Home > OS Internals, Programming, Tech, Windows > Read or Update a registry key for ALL users on a system

Read or Update a registry key for ALL users on a system

Have you ever needed to read or update a registry key that is stored in each user’s HKEY_CURRENT_USER or HKEY_CLASSES_ROOT hive? Have you also ever needed to read or update it for ALL users on the system, as well as make it the default setting when a new user profile is created?

That can be a bit of a daunting task. One solution is to add the registry key update to the user’s logon script.

UPDATE: As a commenter pointed out, an alternative solution is to use the built-in “Active Setup” functionality which can run a script the next time each user logs in, under that user’s context. In most scenarios, I believe this will be the best method for updating registry settings on a per-user basis.

What is Active-Setup? http://sccmpackager.blogspot.com/2013/07/active-setup-what-is-active-setup.html

However, the technique described in this post is very useful for when you need to read from each user’s registry settings (or write to) immediately and cannot wait for the next time a user logs onto the system.

Fortunately, there is another way that will immediately update all profiles (including the DEFAULT profile) and I wrote a vbscript to make it easier.

The source code (vbscript) is available here: https://github.com/MicksMix/RegUpdateAllUsers

CHANGELOG

  • Nov 15, 2013 – Able to update NTUSER.DAT and/or USRCLASS.DAT (HKCU and/or HKCR)
  • Aug 25, 2013 – Added ability to delete keys
  • Apr 23, 2013 – Added ability to write REG_BINARY values
  • Apr 11, 2013 – Fixed bug where it wouldn’t work when run by SYSTEM account
  • Mar 28, 2013 – Huge code cleanup and bug fixes
  • Jan 13, 2012 – Initial release

The script can  set REG_BINARY keys as long as they are in the format used by a regedit.exe export. For example:

[HKEY_CURRENT_USER\Software\_Test\MyTestBinarySubkey]
"My Test Binary Value"=hex:23,00,41,00,43,00,42,00,6c,00

To set this binary value using the script, you would modify line 82 to be:
SetBinaryRegKeys sRegistryRootToUse, strRegPathParent03, “My Test Binary Value”,“hex:23,00,41,00,43,00,42,00,6c,00”

The script works correctly even when run under the SYSTEM account.

The general way this script works:

  1. Update the currently logged on user’s HKCU (that’s easy enough)
  2. Then you must enumerate every profile on the system
  3. Find their ntuser.dat file (ntuser.dat contains the contents of the user’s HKCU hive)
  4. Find their usrclass.dat file (usrclass.dat contains the user’s HKCR hive)
  5. Load ntuser.dat and/or usrclass.dat into a temporary key in the HKLM hive (programmatically or using reg.exe)
  6. I use ‘HKLM\TempHive’ as the temporary key
  7. Then when you write to “HKLM\TempHive”you are actually editing that user’s HKCU hive.
  8. If you load ntuser.dat/usrclass.dat for the “Default” user, the settings will take effect for any NEW user profile created on the system
  9. If more than 1 user is currently logged on, you can edit their HKCU/HKCR hive by looking the user up by their SID under HKEY_USERS and writing to it at that location.

It’s a bit of a tedious job, so I wrote a VBScript that takes care of all of the steps listed above. This script has been tested on Windows XP and Windows 7 (x64), but should work on Windows 2000 and newer. It relies on “reg.exe” which ships with all versions of Windows.

Advertisements
  1. Tamas
    March 30, 2012 at 3:11 AM

    a very nice script!

    thanks so much,i’ve been looking for a way to update the HKCU with a vbs for all users for some time now…

  2. Russell
    May 18, 2012 at 2:39 PM

    This is a beautiful thing. Thank you very much for sharing.

  3. Harvey
    November 6, 2012 at 9:46 AM

    Legend, thanks very much.

  4. Amar Kapoor
    January 21, 2013 at 10:50 AM

    hey i want to…set the default application for any image in my system to Paint…modifying Registry Programatically using VB…please help..
    I have done it on Windows XP but facing problem of Security access on Windows 7…

    • Mick
      January 25, 2013 at 8:01 AM

      What do you have written so far?

      • Tony Dennett
        May 9, 2014 at 2:50 AM

        Hi Mick. I’m a complete newbie. I want to use this script to replace the proxy exception list for all users on a system and I’m unsure where to enter the key and what to change to stop it being deleted again as in this test script. I know it seems like I want you to do it for me but I just need help knowing where to put the string.
        Thanks in advance. Tony.
        Here’s the message I put on technet.
        I currently manage approx 1,800 computers on a vpn network. They are not part of any AD. There are mixed service packs of XP mostly SP2 and SP3. They all access the internet via a proxy server. They are all running either IE6 (not many left) or IE8. I have wrote a script to change the proxy exception list but not all of them have worked I have changed the following reg keys [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings] & [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings] & [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings]. It seems in the ones that have not changed, the local SID account is the one in use and this has not changed because of its uniqueness. Is there a way either scripting or a commercial package that I can use to write keys to ALL users. I’m not sure on the details of how to use local policy to set this or how I would be able to write a script that would import the settings from a text file or something. Can anyone help with this matter.
        Thanks

      • Mick
        May 9, 2014 at 10:01 AM

        Using “Active Setup” might be the best approach in this situation. Here’s a great guide on it:
        http://www.sepago.de/d/helge/2010/04/22/active-setup-explained

  5. Mateusz Ples
    March 28, 2013 at 10:59 AM

    Hey, when I run your script from sccm then all scripts are execute as system account. System account (objShell.Namespace(USERPROFILE).self.path) indicate to C:\windows\system32\config… and script doesn’t apply reg for all users then.

