I am trying to delete a key under HKCU\SOFTWARE\Microsoft\Internet Explorer\Main with a sample value of “keyme” but I cannot for the life of me get the relevance right. Any ideas?
regdelete “[{SOFTWARE\Microsoft\Internet Explorer\Main” of current user keys (logged on users) of registry}]" “keyme”
Thanks,
Matt
Another thing. All those cool commands you want to use from 9.X and later. Those won’t work. We’re on 8.2 clients. Yes, we’re planning a migration to a new client soon, we just upgraded our architecture.
The fix in later clients isn’t needed. You can form a good key with other inspectors
("HKEY_USERS\" & component string of it) of sids of logged on users
You can use just “current user” instead of “logged on users” to get just the current user. This will give you a key into the HKU hive which HKCU is just a shortcut.
Would you still need to use “native registry” rather than “registry” to avoid being redirected to HKEY_USERS[sid]\Software\Wow6432Node ?
Thank you all. In the end we decided to simply delete the key from all users that have logged instead of specifying one user from HKCU.
Thanks for all your answers!
Probably a good idea to note what is redirected by Wow64 yes
https://msdn.microsoft.com/en-us/library/windows/desktop/aa384253(v=vs.85).aspx
You can delete something from all user registry keys by using LocalGPO.
See an example of LocalGPO setting user keys here: https://bigfix.me/fixlet/details/3741