile -Filter "SID = '$((Get-LocalUser $userName).Sid)'"
).LocalPath

This outputs the path of the targeted user's profile directory, such as C:\Users\other.user.

Note: The profile directory is typically, but not necessarily the same as a user's home directory - the latter can be configured to point elsewhere, such as to a network share.

As for what you tried:

The relevant properties of the System.DirectoryServices.DirectoryEntry (whose type accelerator is [adsi]) instance should be .HomeDirDrive and .HomeDirectory, but at least on my Windows 10 machine they aren't populated; e.g.:

PS> ([adsi] 'WinNT://localhost/jdoe,user') | Format-List *

UserFlags                  : {66081}
MaxStorage                 : {-1}
PasswordAge                : {223163501}
PasswordExpired            : {0}
LoginHours                 : {255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255 255}
FullName                   : {}
Description                : {}
BadPasswordAttempts        : {0}
LastLogin                  : {10/28/2022 10:00:28 PM}
HomeDirectory              : {}
LoginScript                : {}
Profile                    : {}
HomeDirDrive               : {}
Parameters                 : {}
PrimaryGroupID             : {513}
Name                       : {jdoe}
MinPasswordLength          : {0}
MaxPasswordAge             : {3628800}
MinPasswordAge             : {0}
PasswordHistoryLength      : {0}
AutoUnlockInterval         : {1800}
LockoutObservationInterval : {1800}
MaxBadPasswordsAllowed     : {0}
objectSid                  : {1 5 0 0 0 0 0 5 21 0 0 0 138 17 81 5 112 18 82 80 207 62 20 77 230 3 0 0}
AuthenticationType         : Secure
Children                   : {}
Guid                       : {D83F1060-1E71-11CF-B1F3-02608C9E7553}
ObjectSecurity             :
NativeGuid                 : {D83F1060-1E71-11CF-B1F3-02608C9E7553}
NativeObject               : System.__ComObject
Parent                     : WinNT://WORKGROUP/localhost
Password                   :
Path                       : WinNT://localhost/jdoe,user
Properties                 : {UserFlags, MaxStorage, PasswordAge, PasswordExpired...}
SchemaClassName            : User
SchemaEntry                : System.DirectoryServices.DirectoryEntry
UsePropertyCache           : True
Username                   :
Options                    :
Site                       :
Container                  :

CodePudding user response：

The other alternative to complement mklement0's helpful answer can be to query the registry directly, this combines Get-LocalUser with Get-ItemPropertyValue:

$sid = (Get-LocalUser other.user).Sid
Get-ItemPropertyValue "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\$sid" -Name ProfileImagePath