    • Mick
      April 11, 2013 at 10:47 PM

      I have updated the script to support running under the SYSTEM account. Please let me know if you have any issues.

      • Mateusz Ples
        April 15, 2013 at 11:33 PM

        Thank you Mick, currently it is working perfectly

      • Mateusz Ples
        April 18, 2013 at 11:39 PM

        There are one another issue. When I change setting for all users I think also about default user. I didn’t see it until test.

      • Mick
        April 19, 2013 at 12:08 AM

        I updated the script again and it now handles the DEFAULT user profile again. Please let me know if you have any issues.

      • Mateusz Ples
        April 29, 2013 at 1:34 PM

        I’m afraid that new script doesn’t work for default user, because hive HKEY_USERS\.DEFAULT isn’t a hive of Default User. It is system profile registry. Look to HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders and then you will see that all path indicate to system profile C:\WINDOWS\system32\config\systemprofile\. That hive is loaded because system user is logged on. Default user hive is not loaded. Currently I modify script to check whether C:\users\default exist then load default user hive and set registy settings. If not exist C:\users\default then looking default user in C:\document and settings\default user.

      • Mick
        April 29, 2013 at 2:26 PM

        Nice catch. I will work to get it fixed in the next couple of days.

      • Mick
        May 4, 2013 at 8:48 AM

        It is now fixed and the “GetDefaultUserPath” function will determine the path to the Default User’s profile, where ntuser.dat is found. This is the hive used to clone when creating new users on the system.

        Thank you for finding my mistake and letting me know.

  6. Jason
    April 23, 2013 at 2:35 PM

    Hi Mick,

    Would this work if I wanted to change the key’s permissions? In other words, I have a reg key (HKCU\Software\Key) and want to give ‘everyone’ FULL access.

    Thanks!

    • April 24, 2013 at 7:29 AM

      Why would you want to give “Everyone” “FULL” access to other user’s registry locations? Even if you did make permissions changes with this script, you’d also have to re-ACL the ntuser.dat file for every user so that other non privileged users could access that file (%USERPROFILE%\ntuser.dat).

      That being said, I don’t know if it’d work or not. Sounds like you should re-think the approach.

  7. Adriano
    April 24, 2013 at 2:22 AM

    Hi,

    great script!
    I would like to have it working for ALL USERS except ADMINISTRATORS users. How should i modify the script accordingly? Can you help me?

    Thank you very much!

  8. El BiM
    June 6, 2013 at 3:08 AM

    Good Morning,

    is there any way to change REG_QWORD-Entry like this:
    “ExecTime”=hex(b):00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

  9. Chris
    June 20, 2013 at 2:24 PM

    I’m running this under the SYSTEM context and it is not working. It only processes the systemprofile user. Please help.

    • Mick
      June 20, 2013 at 2:35 PM

      What operating system are you running this on?

      • Chris
        June 20, 2013 at 2:47 PM

        Windows 7.

    • June 20, 2013 at 5:37 PM

      I’m testing on my Windows 7 system at the moment and cannot recreate the issue.

      How many profiles exist on your system, and what is the output when you run it from the command-line?

  10. Chris
    June 20, 2013 at 5:32 PM

    Are you able to look at this and fix if there is in fact an issue?
    Thanks in advance.

    • Mick
      June 20, 2013 at 6:06 PM

      Yep. I’ve tested on a couple of my Win 7 x64 systems and it works correctly.

      On line 329, add the following:
      WScript.Echo “The user: ” & sCurrentUser & ” original value: ” & strValue & vbcrlf

      Then post that output.

      After that, if it still doesn’t work after reviewing that output, I’d suggest to change the 1st line from “On Error Resume Next” to “Option Explicit”, and report the errors here.

      • Chris
        June 21, 2013 at 6:38 AM

        I will try what you suggested but in the meantime, I wanted to give you some more information.
        The script works fine when I run it under my security context. My system has 10 user profiles. It’s when I run it under SYSTEM that it doesn’t work. Are you testing using SYSTEM? Here’s how I am testing this.

        1. Copy the .vbs to c:\.
        2. Create a batch file named test.bat that calls the .vbs file. Example:
        cscript c:\test.vbs
        3. Use AT to schedule a job and run the script under the SYSTEM security context. Example:
        AT \\%COMPUTERNAME% 8:45 “c:\test.bat”

        This is when it only processes systemprofile.
        Thanks for your help. I really appreciate it.

      • Mick
        June 21, 2013 at 6:57 AM

        Yes, I am testing using SYSTEM credentials by using psexec to spawn a cmd prompt running as system:

        psexec -s -i -d cmd.exe

        From there I run the script and it works. Maybe there is something different about using a scheduled task, but I am not certain yet.

        Please test this…download psexec, launch a SYSTEM command prompt (psexec -s -i -d cmd), and then run the script from there and let me know if it works or not.

      • Chris
        June 21, 2013 at 7:09 AM

        It’s working now. Not sure what I was doing wrong. Thank you.

  11. wayne
    July 16, 2013 at 2:51 PM

    What if the script is being run under local while another user is logged on? How is hkcu handled then? Sorry, maybe I am just missing it.

    • wayne
      July 16, 2013 at 3:01 PM

      Never mind…I got it.

      • Mick
        July 16, 2013 at 5:25 PM

        Ok, cool. Just for the benefit of others, the script will still update another logged on user by writing directly to their registry hive loaded under HKEY_USERS.

