Read or Update a registry key for ALL users on a system
Have you ever needed to read or update a registry key that is stored in each user’s HKEY_CURRENT_USER or HKEY_CLASSES_ROOT hive? Have you also ever needed to read or update it for ALL users on the system, as well as make it the default setting when a new user profile is created?
That can be a bit of a daunting task. One solution is to add the registry key update to the user’s logon script.
UPDATE: As a commenter pointed out, an alternative solution is to use the built-in “Active Setup” functionality which can run a script the next time each user logs in, under that user’s context. In most scenarios, I believe this will be the best method for updating registry settings on a per-user basis.
What is Active-Setup? http://sccmpackager.blogspot.com/2013/07/active-setup-what-is-active-setup.html
However, the technique described in this post is very useful for when you need to read from each user’s registry settings (or write to) immediately and cannot wait for the next time a user logs onto the system.
Fortunately, there is another way that will immediately update all profiles (including the DEFAULT profile) and I wrote a vbscript to make it easier.
The source code (vbscript) is available here: https://github.com/MicksMix/RegUpdateAllUsers
CHANGELOG
- Nov 15, 2013 – Able to update NTUSER.DAT and/or USRCLASS.DAT (HKCU and/or HKCR)
- Aug 25, 2013 – Added ability to delete keys
- Apr 23, 2013 – Added ability to write REG_BINARY values
- Apr 11, 2013 – Fixed bug where it wouldn’t work when run by SYSTEM account
- Mar 28, 2013 – Huge code cleanup and bug fixes
- Jan 13, 2012 – Initial release
The script can set REG_BINARY keys as long as they are in the format used by a regedit.exe export. For example:
[HKEY_CURRENT_USER\Software\_Test\MyTestBinarySubkey] "My Test Binary Value"=hex:23,00,41,00,43,00,42,00,6c,00
To set this binary value using the script, you would modify line 82 to be:
SetBinaryRegKeys sRegistryRootToUse, strRegPathParent03, “My Test Binary Value”,“hex:23,00,41,00,43,00,42,00,6c,00”
The script works correctly even when run under the SYSTEM account.
The general way this script works:
- Update the currently logged on user’s HKCU (that’s easy enough)
- Then you must enumerate every profile on the system
- Find their ntuser.dat file (ntuser.dat contains the contents of the user’s HKCU hive)
- Find their usrclass.dat file (usrclass.dat contains the user’s HKCR hive)
- Load ntuser.dat and/or usrclass.dat into a temporary key in the HKLM hive (programmatically or using reg.exe)
- I use ‘HKLM\TempHive’ as the temporary key
- Then when you write to “HKLM\TempHive”you are actually editing that user’s HKCU hive.
- If you load ntuser.dat/usrclass.dat for the “Default” user, the settings will take effect for any NEW user profile created on the system
- If more than 1 user is currently logged on, you can edit their HKCU/HKCR hive by looking the user up by their SID under HKEY_USERS and writing to it at that location.
It’s a bit of a tedious job, so I wrote a VBScript that takes care of all of the steps listed above. This script has been tested on Windows XP and Windows 7 (x64), but should work on Windows 2000 and newer. It relies on “reg.exe” which ships with all versions of Windows.
a very nice script!
thanks so much,i’ve been looking for a way to update the HKCU with a vbs for all users for some time now…
This is a beautiful thing. Thank you very much for sharing.
Legend, thanks very much.
hey i want to…set the default application for any image in my system to Paint…modifying Registry Programatically using VB…please help..
I have done it on Windows XP but facing problem of Security access on Windows 7…
What do you have written so far?
Hi Mick. I’m a complete newbie. I want to use this script to replace the proxy exception list for all users on a system and I’m unsure where to enter the key and what to change to stop it being deleted again as in this test script. I know it seems like I want you to do it for me but I just need help knowing where to put the string.
Thanks in advance. Tony.
Here’s the message I put on technet.
I currently manage approx 1,800 computers on a vpn network. They are not part of any AD. There are mixed service packs of XP mostly SP2 and SP3. They all access the internet via a proxy server. They are all running either IE6 (not many left) or IE8. I have wrote a script to change the proxy exception list but not all of them have worked I have changed the following reg keys [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings] & [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings] & [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings]. It seems in the ones that have not changed, the local SID account is the one in use and this has not changed because of its uniqueness. Is there a way either scripting or a commercial package that I can use to write keys to ALL users. I’m not sure on the details of how to use local policy to set this or how I would be able to write a script that would import the settings from a text file or something. Can anyone help with this matter.
