Archive: Find registry key in HKU for particular user


Find registry key in HKU for particular user
Hi,

I'm creating an installer that installs a program that will run as a particular user. So, first I create a new user. Then, I need to make modifications to the registry for that particular user, as well as make changes to the startup menu for that particular user.
This user has very few rights, so I need to make these changes as part of my installer, while it is running with admin rights.

How do I go about finding what SID a user has, where its profile is stored, and what registry key that user has?
I cannot seem to find a way with EnumUsersReg and UserInfo to find these things.


I'd suggest create the new account and force a reboot/login for the new user, and use HKCU....RunOnce to write all needed reg records.


Unfortunately that wouldn't work as the user I create has no rights to write to the registry.
Plus, I have so many things to setup in the registry that I would want to do it from the Administrator account.

It now looks even worse than I thought.

My software runs as an input-free application. I need to create a user with limited privileges for that. The installer should create that user and set it up accordingly (startup menu, and some registry keys in HKU).
What I've noticed is that when I create the user, the registry key for its SID is not created in the registry nor is the profile created until I log off and log on again. However, since the user created has limited rights, it can't pursue the installation as it has no right to write in the registry.
I'm completely stuck!


This code works fine for unattended XP new installations as well for existing XP systems.
The new account appears immediately in Control Panel.

function CreateUser
nsexec::exec 'net user "test_userXP" "" /add'
nsexec::exec 'net localgroup "Power Users" "test_userXP" /delete'
nsexec::exec 'net localgroup "Users" "test_userXP" /add'
nsexec::exec 'net localgroup "Guests" "test_userXP" /delete'
nsexec::exec 'net localgroup "HelpServicesGroup" "test_userXP" /delete'
nsexec::exec 'net localgroup "Network Configuration Operators" "test_userXP" /delete'
nsexec::exec 'net localgroup "Remote Desktop Users" "test_userXP" /delete'
nsexec::exec 'net localgroup "Replicator" "test_userXP" /delete'
nsexec::exec 'net localgroup "Backup Operators" "test_userXP" /delete'
nsexec::exec 'net localgroup "Administrators" "test_userXP" /delete'
nsexec::exec 'net accounts /maxpwage:unlimited'
functionend

section -
call CreateUser
sectionend

* For the example above the new account is a limited user, add/delete to/from groups according to what account you wish to create.

@Wabiloo
When you create the new user his/her registry hive is not loaded so you will not find any info in the registry, unless this user manually logs into your computer. When that user is logged, the default user profile (usually found in %SystemDrive%\Documents and Settings\Default User) will be copied to the new user's folder. Note that messing around with the DefaultUser hive will affect every user that will be created in the future.

as well as make changes to the startup menu for that particular user
if your program will run in the context of the new user, why do you need to make changes to the StartUp menu of that user? Do you actually need the new user to login with a GUI to the computer?

If you still want to find the user's SID this will do the trick:
System::Call 'netapi32.dll::NetUserGetInfo(w n, w "PutYourUserNameHere", i 23, *i .R8)i.r4'
System::Call '*$R8(w .R1, w .R2, w .R3, i .R4, i .R9)'
System::Call advapi32::ConvertSidToStringSid(iR9,*t.R0)
DetailPrint "The SID is $R0"
System::Free $R8

@Red Wine
When a user is created using
net user "test_userXP" "" /add
he/she belongs by default only to the Users group so there is no reason to delete this user from every possible group. Your code will give error 1377 for each group you will try to remove the user from, if the user does not belong to that group.

CF

@ CF
Uh! forgive me that I don't know what exactly is this 1377, but I know that when I create an account by that way, it appears immediately in Control Panel and all it needs is log off/log in and the account is in tact and running. Though, trying to create the new account with this 1377 free way, there is not account at all. Do you think am I missing something?


Try it on a command prompt.

net user "test_userXP" "" /add

The account is present as soon as the above command finishes. However if you try to add the account to the Users group:
C:\>net localgroup "Users" "test_userXP" /add
System error 1378 has occurred.
The specified account name is already a member of the local group.

or remove the account from any other group that it doesn't belong to:
C:\>net localgroup "Guests" "test_userXP" /delete
System error 1377 has occurred.
The specified account name is not a member of the local group.

and so on ...
Though, trying to create the new account with this 1377 free way, there is not account at all
???

