Jump to content
Sign in to follow this  

Remote Registry - Cannot read HKCU? (limitation?)

Recommended Posts


Hey Guys,

I am working on a project to explore the different ways a computer can have its internet remotely "disabled", its on a large network environment in a school, the idea is a lab control program capable of disabling the internet on the fly, as fast as possible.

I do already have something which does this, however it is extremely slow as it is remotely importing an IPsec policy file which has access to port 8080 and port 80 blocked.

I am now looking at alternative methods, the current method is to blank out the proxy settings on the remote system (or set the proxy to disabled), whilst trying to check the concept, i have noted that i cannot remotely read the proxy part of the registry, here is my code:

Dim $CurrentProxy
Dim $ProxyOverride

$strPcName = "computername"

If 1 Then
    $CurrentProxy = RegRead("\\"&$strPcName&"\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\", "ProxyServer")
    $ProxyOverride = RegRead("\\"&$strPcName&"\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\", "ProxyOverride")

MsgBox(0, "Details are", "Proxy: " & $CurrentProxy & @CRLF & _
        "Proxy Exceptions: "&$ProxyOverride)

I have checked, and the Remote Registry service is indeed turned on, and i do have admin rights over the machine in question. I do note that when i connect to a remote registry from within regedit i do not see the HKCU and the HKCR.

Is this a limitation in the Remote Access abilities of RegRead? (and as such, all other remote registry activity?)

I was looking to do this without having to have a service running on the remote computer.

Also, all other suggestions towards disabling the internet access is welcome (i have a few other thoughts, this did however appear to be the easiest and cleanest approach)



Share this post

Link to post
Share on other sites

You can read HKCU but it is under the HKEY_USERS\(SID). You would either need to know the SID of the user or could probably do a RegEnumKey. There are some you can ignore like S-1-5-18,19,20 which are network users and system users.

Share this post

Link to post
Share on other sites

Cheers wkain1.. awesome first post :whistle:

It appears to me that S-1-5-21-(lot of other numbers) is the SID in most cases that i have looked, upto the 21 is always the same.

I have found some VBS based examples that can enumerate the currently logged in user and the SID of that user, then pass it back into my script.

So far, so good. Cheers for the help.

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  


Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.