  12. Rott
    July 17, 2013 at 7:05 AM

    Sir, you have solved a problem I have been struggling with for a while. A messed up package deployment with faulty evaluation license stored in user hives. I have successfully replaced the eval licenses with a proper full ones with your script. I appreciate you sharing this wonderful work with the rest of us mortals.
    Cheers.

    • Mick
      July 17, 2013 at 7:06 AM

      Thank you, I’m glad to hear that you found this helpful!

  13. Asaf
    July 18, 2013 at 9:14 AM

    Does the code work also on win8?

    • Mick
      July 26, 2013 at 6:25 AM

      I have not tried it, but I assume it will. If you have access to a Windows 8 system, please try it out and let me know.

    • Mick
      July 26, 2013 at 8:13 AM

      I just tested on Windows 8 and it works.

  14. infosysfreak
    July 25, 2013 at 1:06 PM

    I have used this and it successfully updates the Current users, and default profile, but it is not updating all the other profiles that live on the Windows 7 PC – Am I doing something wrong?

    • Mick
      July 25, 2013 at 10:16 PM

      Please try running under the SYSTEM account in order to rule out the problem being related to permissions. To get a SYSTEM cmd prompt, use psexec and run:

      psexec -s -i -d cmd.exe

      Then run it from the resulting CMD prompt and let me know if it works or not.

      • infosysfreak
        July 26, 2013 at 7:06 AM

        The first 2 times running it under the system account it still didn’t update all profiles. I went into the registry under the profile list, I cleaned it up (users that were no longer in the My Computer Properties – profiles list – but still in the registry). After that, ran the script and it DID update all 18 profiles that were on the Windows 7 PC. Any ideas if it had anything to do with my manual profile clean-up? That could get time consuming to do that on every PC prior to running this script…

      • Mick
        July 26, 2013 at 7:08 AM

        Interesting. For the profiles you cleaned up, did they have physical profiles on disk at all? By that I mean any data stored at c:\users\username ?

      • infosysfreak
        July 26, 2013 at 7:14 AM

        Correction – After testing, the script is prompting me that it is updating the default user profile, however the default profile did not get updated for new log-ons, profiles even though the prompt was stating it was loading and unloading the default user profile for new logons… the script IS working on existing user profiles (after the clean-up mentioned in my prevous comment – still wondering on that..)

      • infosysfreak
        July 26, 2013 at 7:15 AM

        And yes – they did have profiles at c:\users

      • infosysfreak
        July 26, 2013 at 7:16 AM

        They didn’t when the script worked correctly I guess should have been my answer. The profiles at c:\users matched the profile list in the registry when the script worked successfully.
        It didn’t appear to work when there was any contradiction in the users lists.

      • Mick
        July 26, 2013 at 7:59 AM

        Ok, I *just* updated the script (notice the “Last Updated” line at the top). I think this should resolve the issue you were having.

        The major change is that I now now check to ensure the user’s “ntuser.dat” file exists before trying to load it. I think what was happening is that in the loop that enumerates each user profile, it would exit out prematurely when it hit a profile it couldn’t reach. Now it should handle it more gracefully and simply skip profiles it can’t reach.

        If you can test it out, I would appreciate it.

      • infosysfreak
        July 26, 2013 at 9:12 AM

        So I just tested the new one, and in this test case I had 9 profiles that needed updating, but only 4 were getting updated. Ran the old one and it stated that it updated all 9 and did in fact update all 9. Not sure about the default profile – haven’t tested that

      • infosysfreak
        July 26, 2013 at 12:02 PM

        I tested, but it still isn’t showing me dialog that it is updating all 9 profiles, even worse this revision, only came up with 1 profile being updated. I’m still using the script from 2 revisions ago – that at least is updating all current existing profiles.

      • Mick
        July 29, 2013 at 7:26 AM

        Ok, on the first line of the script, change it from “On Error Resume Next” to “Option Explicit”, and let me know if/where it throws an error.

    • Mick
      July 26, 2013 at 9:25 AM

      Alright, I made another update so that when checking if “ntuser.dat” exists, it accounts for spaces in the path. I think that could be the issue.

      Please copy the script (it has been updated) and try it again.

  15. Jackie
    July 25, 2013 at 2:52 PM

    Wonderful script Mick! Like many have said, you have saved us all a whole heap of pain. I am trying to amend the script to read some registry keys on all the NTUSER.DATs. I was wondering if you could help me with the following problem?

    I’m trying to read the ROT13 registry keys under “Software\Microsoft\Windows\Currentversion\Explorer\UserAssist\{GUID}\Count”

    Problems are
    1) Wildcarding the GUID (there are many guids under the UserAssist key)
    2) Displaying all the values under the Count key. I am trying to use RegRead but I am utterly clueless.

    Any help would be most appreciated.

  16. Nick
    August 23, 2013 at 11:41 AM

    Mick, thank you a ton for sharing this! Saved a lot of time for me!

    Our task was deleting keys with subkeys, so I’ve added a DeleteSubkeys proc (below) and used your GetRegRootToUseForBinaryValues function to convert a string path back to hive and subroot – Something you may want to consider for further improvements.

