In the later versions of Windows, it’s stored in the user directory in the file called NTUSER.DAT. This file is loaded every time a user logs on:
Now that we’ve identified the file that we’d like to modify, let’s dive in and modify the registry!
There are many ways that we can modify the registry (Active Setup and Active Directory Group Policy Preferences come to mind), but since I am rather fond of PowerShell, I’d like to keep it as PowerShell-friendly as possible.
Whatever your reasons, here’s a solution that will hopefully work for you. I’m going to split this blog post into two parts. The first part will cover the basics. The second part will cover the fancier stuff.
Disclaimer: Use this information with a healthy dose of caution. It is never wise to modify the registry without a good reason, and even some good reasons aren’t always great justification. In other words, be responsible and test your scripts before using on production systems. We cannot be held responsible for any issues that you may encounter.
Modify the Registry of Another User
You can see that in the Registry Editor:
The HKU\<SID> and HKCU keys are loaded when a user logs into a machine. The associated keys are unloaded when that user logs out of a machine. In my example above, the two displayed keys represent the user’s registry for my username.
In order to modify the registry keys for a different user, we need to load their registry first. In the later versions of windows, it’s stored in the user directory as the file NTUSER.DAT.
Usage of reg.exe to load and unload ntuser.dat files is pretty straightforward:
reg load <
Key> <File & Path Of Ntuser.dat>
reg unload <
The Key has to include a valid root key, but the subkey can be anything you’d like. In my examples, I used the HKU (HKEY_USERS) root key and then loaded/unloaded Vincent’s ntuser.dat to the subkey Fancy.
Putting it all together
Now that we know how to load and unload the registry of a different user, we can use this in a PowerShell script to add/remove any keys for any user.
Let’s say we want to create the following key for Vincent: HKCU\Software\FancyKey (see New-Item)
Since there’s so much information to cover, the next blog post will cover modifying registry keys for all users on a machine so that we will be able to make changes universally across all users.
Kris was an employee at PDQ.