Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


Sign in to follow this  
kali

Administrative user doesn’t write registry settings in HKEY_CURRENT_US

Recommended Posts

I’m trying to add the following reg key with bat command. If I run the bat file with standard user the reg setting is added but when try with administrative user it is not added. The fact is administrative user doesn’t write registry settings in HKEY_CURRENT_USER

Windows Registry Editor Version 5.00[HKEY_CURRENT_USER\Software\OmicronLab\Avro Keyboard]"ChangeInputLocale"="YES"

My batch file is as follows.

echo Windows Registry Editor Version 5.00 >> "%WINDIR%\Temp\Avro.txt"echo [HKEY_CURRENT_USER\Software\OmicronLab\Avro Keyboard]  >> "%WINDIR%\Temp\Avro.txt"echo "ChangeInputLocale"="YES" >> "%WINDIR%\Temp\Avro.txt"ren "%WINDIR%\Temp\Avro.txt" Avro_prof.regregedit /s "%WINDIR%\Temp\Avro_prof.reg"

I tried also regedit /s "%~dp0myreg.reg" and regedit /s myreg.reg to run my registry file.

Edited by Yzöwl
[code] tags added

Share this post


Link to post
Share on other sites

Instead of using regedit, have you tried it using reg.exe?

@REG ADD "HKCU\Software\OmicronLab\Avro Keyboard" /V ChangeInputLocale /D YES /F
  • Upvote 1

Share this post


Link to post
Share on other sites

HKEY_CURRENT_USER:

1) does NOT exist :w00t::ph34r:

2) it is CURRENT user :yes:.

See:

http://technet.microsoft.com/en-us/library/cc976337.aspx

 

There are as many "Current Users" as many accounts there are, maybe (as it seems like you are trying to change the settings of another user) you need to find out the SID of the user and access the "real" thing, i.e. the HKEY_USERS\ Security ID :unsure:, can you try explaining the context?

 

Which OS is that?

 

jaclaz

Edited by jaclaz
  • Upvote 1

Share this post


Link to post
Share on other sites

 

Instead of using regedit, have you tried it using reg.exe?

@REG ADD "HKCU\Software\OmicronLab\Avro Keyboard" /V ChangeInputLocale /D YES /F

I tried it many times before and tried again as your advised.

  • Upvote 1

Share this post


Link to post
Share on other sites

HKEY_CURRENT_USER:

1) does NOT exist :w00t::ph34r:

2) it is CURRENT user :yes:.

See:

http://technet.microsoft.com/en-us/library/cc976337.aspx

 

There are as many "Current Users" as many accounts there are, maybe (as it seems like you are trying to change the settings of another user) you need to find out the SID of the user and access the "real" thing, i.e. the HKEY_USERS\ Security ID :unsure:, can you try explaining the context?

 

Which OS is that?

 

jaclaz

 

Avro is a software to write my native language Bengali. It stores profile settings under the following registry address and it’s only one address for profile settings. I made it’s silent install with registry settings for all windows version from XP to Windows 10. No problem with silent install but reg settings. It’s working everywhere. But for standard user (in Seven or later) registry setting is not working. That means Registry setting is not being added. If I can add the following registry settings with Administrator user I’m successful.

 

[HKEY_CURRENT_USER\Software\OmicronLab\Avro Keyboard]

post-322156-0-71640800-1416069148_thumb.

Share this post


Link to post
Share on other sites

But for standard user (in Seven or later) registry setting is not working. That means Registry setting is not being added. If I can add the following registry settings with Administrator user I’m successful.

 

[HKEY_CURRENT_USER\Software\OmicronLab\Avro Keyboard]

 

Let's try to clear this.

 

Say you have two users on a system:

  1. UserAdmin <- with administration privileges 
  2. UserStandard <- with "standard" privileges 

HKCU will be connected to the UserAdmin's profile when UserAdmin is logged on, and connected to the UserStandard's profile when UserStandard is logged on.

 

On the test machine, open a command Window and execute in it:

wmic useraccount get name,sid

and post results.

 

Then, log in with the one and the other user and check with regedit the HKEY_USERS/<Security ID>/Software you find in the Registry and which permissions/restrictions they have.

 

Read also this:

http://pcsupport.about.com/od/termshm/g/hkey_users.htm

 

You should get the hang of the mechanism.

 

jaclaz

  • Upvote 1

Share this post


Link to post
Share on other sites

 

 

Instead of using regedit, have you tried it using reg.exe?

@REG ADD "HKCU\Software\OmicronLab\Avro Keyboard" /V ChangeInputLocale /D YES /F

I tried it many times before and tried again as your advised.

 

As jaclaz has alluded to, it appears therefore that you are not running the script with Administrator privileges, but when actually logged on as the Administrator

 

If you use this script it should give open a text file listing one or more of the replacement(s) you'll need instead of HKCU in my last example script.

@Echo Off & SetLocalType Nul>"%~dp0SIDs.txt"For /F "UseBackQ Tokens=2 Delims==" %%A In (   `WMIC UserAccount WHERE "Disabled='FALSE' AND Status='OK'" Get SID /Value`   ) Do Echo(HKU\%%A>>"%~dp0SIDs.txt"Start "" "%~dp0SIDs.txt"
  • Upvote 1

Share this post


Link to post
Share on other sites

Let's try to clear this.

 

Say you have two users on a system:

  1. UserAdmin <- with administration privileges 
  2. UserStandard <- with "standard" privileges 

HKCU will be connected to the UserAdmin's profile when UserAdmin is logged on, and connected to the UserStandard's profile when UserStandard is logged on.

Exactly you’ve caught the real thing. I’ve two user account, Administrator and Standard. Administrator is password protected and Standard is auto logon user without passport. I always use standard user. It’s my active/logon user/KHCU. When I try to use administrative power (like installing/uninstalling etc) windows prompt for Administrator with password. It’s really my tricks to protect my PC from unauthorized or child attack. My all the drives are read only (Copy, paste, delete, move protected).

 

Standard and Administrator are the problem for my batch command. When I run the batch file from standard user/ active/logon user/KHCU it’s prompt for Administrator to install Avro. After confirmation of Administrator the batch file run with administrator user and try to add the registry settings in HKCU. In this moment HKCU is Administrator. But I need logon user. I want the batch file as universal command file for all kinds of PC (from Win XP to later, Administrator and Standard user). So how to run the batch file with the logon user in that moment? It's the command to use with Administrator and Standard/active/logon user. Thanks.

 

 

My user information as your command.

Yzöwl:

HKU\S-1-5-21-3912419492-1565357640-1409004406-1003

HKU\S-1-5-21-3912419492-1565357640-1409004406-1001

post-322156-0-46433400-1416144149_thumb.

Share this post


Link to post
Share on other sites

Good.

Now login as Admin.

Open Regedit.

Navigate to HKEY_USERS/

Can you see the SID S-1-5-21-3912419492-1565357640-1409004406-1003?

Can you see the SID S-1-5-21-3912419492-1565357640-1409004406-1001?

 

Log off, re-login as KAMRUL.

Open Regedit.

Navigate to HKEY_USERS/

Can you see the SID S-1-5-21-3912419492-1565357640-1409004406-1003?

Can you see the SID S-1-5-21-3912419492-1565357640-1409004406-1001?

 

jaclaz

Share this post


Link to post
Share on other sites

Good.

Now login as Admin.

Open Regedit.

Navigate to HKEY_USERS/

Can you see the SID S-1-5-21-3912419492-1565357640-1409004406-1003?

Can you see the SID S-1-5-21-3912419492-1565357640-1409004406-1001?

 

Log off, re-login as KAMRUL.

Open Regedit.

Navigate to HKEY_USERS/

Can you see the SID S-1-5-21-3912419492-1565357640-1409004406-1003?

Can you see the SID S-1-5-21-3912419492-1565357640-1409004406-1001?

 

jaclaz

Yes, I'got. But SID may not be same in all kinds of windows. So how to apply same reg in all HKU/active Current user/active log on user? Because SID may be different but my reg file is only one.

Share this post


Link to post
Share on other sites

Yes, I'got. But SID may not be same in all kinds of windows. So how to apply same reg in all HKU/active Current user/active log on user? Because SID may be different but my reg file is only one.

