Ghost21 Posted July 31, 2007 Share Posted July 31, 2007 I'm trying to find this key on say 50 computers .. \HKEY_USERS\S-1-5-21-3710774075-2757586091-1839342869-1190\Software\Microsoft\Internet Explorer\TypedURLs The " S-1-5-21-3710774075-2757586091-1839342869-1190 " keeps changing on different pcs... can I regread with like an * or something like that ???/ Help please !!!! Link to comment Share on other sites More sharing options...
DW1 Posted July 31, 2007 Share Posted July 31, 2007 (edited) HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs EDIT: This will pull from the locally loaded hive Edited July 31, 2007 by danwilli AutoIt3 Online Help Link to comment Share on other sites More sharing options...
Ghost21 Posted July 31, 2007 Author Share Posted July 31, 2007 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLsEDIT: This will pull from the locally loaded hiveThanks but it has to be --> S-1-5-21-3710774075-2757586091-1839342869-1190 <-- only the last 4 digits change it seems... Link to comment Share on other sites More sharing options...
DW1 Posted July 31, 2007 Share Posted July 31, 2007 why does it have to be "S-1-5-21-3710774075-2757586091-1839342869-1190" ??? What are you trying to do. The key I gave you allows read/write... AutoIt3 Online Help Link to comment Share on other sites More sharing options...
DW1 Posted July 31, 2007 Share Posted July 31, 2007 (edited) the changes in HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs will be reflected in \HKEY_USERS\S-1-5-21-3710774075-2757586091-1839342869-1190\Software\Microsoft\Internet Explorer\TypedURLs and the other way around too EDIT: maybe I am missunderstanding Edited July 31, 2007 by danwilli AutoIt3 Online Help Link to comment Share on other sites More sharing options...
Ghost21 Posted July 31, 2007 Author Share Posted July 31, 2007 the changes in HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs will be reflected in \HKEY_USERS\S-1-5-21-3710774075-2757586091-1839342869-1190\Software\Microsoft\Internet Explorer\TypedURLsand the other way around tooEDIT: maybe I am missunderstandingOK I'm trying to read the \HKEY_USERS\S-1-5-21-3710774075-2757586091-1839342869-1190\Software\Microsoft\Internet Explorer\TypedURLskey because I can't see the local one on a remote machine.. but when I try it on a different machine the path changes.. from \HKEY_USERS\S-1-5-21-3710774075-2757586091-1839342869-1190\Software\Microsoft\Internet Explorer\TypedURLsto \HKEY_USERS\S-1-5-21-3710774075-2757586091-1839342869-????\Software\Microsoft\Internet Explorer\TypedURLshow can I get the last 4 digits ... without getting this key either S-1-5-21-3710774075-2757586091-1839342869-1274_Classes it has the stupid _Classes at the end.... Link to comment Share on other sites More sharing options...
DW1 Posted July 31, 2007 Share Posted July 31, 2007 hmm, I will look into it, but as of now I am no help... Sorry AutoIt3 Online Help Link to comment Share on other sites More sharing options...
qazwsx Posted July 31, 2007 Share Posted July 31, 2007 could you use question marks as the last 4 digits? Link to comment Share on other sites More sharing options...
DW1 Posted July 31, 2007 Share Posted July 31, 2007 the user number ID can be found here: HKEY_CURRENT_USER\Software\Microsoft\Protected Storage System Provider but still, if you have no access to HKEY_CURRENT_USER, it does you no good AutoIt3 Online Help Link to comment Share on other sites More sharing options...
DW1 Posted July 31, 2007 Share Posted July 31, 2007 FYI, its not always 4 digits AutoIt3 Online Help Link to comment Share on other sites More sharing options...
Ghost21 Posted July 31, 2007 Author Share Posted July 31, 2007 FYI, its not always 4 digitsoh great .... This is going to suck... can I stringlen or something like that and remove _classes and go left to the beggining to get the string ??? Link to comment Share on other sites More sharing options...
Ghost21 Posted July 31, 2007 Author Share Posted July 31, 2007 ISn't there a way to read * or search for everything in that line starting with ??? Can't regread do this ??? Link to comment Share on other sites More sharing options...
DW1 Posted July 31, 2007 Share Posted July 31, 2007 From Help File: It is possible to access remote registries by using a keyname in the form "\\computername\keyname". To use this feature you must have the correct access rights on NT/2000/XP/2003, or if you are using a 9x based OS the remote PC must have the remote registry service installed first (See Microsoft Knowledge Base Article - 141460). AutoIt3 Online Help Link to comment Share on other sites More sharing options...
WhiteSpace Posted August 1, 2007 Share Posted August 1, 2007 (edited) I'm trying to find this key on say 50 computers .. \HKEY_USERS\S-1-5-21-3710774075-2757586091-1839342869-1190\Software\Microsoft\Internet Explorer\TypedURLs The " S-1-5-21-3710774075-2757586091-1839342869-1190 " keeps changing on different pcs... can I regread with like an * or something like that ???/ Help please !!!! I had to do something similar to this a week ago but for Outlook keys. I'm sure this code is pretty drawn out and lengthy for what it does, but I am still learning and I did get it working. I hope this is remotely close to what you are looking for. Long live AutoIT For $z = 1 to 100 $Ivar = RegEnumKey("HKEY_USERS", $z) If @error <> 0 then ExitLoop If StringLeft($Ivar, 41) = "S-1-5-21-484763869-1708537768-1177238915-" Then $tempvar = StringRight($Ivar, 6) $tempvar = Number($tempvar) If $tempvar <> 0 then Call ("Continue") Next Func Continue () For $a = 1 to 100 $var = RegEnumKey("HKEY_USERS\S-1-5-21-484763869-1708537768-1177238915-" & $tempvar & "\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS MESSAGING SUBSYSTEM\PROFILES", $a) If @error <> 0 then ExitLoop For $b = 1 to 100 $var2 = RegEnumKey("HKEY_USERS\S-1-5-21-484763869-1708537768-1177238915-" & $tempvar & "\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS MESSAGING SUBSYSTEM\PROFILES" & "\" & $var, $b) If @error <> 0 then ExitLoop For $c = 1 to 100 $var3 = RegEnumVal("HKEY_USERS\S-1-5-21-484763869-1708537768-1177238915-" & $tempvar & "\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS MESSAGING SUBSYSTEM\PROFILES\" & $var & "\" & $var2, $c) If @error <> 0 then ExitLoop $var4 = RegRead("HKEY_USERS\S-1-5-21-484763869-1708537768-1177238915-" & $tempvar & "\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS MESSAGING SUBSYSTEM\PROFILES\" & $var & "\" & $var2 & "\", $var3) If StringInStr($var4,"oldserver") Then $tempvar2 = StringReplace($var4,"oldserver","newserver") RegWrite("HKEY_USERS\S-1-5-21-484763869-1708537768-1177238915-" & $tempvar & "\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS MESSAGING SUBSYSTEM\PROFILES\" & $var & "\" & $var2, $var3, "REG_SZ", $tempvar2) EndIf Next Next Next EndFunc Edited August 1, 2007 by WhiteSpace Link to comment Share on other sites More sharing options...
SkinnyWhiteGuy Posted August 1, 2007 Share Posted August 1, 2007 I'm not the brightest bulb in the pack by far, but couldn't you use a RegEnum function that I've seen around here on the HKEY_USERS key, and just go through them all, and then use string compares to find the exact one you need if there's more? But yeah, RegEnumKey or something similar should be able scan all Keys into an array that can be searched for the one you need, or just use them all in a loop to scan every key that may be right. Link to comment Share on other sites More sharing options...
wkain1 Posted August 1, 2007 Share Posted August 1, 2007 (edited) Here is a program that I made to grab the SID of a local user on the computer. You could just as easily replace @Computername with the name of the computer you want to grab the information. Hope you find it helpful. expandcollapse popup#NoTrayIcon ;Create a Com error handler $oMyError = ObjEvent("AutoIt.Error", "ErrorHandler") $UsernameFound = False If $CmdLine[0] = 0 Or $CmdLine[0] >= 3 Then MsgBox(16, "Usage", "Usage: " & @ScriptName & " /USER=Username" & @CRLF & _ "Place the username on commandline which you want to get their SID") ElseIf $CmdLine[0] = 1 Then If StringInStr(StringUpper($CmdLine[1]), "/USER=") Then FindSid() Else MsgBox(16, "Usage", "Usage: " & @ScriptName & " /USER=Username" & @CRLF & _ "Place the username on commandline which you want to get their SID") Exit EndIf ElseIf $CmdLine[0] = 2 Then If StringUpper($CmdLine[1]) = "/S" Or StringUpper($CmdLine[2]) = "/S" Or StringInStr(StringUpper($CmdLine[1]), "/USER=") Or StringInStr(StringUpper($CmdLine[2]), "/USER=") Then FindSid() EndIf EndIf Func FindSid() $Username = StringSplit($CmdLine[1], "=") If @error Then $Username = StringSplit($CmdLine[2], "=") EndIf $objWMIService = ObjGet("winmgmts:\\" & @ComputerName & "\root\cimv2") $colAccount = $objWMIService.ExecQuery ("Select * FROM Win32_Group where LocalAccount = 'True'") For $objGroup In $colAccount $oGroup = ObjGet("WinNT://" & @ComputerName & "/" & $objGroup.Name) For $oUserGroup In $oGroup.Members If StringLower($oUserGroup.Name) = StringLower($Username[2]) Then $UsernameFound = True EndIf Next Next If $UsernameFound Then $objWMIService = ObjGet("winmgmts:\\" & @ComputerName & "\root\cimv2") $colAccount = $objWMIService.ExecQuery ("Select Name,SID from Win32_UserAccount where name = '" & $Username[2] & "'") For $objAccount in $colAccount If $objAccount.Name = $Username[2] Then RegWrite("HKEY_LOCAL_MACHINE\Software\GFS\SID", $Username[2], "REG_SZ", $objAccount.SID) ExitLoop EndIf Next ;if registry key exists then export reg exists to registry $var = RegEnumKey("HKEY_USERS\" & $objAccount.SID, 1) If @error <> 0 Then RegWrite("HKEY_LOCAL_MACHINE\Software\GFS\SID", "RegExists", "REG_SZ", False) Exit Else RegWrite("HKEY_LOCAL_MACHINE\Software\GFS\SID", "RegExists", "REG_SZ", True) EndIf Else If Not StringInStr($CmdLineRaw, "/s") Then MsgBox(16, "Username not found", "The username " & $Username[2] & " was not found on the computer.") EndIf EndIf EndFunc Func ErrorHandler() If Not StringInStr($CmdLineRaw, "/s") Then $HexNumber = Hex($oMyError.number, 8) Msgbox(16, "Error", "There was an error." & @CRLF & @CRLF & _ "Error description is: " & @TAB & $oMyError.description & @CRLF & _ "Error number is: " & @TAB & $HexNumber & @CRLF & _ "Error scriptline is: " & @TAB & $oMyError.scriptline & @CRLF) Exit EndIf Endfunc Edited August 1, 2007 by wkain1 Link to comment Share on other sites More sharing options...
nikink Posted August 1, 2007 Share Posted August 1, 2007 When I've had to change certain settings for multiple profiles on a machine, I had to put together a script that loaded each userhive, made the changes, unloaded the hive. I could prolly find the script if you want to have a look and if it's relevant to what you want...? Link to comment Share on other sites More sharing options...
Ghost21 Posted August 1, 2007 Author Share Posted August 1, 2007 When I've had to change certain settings for multiple profiles on a machine, I had to put together a script that loaded each userhive, made the changes, unloaded the hive. I could prolly find the script if you want to have a look and if it's relevant to what you want...?This frekin crazy... Why can't there be something in reg read that you can put in ?/? Link to comment Share on other sites More sharing options...
nikink Posted August 2, 2007 Share Posted August 2, 2007 Alas, Windows doesn't work that way. If a user is not logged on, their particular Hive is not loaded (saves memory and is more secure I guess). So if you want to make changes to their Hive, you need to load it first. Link to comment Share on other sites More sharing options...
tAKTelapis Posted August 2, 2007 Share Posted August 2, 2007 Its rather simple really, as a security feature against remotely changing settings for the currently logged on user M$ obviously found it pertinent to disable access to the HKEY_CURRENT_USER branch of the registry remotely. HOWEVER, if you access the HKEY_USERS branch of the registry remotely, followed by the key that is named after the SID of the currently logged on user, you can see and manipulate any items you wish. the answer lies in using a modified version of the code that wkain1 posted (have no time to modify it atm, but i can see how easy it would be) and the pseudo code goes something like this: feed your script the PCname to get registry of pass name onto the GetSID function, along with the name of the currently logged on user (there is a way to get this via WMI aswell, will post VBS later if wanted) Once the SID is returned, go ahead and access the following registry key: HK_USERS\$UserSID\Whatever\Key\You\Want\to\read That should pretty much cover it, i was looking at this as a way of disabling the proxy of a user on the fly to disable internet access, seeing as the users do not have access to enable / disable it via the tools menu in IE, however the noted flaw in the plan was that a user could simply logon and then back off, thus resetting the proxy via logon scripts.. still, an effective means of manipulating data, such as visited URLs in the way the OP wanted, i have been investigating many ways to develop the idea of having access to the users remote registry and this is worth looking into. My major issue so far, has been my lacking of understanding in the way that Au3 operates with WMI calls, as i did not have a VBS and an Au3 script to compare, now with the example that Wkain1 has provided, i might make some headway in that department. That about does it for my long winded rant, hope there was some useful info in that. /tAK Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now