Click on Pictures to View

To view a larger version of an image within a post, just click on the picture you want to view :)

Friday, March 24, 2017

Edit HKCU in Remote Registry

There have been many instances when I've needed to edit in the HKEY_CURRENT_USER of a remote machine.  Here's the general process I tend to use:

1) If not already running, start the Remote Registry service on the remote machine using PSTools
    In an elevated command prompt, navigate to your PSTools directory and execute:

 > psservice.exe \\computername start "Remote Registry" -accepteula

2) Next in the elevated command prompt, open the Registry Editor:

> regedit

3)  Click File -> Connect Network Registry...


4) Type in the remote computer's computer name (also used in step 1) and click OK


5) Expand the newly added computer from the left pane to view the registry keys
6) Expand HKEY_USERS - the currently logged in user will be the longest key without "_Classes" at the end of the name

7)  To confirm the username of the currently logged in user, navigate to HKLM\CurrentControlSet\Control\hivelist and looking at the matching SID in the string name.  The user's username can be found in the value of that string.

8) Disconnect the remote registry under File -> Disconnect Network Registry when finished
SOURCES:

"Accessing 'HKEY_CURRENT_USER' on a remote machine" -
https://community.spiceworks.com/topic/138653-accessing-hkey_current_user-on-a-remote-machine

"Run commands remotely with psexec" -
http://heresjaken.com/run-commands-remotely-psexec/

"PSTools" (Suite Download) -
https://technet.microsoft.com/en-us/sysinternals/pstools.aspx

"PSService v.2.25" -
https://technet.microsoft.com/en-us/sysinternals/psservice

"Connect to the Registry" -
https://technet.microsoft.com/en-us/library/cc732388(v=ws.11).aspx


Posted by at 1 comment:
Labels: , , , , , ,
Subscribe to: Posts (Atom)