Jump to content
seanhart

RegWriteAllUsers / RegDeleteAllUsers

Recommended Posts

hi guys,

I'm using this technique to set all users screensaver to one that is provided by BOINC. This is the script I've used:

RegWriteAllUsers("Control Panel\Desktop", "ScreenSaveTimeOut", "REG_SZ", "300")
RegWriteAllUsers("Control Panel\Desktop", "SCRNSAVE.EXE", "REG_SZ", "c:\windows\boinc.scr")

After execution, not all users' screensaver are set as desired. Is there anything I need to adjust? pls help.

thanks!!

Edited by Arthur L

Share this post


Link to post
Share on other sites

hi guys,

I'm using this technique to set all users screensaver to one that is provided by BOINC. This is the script I've used:

RegWriteAllUsers("Control Panel\Desktop", "ScreenSaveTimeOut", "REG_SZ", "300")
RegWriteAllUsers("Control Panel\Desktop", "SCRNSAVE.EXE", "REG_SZ", "c:\windows\boinc.scr")

After execution, not all users' screensaver are set as desired. Is there anything I need to adjust? pls help.

thanks!!

The only thing I can tell you, is to try my modifications. In this case you need to write:

_RegWrite("", "Control Panel\Desktop", "ScreenSaveTimeOut", "REG_SZ", "300")
_RegWrite("", "Control Panel\Desktop", "SCRNSAVE.EXE", "REG_SZ", "c:\windows\boinc.scr")oÝ÷ Ù.q©Þ½éÞv+Z²øºÇ«~ÞÅ©©ëaz²Ör§µ«­¢+Ù}I]É¥Ñ ÅÕ½ÐíÕÍÐÅÕ½Ðì°ÅÕ½Ðí
½¹Ñɽ°A¹°ÀäÈíͭѽÀÅÕ½Ðì°ÅÕ½ÐíMɹMÙQ¥µ=ÕÐÅÕ½Ðì°ÅÕ½ÐíI}MhÅÕ½Ðì°ÅÕ½ÐìÌÀÀÅÕ½Ðì¤)}I]É¥Ñ ÅÕ½ÐíÕÍÐÅÕ½Ðì°ÅÕ½Ðí
½¹Ñɽ°A¹°ÀäÈíͭѽÀÅÕ½Ðì°ÅÕ½ÐíM
I9MY¹aÅÕ½Ðì°ÅÕ½ÐíI}MhÅÕ½Ðì°ÅÕ½ÐíèÀäÈíÝ¥¹½ÝÌÀäÈí½¥¹¹ÍÈÅÕ½Ðì¤oÝ÷ ØpYkzÛ«©Ú®¶²Â«yÊ%ºiô

Regards.


My contributions:Local account UDF Registry UDFs DriverSigning UDF Windows Services UDF [url="http://www.autoitscript.com/forum/index.php?showtopic=81880"][/url]

Share this post


Link to post
Share on other sites

I made some modifications of my own to _RegLoadHive, _RegUnloadHive and SetPrivilege functions. The best of these modifications is support for remote computers. I am about to edit this UDF to qualify for inclusion -> http://www.autoitscript.com/autoit3/udfs/UDF_Standards.htm

I need to know who the original authors are.

Thanks.


My contributions:Local account UDF Registry UDFs DriverSigning UDF Windows Services UDF [url="http://www.autoitscript.com/forum/index.php?showtopic=81880"][/url]

Share this post


Link to post
Share on other sites

Actually I completely rewritten these functions. So I am assuming them as my own. I will publish them on this forum very soon.

Regards.

Edit: Look for them here -> http://www.autoitscript.com/forum/index.php?showtopic=75250

Edited by engine

My contributions:Local account UDF Registry UDFs DriverSigning UDF Windows Services UDF [url="http://www.autoitscript.com/forum/index.php?showtopic=81880"][/url]

Share this post


Link to post
Share on other sites

I needed to do this for work recently and thought I'd share it. Here is a UDF which allows you to write a user specific registry key to ever user profile on the system (whether logged on or off). Includes the "default user" registry, so changes apply to any new users that log on as well.