Thanks
Using “Active Setup” might be the best approach in this situation. Here’s a great guide on it:
http://www.sepago.de/d/helge/2010/04/22/active-setup-explained
Hey, when I run your script from sccm then all scripts are execute as system account. System account (objShell.Namespace(USERPROFILE).self.path) indicate to C:\windows\system32\config… and script doesn’t apply reg for all users then.
I have updated the script to support running under the SYSTEM account. Please let me know if you have any issues.
Thank you Mick, currently it is working perfectly
There are one another issue. When I change setting for all users I think also about default user. I didn’t see it until test.
I updated the script again and it now handles the DEFAULT user profile again. Please let me know if you have any issues.
I’m afraid that new script doesn’t work for default user, because hive HKEY_USERS\.DEFAULT isn’t a hive of Default User. It is system profile registry. Look to HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders and then you will see that all path indicate to system profile C:\WINDOWS\system32\config\systemprofile\. That hive is loaded because system user is logged on. Default user hive is not loaded. Currently I modify script to check whether C:\users\default exist then load default user hive and set registy settings. If not exist C:\users\default then looking default user in C:\document and settings\default user.
Nice catch. I will work to get it fixed in the next couple of days.
It is now fixed and the “GetDefaultUserPath” function will determine the path to the Default User’s profile, where ntuser.dat is found. This is the hive used to clone when creating new users on the system.
Thank you for finding my mistake and letting me know.
Hi Mick,
Would this work if I wanted to change the key’s permissions? In other words, I have a reg key (HKCU\Software\Key) and want to give ‘everyone’ FULL access.
Thanks!
Why would you want to give “Everyone” “FULL” access to other user’s registry locations? Even if you did make permissions changes with this script, you’d also have to re-ACL the ntuser.dat file for every user so that other non privileged users could access that file (%USERPROFILE%\ntuser.dat).
That being said, I don’t know if it’d work or not. Sounds like you should re-think the approach.
Hi,
great script!
I would like to have it working for ALL USERS except ADMINISTRATORS users. How should i modify the script accordingly? Can you help me?
Thank you very much!
Good Morning,
is there any way to change REG_QWORD-Entry like this:
“ExecTime”=hex(b):00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
I’m running this under the SYSTEM context and it is not working. It only processes the systemprofile user. Please help.
What operating system are you running this on?
Windows 7.
I’m testing on my Windows 7 system at the moment and cannot recreate the issue.
How many profiles exist on your system, and what is the output when you run it from the command-line?
Are you able to look at this and fix if there is in fact an issue?
Thanks in advance.
Yep. I’ve tested on a couple of my Win 7 x64 systems and it works correctly.
On line 329, add the following:
WScript.Echo “The user: ” & sCurrentUser & ” original value: ” & strValue & vbcrlf
Then post that output.
After that, if it still doesn’t work after reviewing that output, I’d suggest to change the 1st line from “On Error Resume Next” to “Option Explicit”, and report the errors here.
I will try what you suggested but in the meantime, I wanted to give you some more information.
The script works fine when I run it under my security context. My system has 10 user profiles. It’s when I run it under SYSTEM that it doesn’t work. Are you testing using SYSTEM? Here’s how I am testing this.
1. Copy the .vbs to c:\.
2. Create a batch file named test.bat that calls the .vbs file. Example:
cscript c:\test.vbs
3. Use AT to schedule a job and run the script under the SYSTEM security context. Example:
AT \\%COMPUTERNAME% 8:45 “c:\test.bat”
This is when it only processes systemprofile.
Thanks for your help. I really appreciate it.
Yes, I am testing using SYSTEM credentials by using psexec to spawn a cmd prompt running as system:
psexec -s -i -d cmd.exe
From there I run the script and it works. Maybe there is something different about using a scheduled task, but I am not certain yet.
Please test this…download psexec, launch a SYSTEM command prompt (psexec -s -i -d cmd), and then run the script from there and let me know if it works or not.
It’s working now. Not sure what I was doing wrong. Thank you.
What if the script is being run under local while another user is logged on? How is hkcu handled then? Sorry, maybe I am just missing it.
Never mind…I got it.
Ok, cool. Just for the benefit of others, the script will still update another logged on user by writing directly to their registry hive loaded under HKEY_USERS.
Sir, you have solved a problem I have been struggling with for a while. A messed up package deployment with faulty evaluation license stored in user hives. I have successfully replaced the eval licenses with a proper full ones with your script. I appreciate you sharing this wonderful work with the rest of us mortals.
Cheers.
Thank you, I’m glad to hear that you found this helpful!
Does the code work also on win8?
I have not tried it, but I assume it will. If you have access to a Windows 8 system, please try it out and let me know.
