Back to basics: Modifying registry for the CURRENT user coming from SYSTEM context

Introduction

Back in the days, when I started out being a newbie in the software deployment world, I had no real grasp about the different contexts (USER vs. SYSTEM), and I found it to be a trivial task to combine the two.

Today I find it an obvious approach, and in this post, I will give a quick example of how to modify registry for the CURRENTLY logged on user, while delivering an installation in SYSTEM context.

Oftentimes the scenario is, that you need to deploy software which requires local SYSTEM permissions, and while doing so, you’d like to modify the registry for the CURRENTLY logged on user.

PowerShell

There’s no real requirement, as to whether you are using Configuration Manager or Intune in this specific scenario. The magic lies within PowerShell.

I do however, often use this with the PowerShell App Deployment Toolkit and ConfigMgr. When doing so, the installation paragraph often looks similar to below:

Execute-Process -Path 'powershell.exe' -Parameters "-ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -File `"$dirFiles\Edit-DocumentaalRegistry.ps1`""

Edit-HKCURegistryFromSystem.ps1

Find my PowerShell script on my GitHub page: PowerShell/Edit-HKCURegistryfromSystem.ps1 at master · imabdk/PowerShell (github.com)

This script will do following:

  • Find the username of the currently logged on user
  • Use the username, to get the SID of the logged on user
  • Use the SID, to be able to modify the HKEY_Users hive in registry
  • Modify the configured portion of the registry for the logged on user (edit this to suit your needs)

ENJOY 🙂

4 thoughts on “Back to basics: Modifying registry for the CURRENT user coming from SYSTEM context”

  1. It’s built in to PSADT allready, why not use it there:
    Set-RegistryKey with SID parameter, Execute-ProcessAsUser or Invoke-HKCURegistryKeySettingsForAll

    Still cool having it for other purposes.

    Reply
    • I actually didn’t know it was built into PSADT, but as you mention, good for other purposes. Also, simply referring to PSADT doesn’t teach people much 🙂

      Thank you though! 🙂

      Reply
  2. Well I use this in PS to get SID:

    $loggedonuser = ((Get-ciminstance -ClassName Win32_ComputerSystem).Username).Split(‘\’)[1]

    $domainuser = get-ciminstance win32_useraccount -Filter “name = ‘$loggedonuser’ AND domain = ‘your domain'”

    $userSID = $domainuser.sid

    Reply
  3. Hello,

    I tried many ways to find the logged on user. The most success i had with this.

    $User = (Get-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI).LastLoggedOnUser.Split(‘\’)[1] 

    Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.