    Regards,
    Nick

    ' DeleteSubkeys is from http://www.itninja.com/question/vbscript-to-delete-reg-key-that-has-subkeys
    Sub DeleteSubkeys(objReg, iHive, strRegistryKey)
        If Left(strRegistryKey,1) = "\" Then strRegistryKey = Mid(strRegistryKey, 2) 
    
        Dim strSubkey, arrSubkeys
    
        objReg.EnumKey iHive, strRegistryKey, arrSubkeys
        If IsArray(arrSubkeys) Then
            For Each strSubkey In arrSubkeys
                Call DeleteSubkeys(objReg, iHive, strRegistryKey & "\" & strSubkey)
            Next
        End If
    
        objReg.DeleteKey iHive, strRegistryKey
    End Sub
    
    • Mick
      August 24, 2013 at 7:34 PM

      I like this idea a lot! I will look at adding it and add it to the source on GitHub: https://github.com/MicksMix/RegUpdateAllUsers

    • Mick
      August 25, 2013 at 2:43 PM

      I have added support for deleting keys. You can find the updated code on GitHub: https://github.com/MicksMix/RegUpdateAllUsers

      • Nick
        August 26, 2013 at 5:16 PM

        Mick, it looks good :) You may wish to use WshShell.RegDelete sFullPath for deleting single values or keys without subkeys. For me it seems as a more script-oriented approach than calling WshShell.Run “reg.exe delete “. Just my 2 cents…

      • Mick
        August 26, 2013 at 6:43 PM

        I seriously considered that and originally wrote it that way, but testing showed that it would not delete keys when run by the SYSTEM user (on my system). I did a bit of troubleshooting and couldn’t easily determine why it was failing so I switched to using ‘reg.exe’.

        Since the script already relies on ‘reg.exe’ to load profiles, I decided to shell out to ‘reg.exe’ for recursive deletions because it worked in all situations that I tested.

  17. Nick
    August 23, 2013 at 11:47 AM

    Mick,

    There is one problem I’ve noticed. After running the script a bunch of system hidden files is created in C:\ root, e.g.:
    NTUSER.DAT{76d121ae-08eb-11e3-941a-3cd92b54c532}.TM.blf
    NTUSER.DAT
    NTUSER.DAT.LOG1
    NTUSER.DAT.LOG2
    NTUSER.DAT{76d121ae-08eb-11e3-941a-3cd92b54c532}.TMContainer00000000000000000001.regtrans-ms
    NTUSER.DAT{76d121ae-08eb-11e3-941a-3cd92b54c532}.TMContainer00000000000000000002.regtrans-ms

    If these are temporary files, is there a way to have them created in %Temp% and properly released/deleted afterwards? We are using Windows 7 x64.

    Thanks,
    Nick

    • Mick
      August 24, 2013 at 7:41 PM

      As I understand, these files contain tracked changes made to the hive. These are created automatically by the operating system. I am not aware of a way to move them to another location.

      • Nick
        August 26, 2013 at 5:00 PM

        Mick, this issue was caused by Call LoadProfileHive(sNewUserProfile, sCurrentUser) under “Updating the DEFAULT user profile” where sCurrentUser was Nothing. I see that you’ve already fixed that code, so I’ve updated it as well.

      • Mick
        August 26, 2013 at 6:44 PM

        Ah, that explains it. Nice find!

  18. Nick
    August 26, 2013 at 5:11 PM

    Mick, I couldn’t get the HKEY_USERS\.DEFAULT hive updated until I’ve added the explicit call “KeysToModify “HKEY_USERS\.DEFAULT”” to Load_Registry_For_Each_User(). I’m using Windows 7 x64 and running the script under my own account with elevated permissions. All other users are updated just fine.

  19. Smitty
    September 12, 2013 at 6:37 AM

    trying to either remove

    “\SOFTWARE\Apple Computer, Inc.\QuickTime\LocalUserPreferences”
    Key= “FolderPath”

    or at least change the value to this

    KeyValue = “c:\”

    on all users profiles

    do you think you can help?
    I have changed the files in your script but it does not seem to do anything so I am sure I am doing something wrong

    • Mick
      September 21, 2013 at 7:54 AM

      What does the code you have look like? I just need to see the sections you modified.

  20. September 19, 2013 at 3:44 PM

    Thanks for posting this script, Mick!

    While using the script on a number of systems, we ran into an issue: if an error occurs while updating one user, the rest of the users are skipped, even though the “Processing complete!” message appears.

    It turns out that the scope of the “On Error Resume Next” statement doesn’t include subroutines and functions, so if an error occurs inside a function, the function is exiting. The fix is simple: add “On Error Resume Next” to the subroutines and functions.

    • Mick
      September 21, 2013 at 7:53 AM

      Done! Thanks for the suggestion.

  21. Tim
    September 20, 2013 at 10:48 AM

    I can add to this list of people extremely greatful for your efforts here, thank you so much.

  22. Tim M
    October 8, 2013 at 7:27 AM

    Mick
    Thanks for your efforts and sharing this script.

    I am trying to use the script to disable touchpads on laptops being deployed in mass. I am running the script as the local Administrator. It works perfectly for the Administrator account and any other accounts that currently exist, but settings are not propagated to accounts created after the script is run.

