3

I have 2 users:

  • Domain\Me (domain user)

  • .\MeAdmin (local administrator)

I frequently have to update my registry for multiple purposes (IE trusted sites, override policies, etc.).

e.g.

[HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gov.pt]

[HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gov.pt\portaldasfinancas]
"https"=dword:00000001
"http"=dword:00000001

My problem lies with the fact that have been told that I cannot make myself (domain account) local admin, I have to use an independent local admin account for all administrator tweaks.

The thing is, if I run this as user .\MeAdmin, it will run current user of MeAdmin and not user Domain\Me; if I run as Domain\Me, I will bump into permissions wall.

Is there a way to assign Domain\Me permissions to edit registry without being Administrator, or update current user of that account through local admin?

Note: I've read about remote registry connections, but I was hoping to still run this as a script/shell for automation purposes.

Update: When I run through domain user (all HKEY_CURRENT_USER entries):

enter image description here

Improve this question
3
  • Is that due to security policy, or technical reasons?
    – grawity_u1686
    Commented Jun 12, 2017 at 11:08
  • I can make myself local admin but due to internal policies, I am not supposed to
    – Tiago Duarte
    Commented Jun 12, 2017 at 11:09
  • You have write access to HKCU. There is no need to use administrative rights.
    – Daniel B
    Commented Jun 12, 2017 at 11:18

1 Answer 1

Reset to default
4

To access another user's registry:

  1. You must use the full path – you need HKEY_USERS\<yourSID> instead of HKEY_CURRENT_USER (which is only a symlink to the former), and likewise HKEY_USERS\<yourSID>_Classes instead of HKEY_CLASSES_ROOT. Use whoami /user to figure out your SID.

  2. The registry hive must be loaded (mounted) – each user's registry is stored in their own ntuser.dat file (HKCU) and UsrClass.dat (HKCR) separately from the system registry (loaded/unloaded on login/logout).

    In case the target user isn't logged in, you can use reg load or the similar Regedit menu item to mount their ntuser.dat under HKU (but don't forget to unload it later, or that user might be unable to log in).

  3. The registry keys (folders) must have the correct permissions allowing write by another user – they work more-or-less the same way as file permissions; open Regedit, right-click a folder, choose "Permissions…", and add the user which is doing the modifications.

Improve this answer
3
  • looks promising. checking
    – Tiago Duarte
    Commented Jun 12, 2017 at 11:23
  • this is exactly what I needed. run .reg as admin after replacing CU by USERS\sid and boom! since I am logged in I guess it is already loaded
    – Tiago Duarte
    Commented Jun 12, 2017 at 11:33
  • whoami returns login name though. I used Get-ADUser from AD PS module
    – Tiago Duarte
    Commented Jun 12, 2017 at 11:35

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .