Sign in to follow this  
Followers 0
tAKTelapis

Remote Registry - Cannot read HKCU? (limitation?)

4 posts in this topic

Hey Guys,

I am working on a project to explore the different ways a computer can have its internet remotely "disabled", its on a large network environment in a school, the idea is a lab control program capable of disabling the internet on the fly, as fast as possible.

I do already have something which does this, however it is extremely slow as it is remotely importing an IPsec policy file which has access to port 8080 and port 80 blocked.

I am now looking at alternative methods, the current method is to blank out the proxy settings on the remote system (or set the proxy to disabled), whilst trying to check the concept, i have noted that i cannot remotely read the proxy part of the registry, here is my code:

Dim $CurrentProxy
Dim $ProxyOverride

$strPcName = "computername"

If 1 Then
    $CurrentProxy = RegRead("\\"&$strPcName&"\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\", "ProxyServer")
    $ProxyOverride = RegRead("\\"&$strPcName&"\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\", "ProxyOverride")
EndIf

MsgBox(0, "Details are", "Proxy: " & $CurrentProxy & @CRLF & _
        "Proxy Exceptions: "&$ProxyOverride)

I have checked, and the Remote Registry service is indeed turned on, and i do have admin rights over the machine in question. I do note that when i connect to a remote registry from within regedit i do not see the HKCU and the HKCR.

Is this a limitation in the Remote Access abilities of RegRead? (and as such, all other remote registry activity?)

I was looking to do this without having to have a service running on the remote computer.

Also, all other suggestions towards disabling the internet access is welcome (i have a few other thoughts, this did however appear to be the easiest and cleanest approach)

Regards

/tAK

Share this post


Link to post
Share on other sites



You can read HKCU but it is under the HKEY_USERS\(SID). You would either need to know the SID of the user or could probably do a RegEnumKey. There are some you can ignore like S-1-5-18,19,20 which are network users and system users.

Share this post


Link to post
Share on other sites

Cheers wkain1.. awesome first post :whistle:

It appears to me that S-1-5-21-(lot of other numbers) is the SID in most cases that i have looked, upto the 21 is always the same.

I have found some VBS based examples that can enumerate the currently logged in user and the SID of that user, then pass it back into my script.

So far, so good. Cheers for the help.

Share this post


Link to post
Share on other sites

No prob. Glad I could help!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0