    I’ve kept changes very simple so far. I commented out the REG BINARY and DELETING KEYS sample code and replaced the KeysToModify section with this:

        strRegPathParent01 = "Software\Synaptics\SynTPCpl"
        strRegPathParent02 = "Software\Synaptics\SynTP\TouchPadPS2"
        strRegPathParent03 = "Software\Synaptics\SynTP\TouchPadSMB2c"
        	
        WshShell.RegWrite sRegistryRootToUse & "\" & strRegPathParent01 & "\LaunchControlTreeItemName", "", "REG_SZ" 
        WshShell.RegWrite sRegistryRootToUse & "\" & strRegPathParent01 & "\LaunchDeviceHandle", "00000000", "REG_DWORD"
        WshShell.RegWrite sRegistryRootToUse & "\" & strRegPathParent02 & "\DisableGestures", "32", "REG_DWORD" 
        WshShell.RegWrite sRegistryRootToUse & "\" & strRegPathParent02 & "\DisableDevice", "00000001", "REG_DWORD"  
        WshShell.RegWrite sRegistryRootToUse & "\" & strRegPathParent03 & "\EnableButtonAction", "00000000", "REG_DWORD" 
        WshShell.RegWrite sRegistryRootToUse & "\" & strRegPathParent03 & "\DisableDevice", "00000001", "REG_DWORD"
    

    Any ideas/assistance is appreciated.
    Thanks

    • Mick
      October 8, 2013 at 9:21 AM

      Which version of Windows are you using? I’ll see if I can reproduce the issue.

  23. John
    October 9, 2013 at 7:06 AM

    Thank you Mick. This script has been very useful :) With this script is it possible to apply a registry key file rather than typing all the keys? Cheers.

    • Mick
      October 18, 2013 at 6:27 AM

      It does not currently take a registry key file as input.

  24. Garrett S
    October 17, 2013 at 3:03 PM

    I’m encountering an issue with Apple’s QuickTime that this script seems ideal for, the issue is that when its installed it created a key in the default profile that is HKCU:\Software\Apple Computer,Inc.\QuickTime\LocalUserPreferences REG_SZ “FolderPath” With the value “C:\Users\Administrator\AppData\LocalLow\Apple Computer\QuickTime\” While setting them all to a common folder such as Smitty said on September 12, 2013, would work, is there a way to have it change the value to “C:\Users\%UserName%\AppData\LocalLow\Apple Computer\QuickTime\” so that each user can still have their own settings?

    • Mick
      October 18, 2013 at 6:44 AM

      I haven’t tested this yet, but try using an the environment variable “%USERPROFILE%” in the key. Registry values can include environment variables, and this one will hold the path to the user’s profile.

      Simple replace the “KeysToModify” subroutine with this one below and try it out. Let me know if it works or not.

      Sub KeysToModify(sRegistryRootToUse) 
          '============================================== 
          ' Change variables here, or add additional keys 
          '============================================== 
          On Error Resume Next
          
          Dim strRegPathParent01
          strRegPathParent01 = "Software\Apple Computer,Inc.\QuickTime\LocalUserPreferences"
          
          Dim sNewVal
          sNewVal = "%USERPROFILE%\AppData\LocalLow\Apple Computer\QuickTime\" 
      	      
          WshShell.RegWrite sRegistryRootToUse & "\" & strRegPathParent01 & "\FolderPath", sNewVal, "REG_EXPAND_SZ" 
      End Sub
      
      • Garrett S
        October 18, 2013 at 10:28 AM

        Using that code they all updated to the account I ran the script as. I’m still working on it, I am not a good coder, but I am going to test the following changes next.
        Changed line 11:
        sNewVal = “C:\Users\” & sCurrentUser & “\AppData\LocalLow\Apple Computer\QuickTime\”
        Changed line 8:(doesn’t change much, just had to add a space between , and Inc)
        strRegPathParent01 = “Software\Software\Apple Computer, Inc.\QuickTime\LocalUserPreferences”

      • Garrett S
        October 18, 2013 at 10:47 AM

        Update 2
        I see why it wasn’t working, and its because I had messed up line 8 by having too many software’s

  25. Tim
    November 5, 2013 at 10:49 AM

    Hey Mick!!! Awesome stuff here. I have one question, it may seem n00bish or obvious, but if someone could chime in I would be most grateful!

    I am trying to modify a value in %AppData%\Local\Microsoft\Windows\UsrClass.dat

    Is this inherently possible, or could the script be easily modified to do so? I got a little bit over my head when I started poking around to mod it, but as long as there aren’t any issues that would prevent it, I would be happy to try until I get it. Just want to make sure I wasn’t missing something first.

    • Mick
      November 5, 2013 at 11:01 AM

      Yes, it could be modified to update UsrClass.dat. Let me make a few changes and test it out. I think I can add that in pretty easily.

      • Tim
        November 5, 2013 at 11:19 AM

        That is awesome!!

      • Tim
        November 7, 2013 at 5:39 PM

        My attempts didn’t turn out to well, let me know if you have any luck / time to take a peek. Thank you again for your wonderful contributions.

  26. Zolfo
    November 6, 2013 at 1:57 AM

    Hi Mick, I want to thank you for this amazing script, I’m using it through SCCM only to add/update some registry keys but it works like a charm! I hope you’ll find a wayt to make it import a .reg file, that will be awesome. Just a side note/question: usually when I’m working with variables inside registry keys (like %appdata% or %userprofile%) it must be a REG_EXPAND_SZ type to correctly expand it, but I don’t know when adding them is the same too. Thanks

    • Mick
      November 7, 2013 at 8:11 AM

      Yes, you are correct that it is best to use the regkey data type of “REG_EXPAND_SZ” when adding value’s containing environment variables (e.g. %USERPROFILE%, %APPDATA%). However, as I understand it, ultimately it is up to the application that reads that registry key. Meaning, it *should* still work if you write an environment variable to a REG_SZ key.

