I have 2 users:
Domain\Me (domain user)
.\MeAdmin (local administrator)
I frequently have to update my registry for multiple purposes (IE trusted sites, override policies, etc.).
e.g.
[HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gov.pt]
[HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gov.pt\portaldasfinancas]
"https"=dword:00000001
"http"=dword:00000001
My problem lies with the fact that have been told that I cannot make myself (domain account) local admin, I have to use an independent local admin account for all administrator tweaks.
The thing is, if I run this as user .\MeAdmin, it will run current user of MeAdmin and not user Domain\Me; if I run as Domain\Me, I will bump into permissions wall.
Is there a way to assign Domain\Me permissions to edit registry without being Administrator, or update current user of that account through local admin?
Note: I've read about remote registry connections, but I was hoping to still run this as a script/shell for automation purposes.
Update:
When I run through domain user (all HKEY_CURRENT_USER entries):
Answer
To access another user's registry:
You must use the full path – you need
HKEY_USERS\
instead ofHKEY_CURRENT_USER
(which is only a symlink to the former), and likewiseHKEY_USERS\
instead of_Classes HKEY_CLASSES_ROOT
. Usewhoami /user
to figure out your SID.The registry hive must be loaded (mounted) – each user's registry is stored in their own
ntuser.dat
file (HKCU) andUsrClass.dat
(HKCR) separately from the system registry (loaded/unloaded on login/logout).In case the target user isn't logged in, you can use
reg load
or the similar Regedit menu item to mount their ntuser.dat under HKU (but don't forget to unload it later, or that user might be unable to log in).The registry keys (folders) must have the correct permissions allowing write by another user – they work more-or-less the same way as file permissions; open Regedit, right-click a folder, choose "Permissions…", and add the user which is doing the modifications.
No comments:
Post a Comment