 

Here is where learning a little about batch files and understanding the snippet  Yzöwl posted may become useful.

Provided that when you run your batch you have access to WMI interface, if not, you will need to run the batch related to the Registry post install or find another way to "pair" users with their SID's, like (example) experiment with PsGetSid:

http://technet.microsoft.com/en-us/sysinternals/bb897417.aspx

 

Basically you need to replace in your batch (in the line to add to the Registry) the HKCU with HKU\<SID> and you need to calculate the <SID> value dinamycally when the batch is run.

 

Alternatively :unsure:, you could try assigning at install time to the "standard" User "KAMRUL" Administration privileges and later demote it to "Standard user".

 

If you are asking how to find out which user is currently logged in?, try issuing the 

whoami

command in a Command window prompt ;).

 

jaclaz

Edited by jaclaz

Share this post


Link to post
Share on other sites

 

Yes, I'got. But SID may not be same in all kinds of windows. So how to apply same reg in all HKU/active Current user/active log on user? Because SID may be different but my reg file is only one.

 

Here is where learning a little about batch files and understanding the snippet  Yzöwl posted may become useful.

Provided that when you run your batch you have access to WMI interface, if not, you will need to run the batch related to the Registry post install or find another way to "pair" users with their SID's, like (example) experiment with PsGetSid:

http://technet.microsoft.com/en-us/sysinternals/bb897417.aspx

 

Basically you need to replace in your batch (in the line to add to the Registry) the HKCU with HKU\<SID> and you need to calculate the <SID> value dinamycally when the batch is run.

 

Alternatively :unsure:, you could try assigning at install time to the "standard" User "KAMRUL" Administration privileges and later demote it to "Standard user".

 

If you are asking how to find out which user is currently logged in?, try issuing the 

whoami

command in a Command window prompt ;).

 

jaclaz

 

 

I can do two thinks, but I've no idea about how to do it? 

1st - Find the HKU or active logon user SID and apply the registry settings to this SID. (Yzöwl's Idea may work)

2nd- Apply the registry settings to all user (active, non active).

 

Can you advise me how to do it?

Share this post


Link to post
Share on other sites

If the user is logged out when it runs, you'll need to additionally mount the ntuser.dat file because the SID path is only available while a user is actually logged on.

Share this post


Link to post
Share on other sites

If the user is logged out when it runs, you'll need to additionally mount the ntuser.dat file because the SID path is only available while a user is actually logged on.

Yep :), that was the point of the experiment suggested in post #9.

 

Now, what about "Active Setup"?

http://www.itninja.com/blog/view/appdeploy-articles-activesetup?

http://wpkg.org/Adding_Registry_Settings#Active_Setup

 

jaclaz

Share this post


Link to post
Share on other sites

You could try this!

@ECHO OFF & SETLOCAL ENABLEEXTENSIONSSET "_UPPS="FOR /F "USEBACKQ TOKENS=2 DELIMS==" %%A IN (`WMIC USERACCOUNT WHERE^ "DISABLED='FALSE' AND LOCALACCOUNT='TRUE' AND STATUS='OK'" GET SID /VALUE`    ) DO (FOR /F "USEBACKQ TOKENS=1* DELIMS==" %%B IN (`        WMIC PATH WIN32_USERPROFILE WHERE^         "SID='%%A' AND SPECIAL='FALSE'" GET LOCALPATH /VALUE 2^>NUL`) DO (        IF %%~dC' NEQ ' (CALL SET _UPPS=%%_UPPS%% "%%~C")))IF NOT DEFINED _UPPS GOTO :EOFSET _CRK=Software\OmicronLab\Avro KeyboardFOR %%A IN (%_UPPS%) DO (REG LOAD "HKU\_" "%%~A\NTUSER.DAT"    REG ADD "HKU\_\%_CRK%" /V ChangeInputLocale /D YES /F>NUL    REG UNLOAD "HKU\_"    PING -n 4 127.0.0.1 1>NUL)

You may not need the ping command at the last line or you may need to adjust it depending upon any delay between unloading one dat file and loading the next dat file.

 

Also be very careful, corruption of this file could prevent your users from logging in.

  • Upvote 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×