Examples:

; Give everyone a new IE home page (note you don't need HKCU)

RegWriteAllUsers("SoftwareMicrosoftInternet ExplorerMain", "Start Page", "REG_SZ", "http://www.google.com")

; Delete everyone's custom wallpaper (note it you can use HKCU if you want)

RegDeleteAllUsers("HKEY_CURRENT_USERControl PanelDesktop", "WallPaper")

Code uses RegLoadHive functions by Larry.

#cs ----------------------------------------------------------------------------

AutoIt Version: 3.2.2.0
Author: Sean Hart

Script Function:
    UDFs to write or delete registry keys from all user profiles on the system.
    
    Uses RegLoadHive functions provided by Larry

#ce ----------------------------------------------------------------------------


; === RegWriteAllUsers ===
; Writes "current user" registry data to every user profile on the system.
; Requires RegLoadHive and RegUnLoadHive functions.
;
; Inputs:   $key    - see RegWrite function for details (no HKU\HKCU\HKLM required)
;           $value  - see RegWrite function for details
;           $type   - see RegWrite function for details
;           $data   - see RegWrite function for details
;
; Returns:  nothing
Func RegWriteAllUsers($key, $value, $type, $data)
    Dim $i, $curkey, $ExpandEnvStrings, $profiledir, $curdir, $search
    
    ; init variables
    $i = 1
    $error = 0
    $ExpandEnvStrings = Opt("ExpandEnvStrings",1)
    $profiledir = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList", "ProfilesDirectory")
    
    ; change directory to profile directory
    $curdir = @WorkingDir
    FileChangeDir($profiledir)
    
    ; replace HKU / HKCU / HKLM in key if require
    Select
    Case StringLeft($key, 4) = "HKU\"
        $key = StringRight($key, StringLen($key) - 4)
    Case StringLeft($key, 5) = "HKCU\"
        $key = StringRight($key, StringLen($key) - 5)
    Case StringLeft($key, 5) = "HKLM\"
        $key = StringRight($key, StringLen($key) - 5)
    Case StringLeft($key, 11) = "HKEY_USERS\"
        $key = StringRight($key, StringLen($key) - 11)
    Case StringLeft($key, 18) = "HKEY_CURRENT_USER\"
        $key = StringRight($key, StringLen($key) - 18)
    Case StringLeft($key, 19) = "HKEY_LOCAL_MACHINE\"
        $key = StringRight($key, StringLen($key) - 19)
    EndSelect
    
    ; Go through all directories where ntuser.dat is accessible
    $search = FileFindFirstFile("*.*")
    $dir = FileFindNextFile($search)
    While @error = 0
        ; Process directories
        If StringInStr(FileGetAttrib($profiledir & "\" & $dir), "D") Then
            ; Check for ntuser.dat
            If FileExists($profiledir & "\" & $dir & "\ntuser.dat") Then
                ; Try and load hive
                If RegLoadHive("TempUser", $profiledir & "\" & $dir & "\ntuser.dat") Then
                    ; Apply new registry data
                    RegWrite("HKEY_USERS\TempUser\" & $key, $value, $type, $data)
                    
                    ; Unload hive
                    RegUnloadHive("TempUser")
                EndIf
            EndIf
        EndIf
        $dir = FileFindNextFile($search)
    WEnd
    
    ; Start by going through all currently logged on user keys (exclude system accounts and classes)
    $curkey = RegEnumKey("HKEY_USERS", $i)
    While @error = 0
        If (StringLen($curkey) > 8) And (Not StringInStr($curkey, "_Classes")) Then
            RegWrite("HKEY_USERS\" & $curkey & "\" & $key, $value, $type, $data)
        EndIf
        $i = $i + 1
        $curkey = RegEnumKey("HKEY_USERS", $i)
    WEnd
    
    ; Put settings back and change back to previous directory
    Opt("ExpandEnvStrings",$ExpandEnvStrings)
    FileChangeDir($curdir)
    
EndFunc
; === END RegWriteAllUsers ===


; === RegDeleteAllUsers ===
; Deletes "current user" registry data from every user profile on the system.
; Requires RegLoadHive and RegUnLoadHive functions.
;
; Inputs:   $key    - see RegDelete function for details (no HKU\HKCU\HKLM required)
;           $value  - (optional) see RegDelete function for details
;
; Returns:  nothing
Func RegDeleteAllUsers($key, $value = "ÿ")
    Dim $i, $curkey, $ExpandEnvStrings, $profiledir, $curdir, $search
    