CF

@CancerFace

My application runs as a replacement shell instead of explorer. However, I want it to run automatically only when a specific user logs on. My installer creates that user. That user has no admin rights.

So, what I need to be able to do, is for that user only, access the registry key Winlogon/Shell and replace it.

Can anyone see a way of doing that?

CancerFace, when you say "messing around with the DefaultUser hive" do you mean whatever is in HKU/.Default ?


Do you think the following would be possible?

1) Create a user (say one called User1) with "net user"
Because the user has not logged on yet, no profile exists for it.
2) Copy the C:\Documents and Settings\Default User into c:\documents and settings\user1
3) load the registry hive NTUSER.dat from that new profile, with "reg load", into a new HKU/User1
4) make the changes to that registry key
5) Unload the hive

Do you think that would work, or is windows doing a trillion other things before creating a valid profile for a user?


CancerFace, when you say "messing around with the DefaultUser hive" do you mean whatever is in HKU/.Default ?
Yes, this is the hive found in %SystemDrive%\Documents and Settings\Default User\ntuser.dat. When the new user is logged in this hive is transferred to his/her profile path and is used as a template. There are several changes that take place to that hive, apart from the permissions being set for the new user. For example, the values found under the Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders key change in order to reflect the new user's profile. Basically it would be a good idea to first copy the default hive to a new place and then edit it in order to avoid enforcing changes to all the users that will be created after that.
1) Create a user (say one called User1) with "net user"
Because the user has not logged on yet, no profile exists for it.
2) Copy the C:\Documents and Settings\Default User into c:\documents and settings\user1
3) load the registry hive NTUSER.dat from that new profile, with "reg load", into a new HKU/User1
4) make the changes to that registry key
5) Unload the hive
In general I think that this will work. I have done something similar in the past: I created a template account, logged in to the domain then configured it as I wanted. Used that hive as a template and then for every new user that I would create I would copy over that hive to the new user's profile folder. Here is a snip of what I was using on our server in a batch to generate a new user's profile structure:
MKDIR \\%SERVER%\profiles$\%NewUserNameE%
:: copy the template profile
XCOPY /I /E /H /K /Y \\%SERVER%\profiles$\Template\Profile \\%SERVER%\profiles$\%NewUserName% >nul
:: change TemplateUser to the new username
REG.EXE LOAD HKU\%NewUserName% \\%SERVER%\profiles$\%NewUserName%\NTUSER.DAT
REGFIND.EXE -P HKEY_USERS\%NewUserName% TemplateUser -r %NewUserName%
REG.EXE UNLOAD HKU\%NewUserName%
:: Create the homedir structure
UNRAR.EXE x -r -inul \\%SERVER%\profiles$\Template\Home\TemplateHome.rar \\%SERVER%\home$\%NewUserName%\
:: Set Permissions
SUBINACL.EXE /subdirectories \\%SERVER%\home$\%NewUserName% /setowner=%DomainName%\%NewUserName%
SUBINACL.EXE /subdirectories \\%SERVER%\home$\%NewUserName%\* /setowner=%DomainName%\%NewUserName%
There are more elegant ways to do this using API calls but back then that did the job and everybody was happy :)

Hope this helps

CF

Cancerface, that is just awesome! Thanks!

Exactly what I am looking for!!

I modified it to copy the files directly from C:\Users instead of via the share, and to load a .reg file into the HKU\ %username% before unload, which will be modified by script to adapt to the new username before it is imported.

This is just awesome, because when I need to make changes valid for all new users, I can just modify the Defaultuser profile and the changes will automatically apply for all new users.

I can also make smaller .reg-files targeting specific settings and change them for individual users (provided they are not logged on)

Again, thanks! This is gold!


Please note this is an old thread.
You can do the same now with the UserMgr plugin.


jpderuiter:
Thanks for the info.
But I need the ability to do these things via command prompt, so I can (batch)script processes for creating new users more quickly and easily from our database, which is why this helps me so much ;)