I just tested on Windows 8 and it works.
I have used this and it successfully updates the Current users, and default profile, but it is not updating all the other profiles that live on the Windows 7 PC – Am I doing something wrong?
Please try running under the SYSTEM account in order to rule out the problem being related to permissions. To get a SYSTEM cmd prompt, use psexec and run:
psexec -s -i -d cmd.exe
Then run it from the resulting CMD prompt and let me know if it works or not.
The first 2 times running it under the system account it still didn’t update all profiles. I went into the registry under the profile list, I cleaned it up (users that were no longer in the My Computer Properties – profiles list – but still in the registry). After that, ran the script and it DID update all 18 profiles that were on the Windows 7 PC. Any ideas if it had anything to do with my manual profile clean-up? That could get time consuming to do that on every PC prior to running this script…
Interesting. For the profiles you cleaned up, did they have physical profiles on disk at all? By that I mean any data stored at c:\users\username ?
Correction – After testing, the script is prompting me that it is updating the default user profile, however the default profile did not get updated for new log-ons, profiles even though the prompt was stating it was loading and unloading the default user profile for new logons… the script IS working on existing user profiles (after the clean-up mentioned in my prevous comment – still wondering on that..)
And yes – they did have profiles at c:\users
They didn’t when the script worked correctly I guess should have been my answer. The profiles at c:\users matched the profile list in the registry when the script worked successfully.
It didn’t appear to work when there was any contradiction in the users lists.
Ok, I *just* updated the script (notice the “Last Updated” line at the top). I think this should resolve the issue you were having.
The major change is that I now now check to ensure the user’s “ntuser.dat” file exists before trying to load it. I think what was happening is that in the loop that enumerates each user profile, it would exit out prematurely when it hit a profile it couldn’t reach. Now it should handle it more gracefully and simply skip profiles it can’t reach.
If you can test it out, I would appreciate it.
So I just tested the new one, and in this test case I had 9 profiles that needed updating, but only 4 were getting updated. Ran the old one and it stated that it updated all 9 and did in fact update all 9. Not sure about the default profile – haven’t tested that
I tested, but it still isn’t showing me dialog that it is updating all 9 profiles, even worse this revision, only came up with 1 profile being updated. I’m still using the script from 2 revisions ago – that at least is updating all current existing profiles.
Ok, on the first line of the script, change it from “On Error Resume Next” to “Option Explicit”, and let me know if/where it throws an error.
Alright, I made another update so that when checking if “ntuser.dat” exists, it accounts for spaces in the path. I think that could be the issue.
Please copy the script (it has been updated) and try it again.
Wonderful script Mick! Like many have said, you have saved us all a whole heap of pain. I am trying to amend the script to read some registry keys on all the NTUSER.DATs. I was wondering if you could help me with the following problem?
I’m trying to read the ROT13 registry keys under “Software\Microsoft\Windows\Currentversion\Explorer\UserAssist\{GUID}\Count”
Problems are
1) Wildcarding the GUID (there are many guids under the UserAssist key)
2) Displaying all the values under the Count key. I am trying to use RegRead but I am utterly clueless.
Any help would be most appreciated.
Mick, thank you a ton for sharing this! Saved a lot of time for me!
Our task was deleting keys with subkeys, so I’ve added a DeleteSubkeys proc (below) and used your GetRegRootToUseForBinaryValues function to convert a string path back to hive and subroot – Something you may want to consider for further improvements.
Regards,
Nick
' DeleteSubkeys is from http://www.itninja.com/question/vbscript-to-delete-reg-key-that-has-subkeys Sub DeleteSubkeys(objReg, iHive, strRegistryKey) If Left(strRegistryKey,1) = "\" Then strRegistryKey = Mid(strRegistryKey, 2) Dim strSubkey, arrSubkeys objReg.EnumKey iHive, strRegistryKey, arrSubkeys If IsArray(arrSubkeys) Then For Each strSubkey In arrSubkeys Call DeleteSubkeys(objReg, iHive, strRegistryKey & "\" & strSubkey) Next End If objReg.DeleteKey iHive, strRegistryKey End SubI like this idea a lot! I will look at adding it and add it to the source on GitHub: https://github.com/MicksMix/RegUpdateAllUsers
I have added support for deleting keys. You can find the updated code on GitHub: https://github.com/MicksMix/RegUpdateAllUsers
Mick, it looks good :) You may wish to use WshShell.RegDelete sFullPath for deleting single values or keys without subkeys. For me it seems as a more script-oriented approach than calling WshShell.Run “reg.exe delete “. Just my 2 cents…
I seriously considered that and originally wrote it that way, but testing showed that it would not delete keys when run by the SYSTEM user (on my system). I did a bit of troubleshooting and couldn’t easily determine why it was failing so I switched to using ‘reg.exe’.