      But again, you are correct that REG_EXPAND_SZ should be the data type used when adding value’s containing environment variables (e.g. %USERPROFILE%, %APPDATA%).

  27. November 11, 2013 at 2:33 AM

    Hey Mick…you are a life saver. Thanks for this great script,works like a charm.

  28. Tim
    November 12, 2013 at 9:39 PM

    Mick, I feel like a tool for asking again, but my attempts to mount / change UsrClass.dat were not fruitful. Did you have anytime to tweak? If if it’s an untested, half baked version to put me in the right direction it would be immensely helpful. Any way, my last post on that note, sorry to pester.

  29. Zolfo
    December 5, 2013 at 3:23 AM

    Hi again Mick,
    like Garret S I’m trying to declare a variable that contains (in my case) the username that is currently being updated (including Default), my goal is to insert the username as a value or key name in each user registry. I’m trying to work with sCurrentUser and sUserRunningScript variables inside KeysToModify function but so far I had no luck. Any suggestion?
    Thanks

    • Zolfo
      December 17, 2013 at 6:56 AM

      …still trying to achieve my goal but so far I only achieved many ways how not to do it :) do you think you will have time these days to take a look at it or should I bother someone else in other forums…? Thanks for your work.

  30. Green Hall
    December 13, 2013 at 8:03 AM

    Hello,

    Using the script as is with just adding the HKCU variables works perfect. If we also need to add some registry settings for HKLM, where would I define sRegistryRootToUse. For example, in
    WshShell.RegWrite sRegistryRootToUse & “\” & strRegPathParent01 & “\FrameMerging”, “00000000”, “REG_DWORD”
    I just change sRegistryRootToUse to HKLM?

    I am not a programmer at all, just learning it little by little so pardon if this is something very obvious.

    Thanks

  31. Midav
    December 19, 2013 at 12:14 PM

    Thank you so much, I searched something like your script for months.

  32. Michael
    January 7, 2014 at 10:30 AM

    First off I love the development you have done on this script. However, I am getting a strange error when the script tries to update the default user profile on a windows 7 x64 machine. I just copied your code directly over and ran the vbs. The message i receive is :

    Unable to update the DEFAULT user profile, because it could not be found at:

    Am i doing something wrong is there currently a bug?

    • Mick
      January 7, 2014 at 11:00 AM

      On line 462, change this code FROM:

      sNewUserProfile = GetDefaultUserPath
      sPathToDatFile = GetPathToDatFileToUpdate(sNewUserProfile, DAT_FILE)
      

      TO:

      sNewUserProfile = GetDefaultUserPath
      WScript.Echo "New User Profile: " & sNewUserProfile
      sPathToDatFile = GetPathToDatFileToUpdate(sNewUserProfile, DAT_FILE)
      WScript.Echo "Path to DAT file: " & sPathToDatFile
      

      Then run it and post the output.

      • Michael
        January 8, 2014 at 9:08 AM

        C:\test>cscript RegUpdateAllHkcuHkcr.vbs
        Microsoft (R) Windows Script Host Version 5.8
        Copyright (C) Microsoft Corporation. All rights reserved.

        Updating the logged-on user: michael

        New User Profile: C:\Users\Default
        Path to DAT file: C:\Users\Default\NTUSER.DAT
        Updating the DEFAULT user profile which affects newly created profiles.

        HKCU loaded for this user: Default User Profile
        HKCU UN-loaded for this user: Default User Profile

        Updating the logged-on user: michael

        New User Profile: C:\Users\Default
        Path to DAT file:
        Unable to update the DEFAULT user profile, because it could not be found at:

        Processing complete!

        C:\test>

      • Mick
        January 8, 2014 at 10:59 AM

        Ok, open an admin CMD prompt and browse to C:\Users\Default. Then type:

        dir /a ntuser.dat

        Does your output look something like this? What we are looking for is to see if 'ntuser.dat' is actually in that location:

        C:\Users\Default>dir /a ntuser.dat
        Volume in drive C is OSDisk
        Volume Serial Number is XXXX-XXXX

        Directory of C:\Users\Default

        7/19/2013 11:34 AM 786,432 NTUSER.DAT
        1 File(s) 786,432 bytes

      • Michael
        January 8, 2014 at 11:21 AM

        yes

        c:\Users\Default>dir /a ntuser.dat
        Volume in drive C has no label.
        Volume Serial Number is 2AD0-48C1

        Directory of c:\Users\Default

        03/15/2013 10:35 AM 262,144 NTUSER.DAT
        1 File(s) 262,144 bytes
        0 Dir(s) 53,465,227,264 bytes free

        c:\Users\Default>

      • Michael
        January 9, 2014 at 1:23 PM

        I commented out line 48.
        I was not added anything within the classes. I guess the script is working well. I saw the message and thought it had failed.

  33. Geekasaurus
    January 8, 2014 at 3:52 PM

    Hi Mick,
    Your script works great – and I have modified it to export a registry file from each user’s NTUSER.DAT.

    This works great when run in Windows but I want to eventually run this from WinPE.

    However when doing so under WinPE as the SYSTEM account, it does not seem to loading the NTUSER.DAT of any of the user profiles on the computer (it only does SYSTEM and the DEFAULT USER PROFILE).

    Am I missing something obvious?

    Thanks in advance!

    • Geekasaurus
      January 8, 2014 at 3:57 PM

      Sorry just to clarify the above. In WinPE it only loads and unloads the Default User Profile to HKLM\Temphive, but none of the other user profiles.

