Arthur L Posted June 26, 2008 Share Posted June 26, 2008 (edited) hi guys, I'm using this technique to set all users screensaver to one that is provided by BOINC. This is the script I've used: RegWriteAllUsers("Control Panel\Desktop", "ScreenSaveTimeOut", "REG_SZ", "300") RegWriteAllUsers("Control Panel\Desktop", "SCRNSAVE.EXE", "REG_SZ", "c:\windows\boinc.scr") After execution, not all users' screensaver are set as desired. Is there anything I need to adjust? pls help. thanks!! Edited June 26, 2008 by Arthur L Link to comment Share on other sites More sharing options...
engine Posted June 26, 2008 Share Posted June 26, 2008 hi guys, I'm using this technique to set all users screensaver to one that is provided by BOINC. This is the script I've used: RegWriteAllUsers("Control Panel\Desktop", "ScreenSaveTimeOut", "REG_SZ", "300") RegWriteAllUsers("Control Panel\Desktop", "SCRNSAVE.EXE", "REG_SZ", "c:\windows\boinc.scr") After execution, not all users' screensaver are set as desired. Is there anything I need to adjust? pls help. thanks!! The only thing I can tell you, is to try my modifications. In this case you need to write: _RegWrite("", "Control Panel\Desktop", "ScreenSaveTimeOut", "REG_SZ", "300") _RegWrite("", "Control Panel\Desktop", "SCRNSAVE.EXE", "REG_SZ", "c:\windows\boinc.scr")oÝ÷ Ù.q©Þ½éÞv+Z²øºÇ«~ÞÅ©©ëaz²Ör§µ«¢+Ù}I]É¥Ñ ÅÕ½ÐíÕÍÐÅÕ½Ðì°ÅÕ½Ðí ½¹Ñɽ°A¹°ÀäÈíÍѽÀÅÕ½Ðì°ÅÕ½ÐíMɹMÙQ¥µ=ÕÐÅÕ½Ðì°ÅÕ½ÐíI}MhÅÕ½Ðì°ÅÕ½ÐìÌÀÀÅÕ½Ðì¤)}I]É¥Ñ ÅÕ½ÐíÕÍÐÅÕ½Ðì°ÅÕ½Ðí ½¹Ñɽ°A¹°ÀäÈíÍѽÀÅÕ½Ðì°ÅÕ½ÐíM I9MY¹aÅÕ½Ðì°ÅÕ½ÐíI}MhÅÕ½Ðì°ÅÕ½ÐíèÀäÈíÝ¥¹½ÝÌÀäÈí½¥¹¹ÍÈÅÕ½Ðì¤oÝ÷ ØpYkzÛ«©Ú®¶²Â«yÊ%ºiô Regards. My contributions:Local account UDF Registry UDFs DriverSigning UDF Windows Services UDF [url="http://www.autoitscript.com/forum/index.php?showtopic=81880"][/url] Link to comment Share on other sites More sharing options...
engine Posted July 2, 2008 Share Posted July 2, 2008 I made some modifications of my own to _RegLoadHive, _RegUnloadHive and SetPrivilege functions. The best of these modifications is support for remote computers. I am about to edit this UDF to qualify for inclusion -> http://www.autoitscript.com/autoit3/udfs/UDF_Standards.htmI need to know who the original authors are.Thanks. My contributions:Local account UDF Registry UDFs DriverSigning UDF Windows Services UDF [url="http://www.autoitscript.com/forum/index.php?showtopic=81880"][/url] Link to comment Share on other sites More sharing options...
engine Posted July 4, 2008 Share Posted July 4, 2008 (edited) Actually I completely rewritten these functions. So I am assuming them as my own. I will publish them on this forum very soon.Regards.Edit: Look for them here -> http://www.autoitscript.com/forum/index.php?showtopic=75250 Edited July 4, 2008 by engine My contributions:Local account UDF Registry UDFs DriverSigning UDF Windows Services UDF [url="http://www.autoitscript.com/forum/index.php?showtopic=81880"][/url] Link to comment Share on other sites More sharing options...
Charlesekeisler Posted May 6, 2013 Share Posted May 6, 2013 (edited) I needed to do this for work recently and thought I'd share it. Here is a UDF which allows you to write a user specific registry key to ever user profile on the system (whether logged on or off). Includes the "default user" registry, so changes apply to any new users that log on as well. Examples: ; Give everyone a new IE home page (note you don't need HKCU) RegWriteAllUsers("SoftwareMicrosoftInternet ExplorerMain", "Start Page", "REG_SZ", "http://www.google.com") ; Delete everyone's custom wallpaper (note it you can use HKCU if you want) RegDeleteAllUsers("HKEY_CURRENT_USERControl PanelDesktop", "WallPaper") Code uses RegLoadHive functions by Larry. expandcollapse popup#cs ---------------------------------------------------------------------------- AutoIt Version: 3.2.2.0 Author: Sean Hart Script Function: UDFs to write or delete registry keys from all user profiles on the system. Uses RegLoadHive functions provided by Larry #ce ---------------------------------------------------------------------------- ; === RegWriteAllUsers === ; Writes "current user" registry data to every user profile on the system. ; Requires RegLoadHive and RegUnLoadHive functions. ; ; Inputs: $key - see RegWrite function for details (no HKU\HKCU\HKLM required) ; $value - see RegWrite function for details ; $type - see RegWrite function for details ; $data - see RegWrite function for details ; ; Returns: nothing Func RegWriteAllUsers($key, $value, $type, $data) Dim $i, $curkey, $ExpandEnvStrings, $profiledir, $curdir, $search ; init variables $i = 1 $error = 0 $ExpandEnvStrings = Opt("ExpandEnvStrings",1) $profiledir = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList", "ProfilesDirectory") ; change directory to profile directory $curdir = @WorkingDir FileChangeDir($profiledir) ; replace HKU / HKCU / HKLM in key if require Select Case StringLeft($key, 4) = "HKU\" $key = StringRight($key, StringLen($key) - 4) Case StringLeft($key, 5) = "HKCU\" $key = StringRight($key, StringLen($key) - 5) Case StringLeft($key, 5) = "HKLM\" $key = StringRight($key, StringLen($key) - 5) Case StringLeft($key, 11) = "HKEY_USERS\" $key = StringRight($key, StringLen($key) - 11) Case StringLeft($key, 18) = "HKEY_CURRENT_USER\" $key = StringRight($key, StringLen($key) - 18) Case StringLeft($key, 19) = "HKEY_LOCAL_MACHINE\" $key = StringRight($key, StringLen($key) - 19) EndSelect ; Go through all directories where ntuser.dat is accessible $search = FileFindFirstFile("*.*") $dir = FileFindNextFile($search) While @error = 0 ; Process directories If StringInStr(FileGetAttrib($profiledir & "\" & $dir), "D") Then ; Check for ntuser.dat If FileExists($profiledir & "\" & $dir & "\ntuser.dat") Then ; Try and load hive If RegLoadHive("TempUser", $profiledir & "\" & $dir & "\ntuser.dat") Then ; Apply new registry data RegWrite("HKEY_USERS\TempUser\" & $key, $value, $type, $data) ; Unload hive RegUnloadHive("TempUser") EndIf EndIf EndIf $dir = FileFindNextFile($search) WEnd ; Start by going through all currently logged on user keys (exclude system accounts and classes) $curkey = RegEnumKey("HKEY_USERS", $i) While @error = 0 If (StringLen($curkey) > 8) And (Not StringInStr($curkey, "_Classes")) Then RegWrite("HKEY_USERS\" & $curkey & "\" & $key, $value, $type, $data) EndIf $i = $i + 1 $curkey = RegEnumKey("HKEY_USERS", $i) WEnd ; Put settings back and change back to previous directory Opt("ExpandEnvStrings",$ExpandEnvStrings) FileChangeDir($curdir) EndFunc ; === END RegWriteAllUsers === ; === RegDeleteAllUsers === ; Deletes "current user" registry data from every user profile on the system. ; Requires RegLoadHive and RegUnLoadHive functions. ; ; Inputs: $key - see RegDelete function for details (no HKU\HKCU\HKLM required) ; $value - (optional) see RegDelete function for details ; ; Returns: nothing Func RegDeleteAllUsers($key, $value = "ÿ") Dim $i, $curkey, $ExpandEnvStrings, $profiledir, $curdir, $search ; init variables $i = 1 $error = 0 $ExpandEnvStrings = Opt("ExpandEnvStrings",1) $profiledir = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList", "ProfilesDirectory") ; change directory to profile directory $curdir = @WorkingDir FileChangeDir($profiledir) ; replace HKU / HKCU / HKLM in key if require Select Case StringLeft($key, 4) = "HKU\" $key = StringRight($key, StringLen($key) - 4) Case StringLeft($key, 5) = "HKCU\" $key = StringRight($key, StringLen($key) - 5) Case StringLeft($key, 5) = "HKLM\" $key = StringRight($key, StringLen($key) - 5) Case StringLeft($key, 11) = "HKEY_USERS\" $key = StringRight($key, StringLen($key) - 11) Case StringLeft($key, 18) = "HKEY_CURRENT_USER\" $key = StringRight($key, StringLen($key) - 18) Case StringLeft($key, 19) = "HKEY_LOCAL_MACHINE\" $key = StringRight($key, StringLen($key) - 19) EndSelect ; Go through all directories where ntuser.dat is accessible $search = FileFindFirstFile("*.*") $dir = FileFindNextFile($search) While @error = 0 ; Process directories If StringInStr(FileGetAttrib($profiledir & "\" & $dir), "D") Then ; Check for ntuser.dat If FileExists($profiledir & "\" & $dir & "\ntuser.dat") Then ; Try and load hive If RegLoadHive("TempUser", $profiledir & "\" & $dir & "\ntuser.dat") Then ; Delete registry data If $value = "ÿ" Then RegDelete("HKEY_USERS\TempUser\" & $key) Else RegDelete("HKEY_USERS\TempUser\" & $key, $value) EndIf ; Unload hive RegUnloadHive("TempUser") EndIf EndIf EndIf $dir = FileFindNextFile($search) WEnd ; Start by going through all currently logged on user keys (exclude system accounts and classes) $curkey = RegEnumKey("HKEY_USERS", $i) While @error = 0 If (StringLen($curkey) > 8) And (Not StringInStr($curkey, "_Classes")) Then ; Delete registry data If $value = "ÿ" Then RegDelete("HKEY_USERS\" & $curkey & "\" & $key) Else RegDelete("HKEY_USERS\" & $curkey & "\" & $key, $value) EndIf EndIf $i = $i + 1 $curkey = RegEnumKey("HKEY_USERS", $i) WEnd EndFunc ; === END RegDeleteAllUsers === ; === RegLoadHive === ; Loads a ntuser.dat file as a registry hive ; Requires