Since the script already relies on ‘reg.exe’ to load profiles, I decided to shell out to ‘reg.exe’ for recursive deletions because it worked in all situations that I tested.
Mick,
There is one problem I’ve noticed. After running the script a bunch of system hidden files is created in C:\ root, e.g.:
NTUSER.DAT{76d121ae-08eb-11e3-941a-3cd92b54c532}.TM.blf
NTUSER.DAT
NTUSER.DAT.LOG1
NTUSER.DAT.LOG2
NTUSER.DAT{76d121ae-08eb-11e3-941a-3cd92b54c532}.TMContainer00000000000000000001.regtrans-ms
NTUSER.DAT{76d121ae-08eb-11e3-941a-3cd92b54c532}.TMContainer00000000000000000002.regtrans-ms
If these are temporary files, is there a way to have them created in %Temp% and properly released/deleted afterwards? We are using Windows 7 x64.
Thanks,
Nick
As I understand, these files contain tracked changes made to the hive. These are created automatically by the operating system. I am not aware of a way to move them to another location.
Mick, this issue was caused by Call LoadProfileHive(sNewUserProfile, sCurrentUser) under “Updating the DEFAULT user profile” where sCurrentUser was Nothing. I see that you’ve already fixed that code, so I’ve updated it as well.
Ah, that explains it. Nice find!
Mick, I couldn’t get the HKEY_USERS\.DEFAULT hive updated until I’ve added the explicit call “KeysToModify “HKEY_USERS\.DEFAULT”” to Load_Registry_For_Each_User(). I’m using Windows 7 x64 and running the script under my own account with elevated permissions. All other users are updated just fine.
That’s the SYSTEM profile. Typically, there is no reason to update keys for the SYSTEM user, so I skip it. More info here from Microsoft API developer, Raymond Chen: http://blogs.msdn.com/b/oldnewthing/archive/2007/03/02/1786493.aspx
trying to either remove
“\SOFTWARE\Apple Computer, Inc.\QuickTime\LocalUserPreferences”
Key= “FolderPath”
or at least change the value to this
KeyValue = “c:\”
on all users profiles
do you think you can help?
I have changed the files in your script but it does not seem to do anything so I am sure I am doing something wrong
What does the code you have look like? I just need to see the sections you modified.
Thanks for posting this script, Mick!
While using the script on a number of systems, we ran into an issue: if an error occurs while updating one user, the rest of the users are skipped, even though the “Processing complete!” message appears.
It turns out that the scope of the “On Error Resume Next” statement doesn’t include subroutines and functions, so if an error occurs inside a function, the function is exiting. The fix is simple: add “On Error Resume Next” to the subroutines and functions.
Done! Thanks for the suggestion.
I can add to this list of people extremely greatful for your efforts here, thank you so much.
Mick
Thanks for your efforts and sharing this script.
I am trying to use the script to disable touchpads on laptops being deployed in mass. I am running the script as the local Administrator. It works perfectly for the Administrator account and any other accounts that currently exist, but settings are not propagated to accounts created after the script is run.
I’ve kept changes very simple so far. I commented out the REG BINARY and DELETING KEYS sample code and replaced the KeysToModify section with this:
strRegPathParent01 = "Software\Synaptics\SynTPCpl" strRegPathParent02 = "Software\Synaptics\SynTP\TouchPadPS2" strRegPathParent03 = "Software\Synaptics\SynTP\TouchPadSMB2c" WshShell.RegWrite sRegistryRootToUse & "\" & strRegPathParent01 & "\LaunchControlTreeItemName", "", "REG_SZ" WshShell.RegWrite sRegistryRootToUse & "\" & strRegPathParent01 & "\LaunchDeviceHandle", "00000000", "REG_DWORD" WshShell.RegWrite sRegistryRootToUse & "\" & strRegPathParent02 & "\DisableGestures", "32", "REG_DWORD" WshShell.RegWrite sRegistryRootToUse & "\" & strRegPathParent02 & "\DisableDevice", "00000001", "REG_DWORD" WshShell.RegWrite sRegistryRootToUse & "\" & strRegPathParent03 & "\EnableButtonAction", "00000000", "REG_DWORD" WshShell.RegWrite sRegistryRootToUse & "\" & strRegPathParent03 & "\DisableDevice", "00000001", "REG_DWORD"Any ideas/assistance is appreciated.
Thanks
Which version of Windows are you using? I’ll see if I can reproduce the issue.
