Jump to content

Registrey Keys

Ghost21
 Share

Recommended Posts

Ghost21 Universalist

Ghost21

Posted
  • Author
Posted

Its rather simple really, as a security feature against remotely changing settings for the currently logged on user M$ obviously found it pertinent to disable access to the HKEY_CURRENT_USER branch of the registry remotely.

HOWEVER, if you access the HKEY_USERS branch of the registry remotely, followed by the key that is named after the SID of the currently logged on user, you can see and manipulate any items you wish. the answer lies in using a modified version of the code that wkain1 posted (have no time to modify it atm, but i can see how easy it would be) and the pseudo code goes something like this:

feed your script the PCname to get registry of

pass name onto the GetSID function, along with the name of the currently logged on user (there is a way to get this via WMI aswell, will post VBS later if wanted)

Once the SID is returned, go ahead and access the following registry key:

HK_USERS\$UserSID\Whatever\Key\You\Want\to\read

That should pretty much cover it, i was looking at this as a way of disabling the proxy of a user on the fly to disable internet access, seeing as the users do not have access to enable / disable it via the tools menu in IE, however the noted flaw in the plan was that a user could simply logon and then back off, thus resetting the proxy via logon scripts.. still, an effective means of manipulating data, such as visited URLs in the way the OP wanted, i have been investigating many ways to develop the idea of having access to the users remote registry and this is worth looking into.

My major issue so far, has been my lacking of understanding in the way that Au3 operates with WMI calls, as i did not have a VBS and an Au3 script to compare, now with the example that Wkain1 has provided, i might make some headway in that department.

That about does it for my long winded rant, hope there was some useful info in that.

/tAK

Wow that was a great rant.... but the issue is the $usersid it is always changing . I can get it to work you sweet ass on a single computer but when I try it say on multi computers ... cause the thing keeps changing...

I'm going to look at this scriptomatic program but not quite sure if that will do the trick...

wkain1 Seeker

wkain1

Posted
Posted

That is why tAKTelapis said a modified script should do it. Thinking more about it the fastest and easiest way would be to do something like the below code. Will have to add the computers to the array.

#include "Array.au3"

Dim $Urls[1]
Dim $Computers[3] = ["Computer1", "Computer2", "Computer3"]
For $i = 0 To UBound($Computers) - 1
    $j = 1
    While 1
        $Sid = RegEnumKey("\\" & $Computers[$i] & "\HKEY_USERS", $j)
        If @error Then ExitLoop
        If Not StringInStr($Sid, "S-1-5-18") And Not StringInStr($Sid, "S-1-5-19") And Not StringInStr($Sid, "S-1-5-20") Then
            $k = 1
            While 1
                $RegValue = RegEnumVal("\\" & $Computers[$i] & "\HKEY_USERS\" & $Sid & "\Software\Microsoft\Internet Explorer\TypedUrls", $k)
                $Value = RegRead("\\" & $Computers[$i] & "\HKEY_USERS\" & $Sid & "\Software\Microsoft\Internet Explorer\TypedUrls", $RegValue)
                If @error Then ExitLoop
                _ArrayAdd($Urls, $Computers[$i] & "," & $Value)
                $k = $k + 1
            WEnd
        EndIf
        $j = $j + 1
    WEnd
Next

_ArrayDisplay($Urls, "Test url")

This would grab all of the url's of all of the logged on users. I am not looking at S-1-15-18, S-1-15-19, and S-1-15-20 because these are system users.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...