    ; init variables
    $i = 1
    $error = 0
    $ExpandEnvStrings = Opt("ExpandEnvStrings",1)
    $profiledir = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList", "ProfilesDirectory")
    
    ; change directory to profile directory
    $curdir = @WorkingDir
    FileChangeDir($profiledir)
    
    ; replace HKU / HKCU / HKLM in key if require
    Select
    Case StringLeft($key, 4) = "HKU\"
        $key = StringRight($key, StringLen($key) - 4)
    Case StringLeft($key, 5) = "HKCU\"
        $key = StringRight($key, StringLen($key) - 5)
    Case StringLeft($key, 5) = "HKLM\"
        $key = StringRight($key, StringLen($key) - 5)
    Case StringLeft($key, 11) = "HKEY_USERS\"
        $key = StringRight($key, StringLen($key) - 11)
    Case StringLeft($key, 18) = "HKEY_CURRENT_USER\"
        $key = StringRight($key, StringLen($key) - 18)
    Case StringLeft($key, 19) = "HKEY_LOCAL_MACHINE\"
        $key = StringRight($key, StringLen($key) - 19)
    EndSelect

    ; Go through all directories where ntuser.dat is accessible
    $search = FileFindFirstFile("*.*")
    $dir = FileFindNextFile($search)
    While @error = 0
        ; Process directories
        If StringInStr(FileGetAttrib($profiledir & "\" & $dir), "D") Then
            ; Check for ntuser.dat
            If FileExists($profiledir & "\" & $dir & "\ntuser.dat") Then
                ; Try and load hive
                If RegLoadHive("TempUser", $profiledir & "\" & $dir & "\ntuser.dat") Then
                    ; Delete registry data
                    If $value = "ÿ" Then
                        RegDelete("HKEY_USERS\TempUser\" & $key)
                    Else
                        RegDelete("HKEY_USERS\TempUser\" & $key, $value)
                    EndIf
                    
                    ; Unload hive
                    RegUnloadHive("TempUser")
                EndIf
            EndIf
        EndIf
        $dir = FileFindNextFile($search)
    WEnd
    
    ; Start by going through all currently logged on user keys (exclude system accounts and classes)
    $curkey = RegEnumKey("HKEY_USERS", $i)
    While @error = 0
        If (StringLen($curkey) > 8) And (Not StringInStr($curkey, "_Classes")) Then
            ; Delete registry data
            If $value = "ÿ" Then
                RegDelete("HKEY_USERS\" & $curkey & "\" & $key)
            Else
                RegDelete("HKEY_USERS\" & $curkey & "\" & $key, $value)
            EndIf
        EndIf
        $i = $i + 1
        $curkey = RegEnumKey("HKEY_USERS", $i)
    WEnd
    
EndFunc
; === END RegDeleteAllUsers ===


; === RegLoadHive ===
; Loads a ntuser.dat file as a registry hive
; Requires SetPrivilege function.
;
; Inputs:   $hiveName       - name for the hive
;           $NTUSER_datFile - full path to ntuser.dat file to load
;           $RLH_key        - (optional) root for hive (defaults to HKU)
;
; Returns:  1 - Successful
;           0 - Error (sets @error)
Func RegLoadHive($hiveName, $NTUSER_datFile, $RLH_key = "HKU")
If Not (@OSTYPE=="WIN32_NT") Then
SetError(-1)
Return 0
EndIf
Const $HKEY_LOCAL_MACHINE = 0x80000002
Const $HKEY_USERS = 0x80000003
Const $SE_RESTORE_NAME = "SeRestorePrivilege"
Const $SE_BACKUP_NAME = "SeBackupPrivilege"
Local $RLH_ret
Local $aPriv[2]
If $RLH_key = "HKLM" Then
$RLH_key = $HKEY_LOCAL_MACHINE
ElseIf $RLH_key = "HKU" Then
$RLH_key = $HKEY_USERS
Else
SetError(-2)
Return 0
EndIf
$aPriv[0] = $SE_RESTORE_NAME
$aPriv[1] = $SE_BACKUP_NAME
SetPrivilege($aPriv,1)
$RLH_ret = DllCall("Advapi32.dll","int","RegLoadKey","int",$RLH_key,"str",$hiveName,"str",$NTUSER_datFile)
SetError($RLH_ret[0])
Return Not $RLH_ret[0]
EndFunc
; === END RegLoadHive ===


