Modifying HKCU reg key for restricted users

(imported topic written by Brad91)

Hi all

We have need to modify a registry key in the HKCU branch to solve a slight issue between two programs on some client machines. The issue is that these users do not have Admin access on their machines and cannot modify the registry due to restrictions. Obviously because BigFix runs as SYSTEM a simple reg file won’t work (it will modify the wrong HKCU).

I’ve already read the

pinned topic in this forum

but it did not work (I tried the same test script as posted there). In fact I even tried to run the same command BigFix would through a Cmd prompt with no success (i.e. +RunAsCurrentUser-2.0.exe regedit /s bigfix_test.reg+).

Any ideas? For reference I tested this on my own machine while logged in under “user” status with XP Pro SP3.

Thanks!

Edit for typo

(imported comment written by SystemAdmin)

Rather than writing to “HKCU”, I prefer to write to “HKU” since SYSTEM has access to it. The trick is finding out the SID of the user so you can modify the proper user. From looking at the inspectors file, it looks like this should be as simple as “sid of current user”, but that doesn’t work. This is the simplest method I have worked out:

component string of sid of security account (“DOMAIN” & name of current user)

Fill in domain with whatever your domain name is, or eliminate it if these are stand alone machines. Unfortunately the current user inspector does not return domain name, so it is necessary to put it in there. In action script I typically write the sid out to a variable to keep the regset lines from being too long. Here is a bogus example:

parameter "sid" = "{component string of sid of security account ("DOMAIN\" & name of current user)}"
 
regset "[HKEY_USERS\{parameter "sid"}\Software\Microsoft\Windows\CurrentVersion\Run]" "test"="c:\\test\\test.exe"

Hopefully that should help you out.

1 Like

(imported comment written by Brad91)

Thanks! That worked in the test cases I setup on my own machine. I will report back if it did what we needed, but it looks like it should be fine for the small tweak we need to implement.

(imported comment written by Brad91)

Sorry for the delay in getting back. I received word that the method described above worked fine. I’m sure we’ll be making use of it in the future as well.

Thanks again, BrianK!