Thank you Mick. This script has been very useful :) With this script is it possible to apply a registry key file rather than typing all the keys? Cheers.
It does not currently take a registry key file as input.
I’m encountering an issue with Apple’s QuickTime that this script seems ideal for, the issue is that when its installed it created a key in the default profile that is HKCU:\Software\Apple Computer,Inc.\QuickTime\LocalUserPreferences REG_SZ “FolderPath” With the value “C:\Users\Administrator\AppData\LocalLow\Apple Computer\QuickTime\” While setting them all to a common folder such as Smitty said on September 12, 2013, would work, is there a way to have it change the value to “C:\Users\%UserName%\AppData\LocalLow\Apple Computer\QuickTime\” so that each user can still have their own settings?
I haven’t tested this yet, but try using an the environment variable “%USERPROFILE%” in the key. Registry values can include environment variables, and this one will hold the path to the user’s profile.
Simple replace the “KeysToModify” subroutine with this one below and try it out. Let me know if it works or not.
Sub KeysToModify(sRegistryRootToUse) '============================================== ' Change variables here, or add additional keys '============================================== On Error Resume Next Dim strRegPathParent01 strRegPathParent01 = "Software\Apple Computer,Inc.\QuickTime\LocalUserPreferences" Dim sNewVal sNewVal = "%USERPROFILE%\AppData\LocalLow\Apple Computer\QuickTime\" WshShell.RegWrite sRegistryRootToUse & "\" & strRegPathParent01 & "\FolderPath", sNewVal, "REG_EXPAND_SZ" End SubUsing that code they all updated to the account I ran the script as. I’m still working on it, I am not a good coder, but I am going to test the following changes next.
Changed line 11:
sNewVal = “C:\Users\” & sCurrentUser & “\AppData\LocalLow\Apple Computer\QuickTime\”
Changed line 8:(doesn’t change much, just had to add a space between , and Inc)
strRegPathParent01 = “Software\Software\Apple Computer, Inc.\QuickTime\LocalUserPreferences”
Update 2
I see why it wasn’t working, and its because I had messed up line 8 by having too many software’s
Hey Mick!!! Awesome stuff here. I have one question, it may seem n00bish or obvious, but if someone could chime in I would be most grateful!
I am trying to modify a value in %AppData%\Local\Microsoft\Windows\UsrClass.dat
Is this inherently possible, or could the script be easily modified to do so? I got a little bit over my head when I started poking around to mod it, but as long as there aren’t any issues that would prevent it, I would be happy to try until I get it. Just want to make sure I wasn’t missing something first.
Yes, it could be modified to update UsrClass.dat. Let me make a few changes and test it out. I think I can add that in pretty easily.
That is awesome!!
My attempts didn’t turn out to well, let me know if you have any luck / time to take a peek. Thank you again for your wonderful contributions.
Hi Mick, I want to thank you for this amazing script, I’m using it through SCCM only to add/update some registry keys but it works like a charm! I hope you’ll find a wayt to make it import a .reg file, that will be awesome. Just a side note/question: usually when I’m working with variables inside registry keys (like %appdata% or %userprofile%) it must be a REG_EXPAND_SZ type to correctly expand it, but I don’t know when adding them is the same too. Thanks
Yes, you are correct that it is best to use the regkey data type of “REG_EXPAND_SZ” when adding value’s containing environment variables (e.g. %USERPROFILE%, %APPDATA%). However, as I understand it, ultimately it is up to the application that reads that registry key. Meaning, it *should* still work if you write an environment variable to a REG_SZ key.
But again, you are correct that REG_EXPAND_SZ should be the data type used when adding value’s containing environment variables (e.g. %USERPROFILE%, %APPDATA%).
Hey Mick…you are a life saver. Thanks for this great script,works like a charm.
Mick, I feel like a tool for asking again, but my attempts to mount / change UsrClass.dat were not fruitful. Did you have anytime to tweak? If if it’s an untested, half baked version to put me in the right direction it would be immensely helpful. Any way, my last post on that note, sorry to pester.
Ok, try this test version of the script. It should work for updating UsrClass.dat for all users. Please let me know if it works for you or not:
https://github.com/MicksMix/RegUpdateAllUsers/blob/master/RegUpdateAllUsers_wHKCR.vbs
You are the man! Is there a way I (or even we) can donate for your time spent on these projects? Based on this thread alone, it’s clear you have saved many behinds.
That’s certainly not necessary, but if you’d like to make a donation you can do it through FastSpring’s secure payment website here. I’m glad this is working for you. I will update the original script with these changes.