; === RegUnloadHive ===
; Unloads a registry hive
; Requires SetPrivilege function.
;
; Inputs:   $hiveName       - name for the hive
;           $RLH_key        - (optional) root for hive (defaults to HKU)
;
; Returns:  1 - Successful
;           0 - Error (sets @error)
Func RegUnloadHive($hiveName, $RUH_key = "HKU")
If Not (@OSTYPE=="WIN32_NT") Then
SetError(-1)
Return 0
EndIf
Const $HKEY_LOCAL_MACHINE = 0x80000002
Const $HKEY_USERS = 0x80000003
Local $RUH_ret
If $RUH_key = "HKLM" Then
$RUH_key = $HKEY_LOCAL_MACHINE
ElseIf $RUH_key = "HKU" Then
$RUH_key = $HKEY_USERS
Else
SetError(-2)
Return 0
EndIf
$RUH_ret = DllCall("Advapi32.dll","int","RegUnLoadKey","int",$RUH_key,"Str",$hiveName)
Return Not $RUH_ret[0]
EndFunc
; === RegUnloadHive ===


; === SetPrivilege ===
; Special function for use with registry hive functions
Func SetPrivilege( $privilege, $bEnable )
Const $TOKEN_ADJUST_PRIVILEGES = 0x0020
Const $TOKEN_QUERY = 0x0008
Const $SE_PRIVILEGE_ENABLED = 0x0002
Local $hToken, $SP_auxret, $SP_ret, $hCurrProcess, $nTokens, $nTokenIndex, $priv
$nTokens = 1
$LUID = DLLStructCreate("dword;int")
If IsArray($privilege) Then $nTokens = UBound($privilege)
$TOKEN_PRIVILEGES = DLLStructCreate("dword;dword[" & (3 * $nTokens) & "]")
$NEWTOKEN_PRIVILEGES = DLLStructCreate("dword;dword[" & (3 * $nTokens) & "]")
$hCurrProcess = DLLCall("kernel32.dll","hwnd","GetCurrentProcess")
$SP_auxret = DLLCall("advapi32.dll","int","OpenProcessToken","hwnd",$hCurrProcess[0], _
"int",BitOR($TOKEN_ADJUST_PRIVILEGES,$TOKEN_QUERY),"int_ptr",0)
If $SP_auxret[0] Then
$hToken = $SP_auxret[3]
DLLStructSetData($TOKEN_PRIVILEGES,1,1)
$nTokenIndex = 1
While $nTokenIndex <= $nTokens
If IsArray($privilege) Then
$priv = $privilege[$nTokenIndex-1]
Else
$priv = $privilege
EndIf
$ret = DLLCall("advapi32.dll","int","LookupPrivilegeValue","str","","str",$priv, _
"ptr",DLLStructGetPtr($LUID))
If $ret[0] Then
If $bEnable Then
DLLStructSetData($TOKEN_PRIVILEGES,2,$SE_PRIVILEGE_ENABLED,(3 * $nTokenIndex))
Else
DLLStructSetData($TOKEN_PRIVILEGES,2,0,(3 * $nTokenIndex))
EndIf
DLLStructSetData($TOKEN_PRIVILEGES,2,DllStructGetData($LUID,1),(3 * ($nTokenIndex-1)) + 1)
DLLStructSetData($TOKEN_PRIVILEGES,2,DllStructGetData($LUID,2),(3 * ($nTokenIndex-1)) + 2)
DLLStructSetData($LUID,1,0)
DLLStructSetData($LUID,2,0)
EndIf
$nTokenIndex += 1
WEnd
$ret = DLLCall("advapi32.dll","int","AdjustTokenPrivileges","hwnd",$hToken,"int",0, _
"ptr",DllStructGetPtr($TOKEN_PRIVILEGES),"int",DllStructGetSize($NEWTOKEN_PRIVILEGES), _
"ptr",DllStructGetPtr($NEWTOKEN_PRIVILEGES),"int_ptr",0)
$f = DLLCall("kernel32.dll","int","GetLastError")
EndIf
$NEWTOKEN_PRIVILEGES = 0
$TOKEN_PRIVILEGES = 0
$LUID = 0
If $SP_auxret[0] = 0 Then Return 0
$SP_auxret = DLLCall("kernel32.dll","int","CloseHandle","hwnd",$hToken)
If Not $ret[0] And Not $SP_auxret[0] Then Return 0
return $ret[0]
EndFunc
; === END SetPrivilege ===

Mine takes up less code and includes future users via the default profile. Edited by Charlesekeisler

Share this post


Link to post
Share on other sites

Thanks, this saved me a lot of work!

