Updating the current logged on user, HKEY_USERS hive registry, with system account

0

This script makes changes to all users' profiles.

Here is the script: 

# Get each user profile SID and Path to the profile
$UserProfiles = Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\*" |
                Where {$_.PSChildName -match "S-1-5-21-(\d+-?){4}$" } |
                Select-Object @{Name="SID"; Expression={$_.PSChildName}}, @{Name="UserHive";Expression={"$($_.ProfileImagePath)\NTuser.dat"}}

# Loop through each profile on the machine
foreach ($UserProfile in $UserProfiles) {
    # Load User ntuser.dat if it's not already loaded
    if (($ProfileWasLoaded = Test-Path Registry::HKEY_USERS\$($UserProfile.SID)) -eq $false) {
        Start-Process -FilePath "CMD.EXE" -ArgumentList "/C REG.EXE LOAD HKU\$($UserProfile.SID) $($UserProfile.UserHive)" -Wait -WindowStyle Hidden
    }
}

# Manipulate the registry
$key = "Registry::HKEY_USERS\$($UserProfile.SID)\Software\SomeArchaicSoftware\Configuration"

New-Item -Path $key -Force | Out-Null

New-ItemProperty -Path $key -Name "LoginURL" -Value "https://www.myCompany.local" -PropertyType String -Force | Out-Null
New-ItemProperty -Path $key -Name "DisplayWelcome" -Value 0x00000001 -PropertyType DWORD -Force | Out-Null

$key = "$key\UserInfo"

New-Item -Path $key -Force | Out-Null

New-ItemProperty -Path $key -Name "LoginName" -Value "$($ENV:USERDOMAIN)\$($ENV:USERNAME)" -PropertyType STRING -Force | Out-Null

# Unload NTuser.dat 
if ($ProfileWasLoaded -eq $false) {
    [GC]::Collect()

    Start-Sleep 1
    Start-Process -FilePath "CMD.EXE" -ArgumentList "/C REG.EXE UNLOAD HKU\$($UserProfile.SID)" -Wait -WindowStyle Hidden| Out-Null
}

I only need changes to the current logged on user HKEY_USERS hive. Can anyone help me change the script so it's only the current logged in user who gets the changes?

powershell
registry
sccm
asked on Stack Overflow Sep 17, 2018 by Joe • edited Sep 17, 2018 by Ansgar Wiechers

1 Answer

0

You can determine the SID of a currently logged-in user via WMI. Check for the owner of a running explorer.exe process, then resolve the account name to its SID:

$user = (Get-WmiObject Win32_Process -Filter "Name='explorer.exe'").GetOwner()
$fltr = "Name='{0}' AND Domain='{1}'" -f $user.User, $user.Domain
$sid  = (Get-WmiObject Win32_UserAccount -Filter $fltr).SID

Still, I think a logon script would be a better place for changes to a user's registry settings.

answered on Stack Overflow Sep 17, 2018 by Ansgar Wiechers

User contributions licensed under CC BY-SA 3.0