Hi again Mick,
like Garret S I’m trying to declare a variable that contains (in my case) the username that is currently being updated (including Default), my goal is to insert the username as a value or key name in each user registry. I’m trying to work with sCurrentUser and sUserRunningScript variables inside KeysToModify function but so far I had no luck. Any suggestion?
Thanks
…still trying to achieve my goal but so far I only achieved many ways how not to do it :) do you think you will have time these days to take a look at it or should I bother someone else in other forums…? Thanks for your work.
Hello,
Using the script as is with just adding the HKCU variables works perfect. If we also need to add some registry settings for HKLM, where would I define sRegistryRootToUse. For example, in
WshShell.RegWrite sRegistryRootToUse & “\” & strRegPathParent01 & “\FrameMerging”, “00000000”, “REG_DWORD”
I just change sRegistryRootToUse to HKLM?
I am not a programmer at all, just learning it little by little so pardon if this is something very obvious.
Thanks
Thank you so much, I searched something like your script for months.
First off I love the development you have done on this script. However, I am getting a strange error when the script tries to update the default user profile on a windows 7 x64 machine. I just copied your code directly over and ran the vbs. The message i receive is :
Unable to update the DEFAULT user profile, because it could not be found at:
Am i doing something wrong is there currently a bug?
On line 462, change this code FROM:
TO:
Then run it and post the output.
C:\test>cscript RegUpdateAllHkcuHkcr.vbsMicrosoft (R) Windows Script Host Version 5.8
Copyright (C) Microsoft Corporation. All rights reserved.
Updating the logged-on user: michael
New User Profile: C:\Users\Default
Path to DAT file: C:\Users\Default\NTUSER.DAT
Updating the DEFAULT user profile which affects newly created profiles.
HKCU loaded for this user: Default User Profile
HKCU UN-loaded for this user: Default User Profile
Updating the logged-on user: michael
New User Profile: C:\Users\Default
Path to DAT file:
Unable to update the DEFAULT user profile, because it could not be found at:
Processing complete!
C:\test>
Ok, open an admin CMD prompt and browse to C:\Users\Default. Then type:
dir /a ntuser.datDoes your output look something like this? What we are looking for is to see if 'ntuser.dat' is actually in that location:C:\Users\Default>dir /a ntuser.dat
Volume in drive C is OSDisk
Volume Serial Number is XXXX-XXXX
Directory of C:\Users\Default
7/19/2013 11:34 AM 786,432 NTUSER.DAT
1 File(s) 786,432 bytes
yes
c:\Users\Default>dir /a ntuser.dat
Volume in drive C has no label.
Volume Serial Number is 2AD0-48C1
Directory of c:\Users\Default
03/15/2013 10:35 AM 262,144 NTUSER.DAT
1 File(s) 262,144 bytes
0 Dir(s) 53,465,227,264 bytes free
c:\Users\Default>
I commented out line 48.
I was not added anything within the classes. I guess the script is working well. I saw the message and thought it had failed.
Hi Mick,
Your script works great – and I have modified it to export a registry file from each user’s NTUSER.DAT.
This works great when run in Windows but I want to eventually run this from WinPE.
However when doing so under WinPE as the SYSTEM account, it does not seem to loading the NTUSER.DAT of any of the user profiles on the computer (it only does SYSTEM and the DEFAULT USER PROFILE).
Am I missing something obvious?
Thanks in advance!
Sorry just to clarify the above. In WinPE it only loads and unloads the Default User Profile to HKLM\Temphive, but none of the other user profiles.
Sorry if these are silly questions but scripting is not my strong suit :(
Ok I have figured out why….in Windows, the key HKLM\Software\Microsoft\Windows NT\Currentversion\ProfileList contains all the user profiles, however in WinPE none of the standard user profiles are visible (i.e. you can only see the SsystemProfile, Localservice and NetworkService).
Any ideas as to why this may be?
Great script!!!. How do I add a multi-string value???
Thanks Mick!
I think I should write a script to update a key on all users, but you saved my life.
Thank you!
Look for “Active Setup” HKLM registry key. Easier than use the reg.exe.. http://www.sepago.de/d/helge/2010/04/22/active-setup-explained
Great comment! Yes, using “Active Setup” is an alternative and better supported method of updating HKCU for all users, at next interactive logon.
Mike, is it necessary to update the HKCR for each user, or just the HKCU ?
I am just trying to add a site to Local Sites in IE via the key path Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
I’m only asking, because updating the DEFAULT user on Windows 7 seems to fail when it runs through Call Load_Registry_For_Each_User(DAT_USRCLASS)
DEFAULT succeeds for Call Load_Registry_For_Each_User(DAT_NTUSER)
First thanks for this cool script. If you use Binary Registry Values you need to set them as first entries, otherwise you need to start the script twice.