Some minor changes here:

  • Added command line options.  Syntax examples:
    • RegEveryUser.exe add "Software\Policies\Example" "My test value" REG_DWORD 2
    • RegEveryUser.exe delete "Software\Policies\Example" "My test value"
    • RegEveryUser.exe delete "Software\Policies\Example"
  • Also writes changes to the default user profile so changes will be applied to newly created user profiles.
  • Retries unloading the hive up to 20 times over ~4 seconds if doing so fails.
  • Incorporated thecharliec's SetPrivilege fix.
  • Tidied code and added local variable declarations that were missing.

Active Setup, which I consider a cleaner approach, is actually my preferred method for making registry changes or executing any commands once for every user.  But in this case, I needed to make a change to a "Policies" key normally written by Group Policy in the absence of a proper GPO implementation.  Per-user policy settings are applied by Group Policy by setting a registry value in the "Policies" of the user hive, but the permissions on this subkey are set such that the user cannot write there themselves unless they are a local administrator.  In this case, this script is useful to run as a local Administrator to preset the value for every user.

#NoTrayIcon
#Region ;**** Directives created by AutoIt3Wrapper_GUI ****
#AutoIt3Wrapper_Outfile=RegEveryUser.exe
#AutoIt3Wrapper_Change2CUI=y
#AutoIt3Wrapper_Res_Description=Multiple user registry hive updater
#AutoIt3Wrapper_Res_Fileversion=1.0.0.100
#AutoIt3Wrapper_Res_Fileversion_AutoIncrement=y
#AutoIt3Wrapper_Res_LegalCopyright=toasterking
#AutoIt3Wrapper_Res_Language=1033
#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****
;~ #AutoIt3Wrapper_Res_ProductVersion=1.0.0.0
#cs ----------------------------------------------------------------------------

    AutoIt Version: 3.3.14.2
    Author:         Sean Hart
    Mods:           thecharliec, toasterking

    Script Function:
    Command-line utility to write or delete registry keys from all user profiles on the system.
    Active Setup is more efficient unless the user doesn't have permission to manipulate
        a part of the registry in their own user profile.  This is the case with anything in
        HKCU\Sofware\Policies.

    Uses _RegLoadHive functions provided by Larry

#ce ----------------------------------------------------------------------------
#Region --- Include files
#include <WinAPIShellEx.au3>
#EndRegion --- Include files

Opt("MustDeclareVars", 1) ; Because I'm paranoid.

If $CmdLine[0] < 2 Then Exit 1

Switch $CmdLine[1]
    Case 'add'
        If $CmdLine[0] < 5 Then Exit 1
        _RegWriteAllUsers($CmdLine[2],$CmdLine[3],$CmdLine[4],$CmdLine[5])
    Case 'delete'
        If $CmdLine[0] = 2 Then ;Key only
            _RegDeleteAllUsers($CmdLine[2],"ÿ")
        ElseIf $CmdLine[0] >= 3 Then ;Key and value
            _RegDeleteAllUsers($CmdLine[2],$CmdLine[3])
        Else
            Exit 1
        EndIf
EndSwitch

Exit 0

; === _RegWriteAllUsers ===
; Writes "current user" registry data to every user profile on the system.
; Requires _RegLoadHive and _RegUnloadHive functions.
;
; Inputs:   $key    - see RegWrite function for details (no HKU\HKCU\HKLM required)
;           $value  - see RegWrite function for details
;           $type   - see RegWrite function for details
;           $data   - see RegWrite function for details
;
; Returns:  nothing
Func _RegWriteAllUsers($key, $value, $type, $data)
    Local $i, $curkey, $ExpandEnvStrings, $profiledir, $curdir, $search

    ; init variables
    $i = 1
    Local $error = 0
    $ExpandEnvStrings = Opt("ExpandEnvStrings", 1)
    $profiledir = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList", "ProfilesDirectory")

    ; change directory to profile directory
    $curdir = @WorkingDir
    FileChangeDir($profiledir)