      Sorry if these are silly questions but scripting is not my strong suit :(

      • Geekasaurus
        January 8, 2014 at 5:03 PM

        Ok I have figured out why….in Windows, the key HKLM\Software\Microsoft\Windows NT\Currentversion\ProfileList contains all the user profiles, however in WinPE none of the standard user profiles are visible (i.e. you can only see the SsystemProfile, Localservice and NetworkService).

        Any ideas as to why this may be?

  34. pysycho6
    January 12, 2014 at 4:43 PM

    Great script!!!. How do I add a multi-string value???

  35. January 15, 2014 at 4:22 PM

    Thanks Mick!
    I think I should write a script to update a key on all users, but you saved my life.
    Thank you!

  36. cace72
    March 15, 2014 at 1:51 PM

    Look for “Active Setup” HKLM registry key. Easier than use the reg.exe.. http://www.sepago.de/d/helge/2010/04/22/active-setup-explained

    • Mick
      May 12, 2014 at 8:35 AM

      Great comment! Yes, using “Active Setup” is an alternative and better supported method of updating HKCU for all users, at next interactive logon.

  37. Josh
    July 3, 2014 at 9:47 AM

    Mike, is it necessary to update the HKCR for each user, or just the HKCU ?
    I am just trying to add a site to Local Sites in IE via the key path Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\

    I’m only asking, because updating the DEFAULT user on Windows 7 seems to fail when it runs through Call Load_Registry_For_Each_User(DAT_USRCLASS)

    DEFAULT succeeds for Call Load_Registry_For_Each_User(DAT_NTUSER)

  38. Midav
    August 4, 2014 at 7:06 AM

    First thanks for this cool script. If you use Binary Registry Values you need to set them as first entries, otherwise you need to start the script twice.

    Example:

    strRegPathParent01 = “Software\ACD Systems\ACDSee Pro\70\LClient\”
    strRegPathParent02 = “Software\ACD Systems\ACDSee Pro\70\LClient”

    WshShell.RegWrite sRegistryRootToUse & “\” & strRegPathParent01 & “\rid”, “21237835”, “REG_DWORD”
    WshShell.RegWrite sRegistryRootToUse & “\” & strRegPathParent01 & “\scd”, “1iUbTg9RJbM=”, “REG_SZ”
    WshShell.RegWrite sRegistryRootToUse & “\” & strRegPathParent01 & “\spd”, “sr2shv5PBiUiFbJ2ON5vBA==”, “REG_SZ”

    SetBinaryRegKeys sRegistryRootToUse, strRegPathParent02,”md”,”hex:3d,89,37,7d,47,b4,59,..”
    SetBinaryRegKeys sRegistryRootToUse, strRegPathParent02,”ud”,”hex:68,ac,78,6f,91,34,a3,…”

    Thanks.

  39. January 8, 2016 at 10:02 AM

    I’ve attempted running this on Windows 10 and although it says it’s updating the current user’s settings (it’s failing on the default user), there are no changes.

    Here’s what I’ve modified before running the script:

    If DAT_FILE = DAT_NTUSER Then ‘This is for updating HKCU keys
    Dim strRegPathParent01

    strRegPathParent01 = “Software\Policies\Microsoft\Windows\Explorer”

    WshShell.RegWrite sRegistryRootToUse & “\” & strRegPathParent01 & “\Start_PowerButtonAction”, “00000001”, “REG_DWORD”

    I haven’t touched anything else.

    Gavin

  40. kyle
    February 4, 2016 at 3:10 PM

    I keep receiving
    (118, 1) Microsoft VBScript compilation error: Syntax error and If I comment out the line, it just finds another line to pick on. I commented out the seemingly unnecessary lines. Below are the only modifications I have made to the script:

    If DAT_FILE = DAT_NTUSER Then ‘This is for updating HKCU keys
    Dim strRegPathParent01
    Dim strRegPathParent02
    Dim strRegPathParent03
    Dim strRegPathParent04
    Dim strRegPathParent05

    strRegPathParent01 = “Software\Policies\Microsoft\Office\14.0\access\security”
    strRegPathParent02 = “Software\Policies\Microsoft\Office\14.0\access\settings”
    strRegPathParent03 = “Software\Policies\Microsoft\Office\14.0\access\internet”
    strRegPathParent04 = “software\policies\Microsoft\office\14.0\common\toolbars\access”

    WshShell.RegWrite sRegistryRootToUse & “\” & strRegPathParent01 & “\NoTBPromptUnsignedAddin”, “00000001”, “REG_DWORD”
    WshShell.RegWrite sRegistryRootToUse & “\” & strRegPathParent01 & “\vbawarnings”, “00000002”, “REG_DWORD”
    WshShell.RegWrite sRegistryRootToUse & “\” & strRegPathParent01 & “\ModalTrustDecisionOnly”, “00000000”, “REG_DWORD”
    WshShell.RegWrite sRegistryRootToUse & “\” & strRegPathParent01 & “\RequireAddinSig”, “00000001”, “REG_DWORD”
    WshShell.RegWrite sRegistryRootToUse & “\” & strRegPathParent01 & “\EnableDEP”, “00000001”, “REG_DWORD”
    WshShell.RegWrite sRegistryRootToUse & “\” & strRegPathParent02 & “\Default File Format”, “00000012”, “REG_DWORD”
    WshShell.RegWrite sRegistryRootToUse & “\” & strRegPathParent02 & “\NoConvertDialog”, “00000000”, “REG_DWORD”
    WshShell.RegWrite sRegistryRootToUse & “\” & strRegPathParent03 & “\DoNotUnderlineHyperlinks”, “00000000”, “REG_DWORD”
    WshShell.RegWrite sRegistryRootToUse & “\” & strRegPathParent04 & “\noextensibilitycustomizationfromdocument”, “00000001”, “REG_DWORD”