Example:
strRegPathParent01 = “Software\ACD Systems\ACDSee Pro\70\LClient\”
strRegPathParent02 = “Software\ACD Systems\ACDSee Pro\70\LClient”
WshShell.RegWrite sRegistryRootToUse & “\” & strRegPathParent01 & “\rid”, “21237835”, “REG_DWORD”
WshShell.RegWrite sRegistryRootToUse & “\” & strRegPathParent01 & “\scd”, “1iUbTg9RJbM=”, “REG_SZ”
WshShell.RegWrite sRegistryRootToUse & “\” & strRegPathParent01 & “\spd”, “sr2shv5PBiUiFbJ2ON5vBA==”, “REG_SZ”
SetBinaryRegKeys sRegistryRootToUse, strRegPathParent02,”md”,”hex:3d,89,37,7d,47,b4,59,..”
SetBinaryRegKeys sRegistryRootToUse, strRegPathParent02,”ud”,”hex:68,ac,78,6f,91,34,a3,…”
Thanks.
I’ve attempted running this on Windows 10 and although it says it’s updating the current user’s settings (it’s failing on the default user), there are no changes.
Here’s what I’ve modified before running the script:
If DAT_FILE = DAT_NTUSER Then ‘This is for updating HKCU keys
Dim strRegPathParent01
strRegPathParent01 = “Software\Policies\Microsoft\Windows\Explorer”
WshShell.RegWrite sRegistryRootToUse & “\” & strRegPathParent01 & “\Start_PowerButtonAction”, “00000001”, “REG_DWORD”
I haven’t touched anything else.
Gavin
I keep receiving
(118, 1) Microsoft VBScript compilation error: Syntax error and If I comment out the line, it just finds another line to pick on. I commented out the seemingly unnecessary lines. Below are the only modifications I have made to the script:
If DAT_FILE = DAT_NTUSER Then ‘This is for updating HKCU keys
Dim strRegPathParent01
Dim strRegPathParent02
Dim strRegPathParent03
Dim strRegPathParent04
Dim strRegPathParent05
strRegPathParent01 = “Software\Policies\Microsoft\Office\14.0\access\security”
strRegPathParent02 = “Software\Policies\Microsoft\Office\14.0\access\settings”
strRegPathParent03 = “Software\Policies\Microsoft\Office\14.0\access\internet”
strRegPathParent04 = “software\policies\Microsoft\office\14.0\common\toolbars\access”
WshShell.RegWrite sRegistryRootToUse & “\” & strRegPathParent01 & “\NoTBPromptUnsignedAddin”, “00000001”, “REG_DWORD”
WshShell.RegWrite sRegistryRootToUse & “\” & strRegPathParent01 & “\vbawarnings”, “00000002”, “REG_DWORD”
WshShell.RegWrite sRegistryRootToUse & “\” & strRegPathParent01 & “\ModalTrustDecisionOnly”, “00000000”, “REG_DWORD”
WshShell.RegWrite sRegistryRootToUse & “\” & strRegPathParent01 & “\RequireAddinSig”, “00000001”, “REG_DWORD”
WshShell.RegWrite sRegistryRootToUse & “\” & strRegPathParent01 & “\EnableDEP”, “00000001”, “REG_DWORD”
WshShell.RegWrite sRegistryRootToUse & “\” & strRegPathParent02 & “\Default File Format”, “00000012”, “REG_DWORD”
WshShell.RegWrite sRegistryRootToUse & “\” & strRegPathParent02 & “\NoConvertDialog”, “00000000”, “REG_DWORD”
WshShell.RegWrite sRegistryRootToUse & “\” & strRegPathParent03 & “\DoNotUnderlineHyperlinks”, “00000000”, “REG_DWORD”
WshShell.RegWrite sRegistryRootToUse & “\” & strRegPathParent04 & “\noextensibilitycustomizationfromdocument”, “00000001”, “REG_DWORD”
‘===
‘REG_BINARY values are special
‘===
‘
‘ 1st step is to create subkey path
‘WshShell.RegWrite sRegistryRootToUse & “\” & strRegPathParent05 & “\”, “”
‘SetBinaryRegKeys sRegistryRootToUse, strRegPathParent05, “My Test Binary Value”,”hex:23,00,41,00,43,00,42,00,6c,00″
‘
‘ You can add additional registry keys to write here if you would like
‘
‘=======================
‘ DELETING KEYS
‘=======================
‘
‘ This will RECURSIVELY delete the parent reg key and all items below it.
‘ USE CAUTION!
‘
‘Dim sSubkeyPathToDelete
‘sSubkeyPathToDelete = “Software\_Test”
‘
‘Call DeleteSubkeysRecursively(sRegistryRootToUse, sSubkeyPathToDelete) ‘ recursively deletes the binary reg key we added earlier
‘
‘
‘ This will delete just a single value
‘Call DeleteSingleValue(sRegistryRootToUse, strRegPathParent02, “FormSuggest PW Ask”) ‘ deletes the ‘FormSuggest PW Ask’ key set earlier
‘
‘ElseIf DAT_FILE = DAT_USRCLASS Then ‘ This is for updating HKCR keys per-user
‘Dim sHkcrParent01
‘sHkcrParent01 = “Software\Microsoft\MediaPlayer\Preferences”
‘sHkcrParent01 = “FirefoxURL”
‘WshShell.RegWrite sRegistryRootToUse & “\” & sHkcrParent01 & “\FriendlyTypeName”, “Firefox URL”, “REG_SZ”
‘End If
‘End Sub
‘
‘
‘
‘
‘
‘
‘
‘ NO CHANGES NECESSARY BELOW THIS LINE
We have a software distribution system (proprietary, no SCCM or the likes) that distributes packages that runs with SYSTEM privileges while a user is already logged in. I suppose there is no way to update the ntuser.dat for the user that is already logged into the pc ?
This script will update any logged-on users. Logged-on users hives are loaded at “HKEY_USERS\THE_USERS_SID”. You simply need to obtain the user’s SID and then you can read/write to that hive without having to load any ntuser.dat files.
There are many ways to do it, but PsGetSid from SysInternals can retrieve a user’s SID on-demand: https://technet.microsoft.com/en-us/sysinternals/bb897417.aspx
Hi Mick! Thanks very much for your hard work on this one- you’ve really saved me a lot of work!
I’ve modified the script to delete a registry key within Software\Classes\Wow6432Node\CLSID for all users, which is deployed to a collection via a program within a package in SCCM 2012.
The script works GREAT when the Environment Setting ‘Program Can Run’ is set to ‘Only When a User is Logged On’. However, for the purpose of this deployment (a Java Update) I require the script to run ‘Only when no user is logged on’. When that setting is checked, doesn’t work.
Is this behavior expected? (ie: will this script not work if no user is logged on)?
Thanks for your help!
All the best,
Josh
Hi Josh. When you say it “doesn’t work” when set to run “Only when no user is logged on”, what exactly happens? Do any keys get written?
The vbscript currently is configured to echo out errors/progress. I suggest capturing this in a file to see exactly where it seems to be failing.
Create a batch file, or modify your SCCM package/command, to run the vbscript like this (important to run cscript here…not wscript or there will be GUI popups on “wscript.echo” calls in the script):
cscript.exe RegUpdateAllHkcuHkcr.vbs > c:\windows\temp\log_RegUpdateAllHkcuHkcr.log
Then after it runs, check the log file to see what exactly is failing. Let me know if you are still having problems.
Hello Mick! Thank’s for your speedy response. In my naivety I had commented out the ‘echo’ instances thinking that they may have been inhibiting my silent program from running its course correctly (admittedly I’m pretty new to the world of scripting- I’ve since learned about the wonders of cscript!)
I reverted to the old script and added cscript to the command line, and it’s now working a treat!
Thank you again, you’ve been a fantastic help.
Have a great day!
Hi Mick,
sorry I am a totaly newby… What have I to do to set this regkeys for all users?
[HKEY_CURRENT_USER\Control Panel\Desktop]
“ScreenSaveActive”=”1”
“SCRNSAVE.EXE”=”C:\\windows\\system32\\scrnsave.scr”
“ScreenSaveTimeOut”=”900”
“ScreenSaverIsSecure”=”1”
Hope you can help me :(
Best regards
Dicker182
Hi Mick,
I wanted to know if this script is compatible with Windows 10 x64 yet? I’ts been very useful to me over the years. Thanks.
Hello Mick,
I noticed that you didn’t update RegUpdateAllUsers for a while, and I released a fork of it with Documentation and a Class adaptation (so, now we don’t need to edit the script manually and we can call it from any script we want – see “examples\Create-Delete Demo.wsf”).
There is another changes, as a new registry manipulation logic by RegClassVBS [https://github.com/coldscientist/RegClassVBS] (now it supports 64-bit keys natively, better error handling, and other enhancements).
See CHANGELOG for details.
Please feel free to commit any changes to the code. =)
The fork version can be found at:
https://github.com/coldscientist/RegUpdateAllUsers
Thank you,
Eduardo Mozart de Oliveira.