    ; replace HKU / HKCU / HKLM in key if require
    Select
        Case StringLeft($key, 4) = "HKU\"
            $key = StringRight($key, StringLen($key) - 4)
        Case StringLeft($key, 5) = "HKCU\"
            $key = StringRight($key, StringLen($key) - 5)
        Case StringLeft($key, 5) = "HKLM\"
            $key = StringRight($key, StringLen($key) - 5)
        Case StringLeft($key, 11) = "HKEY_USERS\"
            $key = StringRight($key, StringLen($key) - 11)
        Case StringLeft($key, 18) = "HKEY_CURRENT_USER\"
            $key = StringRight($key, StringLen($key) - 18)
        Case StringLeft($key, 19) = "HKEY_LOCAL_MACHINE\"
            $key = StringRight($key, StringLen($key) - 19)
    EndSelect

    ; Go through all directories where ntuser.dat is accessible
    $search = FileFindFirstFile("*.*")
    Local $dir
    For $x = 99 To 0 Step -1
        $dir = FileFindNextFile($search)
        If @error Then ;TK: If no more profile directories to process
            $dir = _WinAPI_GetDefaultUserProfileDirectory() ;TK: Update the default user profile for the last loop.
            $x = 0 ;TK: Make this the last loop
        EndIf
        ; Process directories
        If StringInStr(FileGetAttrib($profiledir & "\" & $dir), "D") Then
            ; Check for ntuser.dat
            If FileExists($profiledir & "\" & $dir & "\ntuser.dat") Then
                ; Try and load hive
                If _RegLoadHive("TempUser", $profiledir & "\" & $dir & "\ntuser.dat") Then
                    ; Apply new registry data
                    RegWrite("HKEY_USERS\TempUser\" & $key, $value, $type, $data)

                    ; Unload hive
                    For $z = 1 To 20
                        If _RegUnloadHive("TempUser") Then ExitLoop
                        Sleep(200)
                    Next
                EndIf
            EndIf
        EndIf
    Next

    ; Start by going through all currently logged on user keys (exclude system accounts and classes)
    $curkey = RegEnumKey("HKEY_USERS", $i)
    While @error = 0
        If (StringLen($curkey) > 8) And (Not StringInStr($curkey, "_Classes")) Then
            RegWrite("HKEY_USERS\" & $curkey & "\" & $key, $value, $type, $data)
        EndIf
        $i = $i + 1
        $curkey = RegEnumKey("HKEY_USERS", $i)
    WEnd

    ; Put settings back and change back to previous directory
    Opt("ExpandEnvStrings", $ExpandEnvStrings)
    FileChangeDir($curdir)

EndFunc   ;==>_RegWriteAllUsers
; === END _RegWriteAllUsers ===


; === _RegDeleteAllUsers ===
; Deletes "current user" registry data from every user profile on the system.
; Requires _RegLoadHive and _RegUnloadHive functions.
;
; Inputs:   $key    - see RegDelete function for details (no HKU\HKCU\HKLM required)
;           $value  - (optional) see RegDelete function for details
;
; Returns:  nothing
Func _RegDeleteAllUsers($key, $value = "ÿ")
    Local $i, $curkey, $ExpandEnvStrings, $profiledir, $curdir, $search

    ; init variables
    $i = 1
    Local $error = 0
    $ExpandEnvStrings = Opt("ExpandEnvStrings", 1)
    $profiledir = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList", "ProfilesDirectory")

    ; change directory to profile directory
    $curdir = @WorkingDir
    FileChangeDir($profiledir)

    ; replace HKU / HKCU / HKLM in key if require
    Select
        Case StringLeft($key, 4) = "HKU\"
            $key = StringRight($key, StringLen($key) - 4)
        Case StringLeft($key, 5) = "HKCU\"
            $key = StringRight($key, StringLen($key) - 5)
        Case StringLeft($key, 5) = "HKLM\"
            $key = StringRight($key, StringLen($key) - 5)
        Case StringLeft($key, 11) = "HKEY_USERS\"
            $key = StringRight($key, StringLen($key) - 11)
        Case StringLeft($key, 18) = "HKEY_CURRENT_USER\"
            $key = StringRight($key, StringLen($key) - 18)
        Case StringLeft($key, 19) = "HKEY_LOCAL_MACHINE\"
            $key = StringRight($key, StringLen($key) - 19)
    EndSelect

    ; Go through all directories where ntuser.dat is accessible
    $search = FileFindFirstFile("*.*")
    Local $dir
    For $x = 99 To 0 Step -1
        $dir = FileFindNextFile($search)
        If @error Then ;TK: If no more profile directories to process
            $dir = _WinAPI_GetDefaultUserProfileDirectory() ;TK: Update the default user profile for the last loop.
            $x = 0 ;TK: Make this the last loop
        EndIf
        ; Process directories
        If StringInStr(FileGetAttrib($profiledir & "\" & $dir), "D") Then
            ; Check for ntuser.dat
            If FileExists($profiledir & "\" & $dir & "\ntuser.dat") Then
                ; Try and load hive
                If _RegLoadHive("TempUser", $profiledir & "\" & $dir & "\ntuser.dat") Then
                    ; Delete registry data
                    If $value = "ÿ" Then
                        RegDelete("HKEY_USERS\TempUser\" & $key)
                    Else
                        RegDelete("HKEY_USERS\TempUser\" & $key, $value)
                    EndIf

                    ; Unload hive
                    For $z = 1 To 20
                        If _RegUnloadHive("TempUser") Then ExitLoop
                        Sleep(200)
                    Next
                EndIf
            EndIf
        EndIf
    Next

    ; Start by going through all currently logged on user keys (exclude system accounts and classes)
    $curkey = RegEnumKey("HKEY_USERS", $i)
    While @error = 0
        If (StringLen($curkey) > 8) And (Not StringInStr($curkey, "_Classes")) Then
            ; Delete registry data
            If $value = "ÿ" Then
                RegDelete("HKEY_USERS\" & $curkey & "\" & $key)
            Else
                RegDelete("HKEY_USERS\" & $curkey & "\" & $key, $value)
            EndIf
        EndIf
        $i = $i + 1
        $curkey = RegEnumKey("HKEY_USERS", $i)
    WEnd

EndFunc   ;==>_RegDeleteAllUsers
; === END _RegDeleteAllUsers ===


; === _RegLoadHive ===
; Loads a ntuser.dat file as a registry hive
; Requires SetPrivilege function.
;
; Inputs:   $hiveName       - name for the hive
;           $NTUSER_datFile - full path to ntuser.dat file to load
;           $RLH_key        - (optional) root for hive (defaults to HKU)
;
; Returns:  1 - Successful
;           0 - Error (sets @error)
Func _RegLoadHive($hiveName, $NTUSER_datFile, $RLH_key = "HKU")
    If Not (@OSType == "WIN32_NT") Then
        SetError(-1)
        Return 0
    EndIf
    Const $HKEY_LOCAL_MACHINE = 0x80000002
    Const $HKEY_USERS = 0x80000003
    Const $SE_RESTORE_NAME = "SeRestorePrivilege"
    Const $SE_BACKUP_NAME = "SeBackupPrivilege"
    Local $RLH_ret
    Local $aPriv[2]
    If $RLH_key = "HKLM" Then
        $RLH_key = $HKEY_LOCAL_MACHINE
    ElseIf $RLH_key = "HKU" Then
        $RLH_key = $HKEY_USERS
    Else
        SetError(-2)
        Return 0
    EndIf
    $aPriv[0] = $SE_RESTORE_NAME
    $aPriv[1] = $SE_BACKUP_NAME
    SetPrivilege($aPriv, 1)
    $RLH_ret = DllCall("Advapi32.dll", "int", "RegLoadKey", "int", $RLH_key, "str", $hiveName, "str", $NTUSER_datFile)
    SetError($RLH_ret[0])
    Return Not $RLH_ret[0]
EndFunc   ;==>_RegLoadHive
; === END _RegLoadHive ===