    ‘===
    ‘REG_BINARY values are special
    ‘===

    ‘ 1st step is to create subkey path
    ‘WshShell.RegWrite sRegistryRootToUse & “\” & strRegPathParent05 & “\”, “”
    ‘SetBinaryRegKeys sRegistryRootToUse, strRegPathParent05, “My Test Binary Value”,”hex:23,00,41,00,43,00,42,00,6c,00″

    ‘ You can add additional registry keys to write here if you would like

    ‘=======================
    ‘ DELETING KEYS
    ‘=======================

    ‘ This will RECURSIVELY delete the parent reg key and all items below it.
    ‘ USE CAUTION!

    ‘Dim sSubkeyPathToDelete
    ‘sSubkeyPathToDelete = “Software\_Test”

    ‘Call DeleteSubkeysRecursively(sRegistryRootToUse, sSubkeyPathToDelete) ‘ recursively deletes the binary reg key we added earlier


    ‘ This will delete just a single value
    ‘Call DeleteSingleValue(sRegistryRootToUse, strRegPathParent02, “FormSuggest PW Ask”) ‘ deletes the ‘FormSuggest PW Ask’ key set earlier

    ‘ElseIf DAT_FILE = DAT_USRCLASS Then ‘ This is for updating HKCR keys per-user
    ‘Dim sHkcrParent01
    ‘sHkcrParent01 = “Software\Microsoft\MediaPlayer\Preferences”
    ‘sHkcrParent01 = “FirefoxURL”

    ‘WshShell.RegWrite sRegistryRootToUse & “\” & sHkcrParent01 & “\FriendlyTypeName”, “Firefox URL”, “REG_SZ”
    ‘End If
    ‘End Sub







    ‘ NO CHANGES NECESSARY BELOW THIS LINE

  41. Berten
    March 10, 2016 at 1:36 AM

    We have a software distribution system (proprietary, no SCCM or the likes) that distributes packages that runs with SYSTEM privileges while a user is already logged in. I suppose there is no way to update the ntuser.dat for the user that is already logged into the pc ?

    • Mick
      March 10, 2016 at 12:40 PM

      This script will update any logged-on users. Logged-on users hives are loaded at “HKEY_USERS\THE_USERS_SID”. You simply need to obtain the user’s SID and then you can read/write to that hive without having to load any ntuser.dat files.

      There are many ways to do it, but PsGetSid from SysInternals can retrieve a user’s SID on-demand: https://technet.microsoft.com/en-us/sysinternals/bb897417.aspx

  42. Josh
    July 7, 2016 at 12:26 AM

    Hi Mick! Thanks very much for your hard work on this one- you’ve really saved me a lot of work!

    I’ve modified the script to delete a registry key within Software\Classes\Wow6432Node\CLSID for all users, which is deployed to a collection via a program within a package in SCCM 2012.

    The script works GREAT when the Environment Setting ‘Program Can Run’ is set to ‘Only When a User is Logged On’. However, for the purpose of this deployment (a Java Update) I require the script to run ‘Only when no user is logged on’. When that setting is checked, doesn’t work.

    Is this behavior expected? (ie: will this script not work if no user is logged on)?

    Thanks for your help!

    All the best,

    Josh

    • Mick
      July 7, 2016 at 10:13 AM

      Hi Josh. When you say it “doesn’t work” when set to run “Only when no user is logged on”, what exactly happens? Do any keys get written?

      The vbscript currently is configured to echo out errors/progress. I suggest capturing this in a file to see exactly where it seems to be failing.

      Create a batch file, or modify your SCCM package/command, to run the vbscript like this (important to run cscript here…not wscript or there will be GUI popups on “wscript.echo” calls in the script):

      cscript.exe RegUpdateAllHkcuHkcr.vbs > c:\windows\temp\log_RegUpdateAllHkcuHkcr.log

      Then after it runs, check the log file to see what exactly is failing. Let me know if you are still having problems.

      • Josh
        July 12, 2016 at 12:15 AM

        Hello Mick! Thank’s for your speedy response. In my naivety I had commented out the ‘echo’ instances thinking that they may have been inhibiting my silent program from running its course correctly (admittedly I’m pretty new to the world of scripting- I’ve since learned about the wonders of cscript!)

        I reverted to the old script and added cscript to the command line, and it’s now working a treat!

        Thank you again, you’ve been a fantastic help.

        Have a great day!

  43. dicker182
    January 6, 2017 at 9:16 AM

    Hi Mick,

    sorry I am a totaly newby… What have I to do to set this regkeys for all users?

    [HKEY_CURRENT_USER\Control Panel\Desktop]
    “ScreenSaveActive”=”1”
    “SCRNSAVE.EXE”=”C:\\windows\\system32\\scrnsave.scr”
    “ScreenSaveTimeOut”=”900”
    “ScreenSaverIsSecure”=”1”

    Hope you can help me :(

    Best regards
    Dicker182

  44. Joshua
    March 6, 2017 at 8:07 AM

    Hi Mick,

    I wanted to know if this script is compatible with Windows 10 x64 yet? I’ts been very useful to me over the years. Thanks.

  1. November 22, 2015 at 8:52 AM
  2. December 19, 2016 at 10:35 PM

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: