Editing HKCU of Remote Registry with Regini.exe

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hello, I am trying to edit the Current User kernel of a registry on a
remote machine using regini to no avail. I have previously used
regini to edit the Local Machine kernel of a remote registry and I can
also use regini to edit the Current User kernel of the local machine,
so I beleive my syntax is correct. I can edit my own machine by using

"regini script.ini"

but if I type

"regini -m \\mymachine script.ini"

where \\mycomputer is the local machine (or any machine for that
matter), the registry will not update. Is this a problem with regini
and the Current User kernel? Any help is appriciated, thanks.
 
Note that HKCU is diffrent for each logged user. To edit remotely HKCU you
need to have suitable registry hive loaded. It might be that regini runs
remotely using system account or if it runs with same user than localy,
there is no HKCU registry hive available.

One solution could be to use psexec from www.sysinternals.com. It allows you
to run commands on remote machine like you have telnet session. You can tell
psexec to log on with specific user and load HKCU registry hive. Here is
psexec online help:

PsExec executes a program on a remote system, where remotely executed
console
applications execute interactively.

Usage: psexec [\\computer][-u user [-p psswd]][-s|-e][-i][-c
[-f|-v]][-d][-<priority>][-a n,n,...] cmd [arguments]
computer Direct PsExec to run the application on the remote
computer. If you omit the computer name PsExec runs the application on the
local system.
-u Specifies optional user name for login to remote computer.
-p Specifies optional password for user name. If you omit this
you will be prompted to enter a hidden password.
-s Run the remote process in the System account.
-e Loads the specified account's profile.
-i Run the program so that it interacts with the desktop on the
remote system.
-c Copy the specified program to the remote system for
execution. If you omit this option the application must be in the system
path on the remote system.
-f Copy the specified program even if the file already exists
on the remote system.
-v Copy the specified file only if it has a higher version
number or is newer on than the one on the remote system.
-d Don't wait for process to terminate (non-interactive).
-priority Specifies -low, -belownormal, -abovenormal, -high or
-realtime to run the process at a different priority.
-a Separate processors on which the application can run with
commas where 1 is the lowest numbered CPU. For example, to run the
application on CPU 2 and CPU 4, enter: "-a 2,4"
program Name of application to execute.
arguments Arguments to pass (note that file paths must be
absolute paths on the target system).

You can enclose applications that have spaces in their name with quotation
marks e.g. psexec \\marklap "c:\long name app.exe". Input is only passed to
the remote system when you press the enter key, and typing Ctrl-C terminates
the remote process.

If you omit a user name the process will run in the context of your account
on the remote system, but will not have access to network resources (because
it is impersonating). Specify a valid user name in the Domain\User syntax if
the remote process requires access to network resources or to run in a
different account. Note that the password is transmitted in clear text to
the remote system.

Error codes returned by PsExec are specific to the applications you execute,
not PsExec.
 
In said:
Hello, I am trying to edit the Current User kernel of a registry
on a remote machine using regini to no avail. I have previously
used regini to edit the Local Machine kernel of a remote registry
and I can also use regini to edit the Current User kernel of the
local machine, so I beleive my syntax is correct. I can edit my
own machine by using

"regini script.ini"

but if I type

"regini -m \\mymachine script.ini"

where \\mycomputer is the local machine (or any machine for that
matter), the registry will not update. Is this a problem with
regini and the Current User kernel? Any help is appriciated,
thanks.
Click to expand...

I am no regini expert but I must say that where you use the word
"kernel" you should be using the correct term "hive". This may
confuse some readers as "kernel" usually is the core of an operating
system and not a registry term.
 
HKCU is the user profile of the currently logged in user. It is merely a
pointer to another location.

So scripting HCKU remotely doesn't really work. HKCU varies depending on
who's logged in, and I don't even know how it behaves remotely if someone
other than you is logged in to the remote machine interactively.

Can you give us a more complete picture of what you're trying to accomplish
so that we can suggest a more appropriate solution?

-Matt
 
And to expand on that, if you're on a terminal server there may be many
"current users".

Group Policy is the proper mechanism for manipulating users' registry hives.

Regards

Oli
 
Back
Top