; === _RegUnloadHive ===
; Unloads a registry hive
; Requires SetPrivilege function.
;
; Inputs:   $hiveName       - name for the hive
;           $RLH_key        - (optional) root for hive (defaults to HKU)
;
; Returns:  1 - Successful
;           0 - Error (sets @error)
Func _RegUnloadHive($hiveName, $RUH_key = "HKU")
    If Not (@OSType == "WIN32_NT") Then
        SetError(-1)
        Return 0
    EndIf
    Const $HKEY_LOCAL_MACHINE = 0x80000002
    Const $HKEY_USERS = 0x80000003
    Local $RUH_ret
    If $RUH_key = "HKLM" Then
        $RUH_key = $HKEY_LOCAL_MACHINE
    ElseIf $RUH_key = "HKU" Then
        $RUH_key = $HKEY_USERS
    Else
        SetError(-2)
        Return 0
    EndIf
    $RUH_ret = DllCall("Advapi32.dll", "int", "RegUnLoadKey", "int", $RUH_key, "Str", $hiveName)
    Return Not $RUH_ret[0]
EndFunc   ;==>_RegUnloadHive
; === _RegUnloadHive ===


; === SetPrivilege ===
; Special function for use with registry hive functions
Func SetPrivilege($privilege, $bEnable)
    Const $TOKEN_ADJUST_PRIVILEGES = 0x0020
    Const $TOKEN_QUERY = 0x0008
    Const $SE_PRIVILEGE_ENABLED = 0x0002
    Local $hToken, $SP_auxret, $SP_ret, $hCurrProcess, $nTokens, $nTokenIndex, $priv, $LUID, $TOKEN_PRIVILEGES, $NEWTOKEN_PRIVILEGES, $ret, $f
    $nTokens = 1
    $LUID = DllStructCreate("dword;int")
    If IsArray($privilege) Then $nTokens = UBound($privilege)
    $TOKEN_PRIVILEGES = DllStructCreate("dword;dword[" & (3 * $nTokens) & "]")
    $NEWTOKEN_PRIVILEGES = DllStructCreate("dword;dword[" & (3 * $nTokens) & "]")
    $hCurrProcess = DllCall("kernel32.dll", "hwnd", "GetCurrentProcess")
    $SP_auxret = DllCall("advapi32.dll", "int", "OpenProcessToken", "hwnd", $hCurrProcess[0], "int", BitOR($TOKEN_ADJUST_PRIVILEGES, $TOKEN_QUERY), "int*", 0)
    If $SP_auxret[0] Then
        $hToken = $SP_auxret[3]
        DllStructSetData($TOKEN_PRIVILEGES, 1, 1)
        $nTokenIndex = 1
        While $nTokenIndex <= $nTokens
            If IsArray($privilege) Then
                $priv = $privilege[$nTokenIndex - 1]
            Else
                $priv = $privilege
            EndIf
            $ret = DllCall("advapi32.dll", "int", "LookupPrivilegeValue", "str", "", "str", $priv, _
                    "ptr", DllStructGetPtr($LUID))
            If $ret[0] Then
                If $bEnable Then
                    DllStructSetData($TOKEN_PRIVILEGES, 2, $SE_PRIVILEGE_ENABLED, (3 * $nTokenIndex))
                Else
                    DllStructSetData($TOKEN_PRIVILEGES, 2, 0, (3 * $nTokenIndex))
                EndIf
                DllStructSetData($TOKEN_PRIVILEGES, 2, DllStructGetData($LUID, 1), (3 * ($nTokenIndex - 1)) + 1)
                DllStructSetData($TOKEN_PRIVILEGES, 2, DllStructGetData($LUID, 2), (3 * ($nTokenIndex - 1)) + 2)
                DllStructSetData($LUID, 1, 0)
                DllStructSetData($LUID, 2, 0)
            EndIf
            $nTokenIndex += 1
        WEnd
        $ret = DllCall("advapi32.dll", "int", "AdjustTokenPrivileges", "hwnd", $hToken, "int", 0, _
                "ptr", DllStructGetPtr($TOKEN_PRIVILEGES), "int", DllStructGetSize($NEWTOKEN_PRIVILEGES), _
                "ptr", DllStructGetPtr($NEWTOKEN_PRIVILEGES), "int*", 0)
        $f = DllCall("kernel32.dll", "int", "GetLastError")
    EndIf
    $NEWTOKEN_PRIVILEGES = 0
    $TOKEN_PRIVILEGES = 0
    $LUID = 0
    If $SP_auxret[0] = 0 Then Return 0
    $SP_auxret = DllCall("kernel32.dll", "int", "CloseHandle", "hwnd", $hToken)
    If Not $ret[0] And Not $SP_auxret[0] Then Return 0
    Return $ret[0]
EndFunc   ;==>SetPrivilege
; === SetPrivilege ===

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...