4

I have 2 users:

  • Domain\Me (domain user)

  • .\MeAdmin (local administrator)

I frequently have to update my registry for multiple purposes (IE trusted sites, override policies, etc.).

e.g.

[HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gov.pt]
[HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gov.pt\portaldasfinancas]
"https"=dword:00000001
"http"=dword:00000001

My problem lies with the fact that have been told that I cannot make myself (domain account) local admin, I have to use an independent local admin account for all administrator tweaks.

The thing is, if I run this as user .\MeAdmin, it will run current user of MeAdmin and not user Domain\Me; if I run as Domain\Me, I will bump into permissions wall.

Is there a way to assign Domain\Me permissions to edit registry without being Administrator, or update current user of that account through local admin?

Note: I've read about remote registry connections, but I was hoping to still run this as a script/shell for automation purposes.

Update: When I run through domain user (all HKEY_CURRENT_USER entries):

enter image description here

asked Jun 12, 2017 at 10:04
3
  • Is that due to security policy, or technical reasons? Commented Jun 12, 2017 at 11:08
  • I can make myself local admin but due to internal policies, I am not supposed to Commented Jun 12, 2017 at 11:09
  • You have write access to HKCU. There is no need to use administrative rights. Commented Jun 12, 2017 at 11:18

1 Answer 1

5

To access another user's registry:

  1. You must use the full path – you need HKEY_USERS\<yourSID> instead of HKEY_CURRENT_USER (which is only a symlink to the former), and likewise HKEY_USERS\<yourSID>_Classes instead of HKEY_CLASSES_ROOT. Use whoami /user to figure out your SID.

  2. The registry hive must be loaded (mounted) – each user's registry is stored in their own ntuser.dat file (HKCU) and UsrClass.dat (HKCR) separately from the system registry (loaded/unloaded on login/logout).

    In case the target user isn't logged in, you can use reg load or the similar Regedit menu item to mount their ntuser.dat under HKU (but don't forget to unload it later, or that user might be unable to log in).

  3. The registry keys (folders) must have the correct permissions allowing write by another user – they work more-or-less the same way as file permissions; open Regedit, right-click a folder, choose "Permissions...", and add the user which is doing the modifications.

answered Jun 12, 2017 at 11:14
3
  • looks promising. checking Commented Jun 12, 2017 at 11:23
  • this is exactly what I needed. run .reg as admin after replacing CU by USERS\sid and boom! since I am logged in I guess it is already loaded Commented Jun 12, 2017 at 11:33
  • whoami returns login name though. I used Get-ADUser from AD PS module Commented Jun 12, 2017 at 11:35

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.