SetPrivilege function. ; ; Inputs: $hiveName - name for the hive ; $NTUSER_datFile - full path to ntuser.dat file to load ; $RLH_key - (optional) root for hive (defaults to HKU) ; ; Returns: 1 - Successful ; 0 - Error (sets @error) Func RegLoadHive($hiveName, $NTUSER_datFile, $RLH_key = "HKU") If Not (@OSTYPE=="WIN32_NT") Then SetError(-1) Return 0 EndIf Const $HKEY_LOCAL_MACHINE = 0x80000002 Const $HKEY_USERS = 0x80000003 Const $SE_RESTORE_NAME = "SeRestorePrivilege" Const $SE_BACKUP_NAME = "SeBackupPrivilege" Local $RLH_ret Local $aPriv[2] If $RLH_key = "HKLM" Then $RLH_key = $HKEY_LOCAL_MACHINE ElseIf $RLH_key = "HKU" Then $RLH_key = $HKEY_USERS Else SetError(-2) Return 0 EndIf $aPriv[0] = $SE_RESTORE_NAME $aPriv[1] = $SE_BACKUP_NAME SetPrivilege($aPriv,1) $RLH_ret = DllCall("Advapi32.dll","int","RegLoadKey","int",$RLH_key,"str",$hiveName,"str",$NTUSER_datFile) SetError($RLH_ret[0]) Return Not $RLH_ret[0] EndFunc ; === END RegLoadHive === ; === RegUnloadHive === ; Unloads a registry hive ; Requires SetPrivilege function. ; ; Inputs: $hiveName - name for the hive ; $RLH_key - (optional) root for hive (defaults to HKU) ; ; Returns: 1 - Successful ; 0 - Error (sets @error) Func RegUnloadHive($hiveName, $RUH_key = "HKU") If Not (@OSTYPE=="WIN32_NT") Then SetError(-1) Return 0 EndIf Const $HKEY_LOCAL_MACHINE = 0x80000002 Const $HKEY_USERS = 0x80000003 Local $RUH_ret If $RUH_key = "HKLM" Then $RUH_key = $HKEY_LOCAL_MACHINE ElseIf $RUH_key = "HKU" Then $RUH_key = $HKEY_USERS Else SetError(-2) Return 0 EndIf $RUH_ret = DllCall("Advapi32.dll","int","RegUnLoadKey","int",$RUH_key,"Str",$hiveName) Return Not $RUH_ret[0] EndFunc ; === RegUnloadHive === ; === SetPrivilege === ; Special function for use with registry hive functions Func SetPrivilege( $privilege, $bEnable ) Const $TOKEN_ADJUST_PRIVILEGES = 0x0020 Const $TOKEN_QUERY = 0x0008 Const $SE_PRIVILEGE_ENABLED = 0x0002 Local $hToken, $SP_auxret, $SP_ret, $hCurrProcess, $nTokens, $nTokenIndex, $priv $nTokens = 1 $LUID = DLLStructCreate("dword;int") If IsArray($privilege) Then $nTokens = UBound($privilege) $TOKEN_PRIVILEGES = DLLStructCreate("dword;dword[" & (3 * $nTokens) & "]") $NEWTOKEN_PRIVILEGES = DLLStructCreate("dword;dword[" & (3 * $nTokens) & "]") $hCurrProcess = DLLCall("kernel32.dll","hwnd","GetCurrentProcess") $SP_auxret = DLLCall("advapi32.dll","int","OpenProcessToken","hwnd",$hCurrProcess[0], _ "int",BitOR($TOKEN_ADJUST_PRIVILEGES,$TOKEN_QUERY),"int_ptr",0) If $SP_auxret[0] Then $hToken = $SP_auxret[3] DLLStructSetData($TOKEN_PRIVILEGES,1,1) $nTokenIndex = 1 While $nTokenIndex <= $nTokens If IsArray($privilege) Then $priv = $privilege[$nTokenIndex-1] Else $priv = $privilege EndIf $ret = DLLCall("advapi32.dll","int","LookupPrivilegeValue","str","","str",$priv, _ "ptr",DLLStructGetPtr($LUID)) If $ret[0] Then If $bEnable Then DLLStructSetData($TOKEN_PRIVILEGES,2,$SE_PRIVILEGE_ENABLED,(3 * $nTokenIndex)) Else DLLStructSetData($TOKEN_PRIVILEGES,2,0,(3 * $nTokenIndex)) EndIf DLLStructSetData($TOKEN_PRIVILEGES,2,DllStructGetData($LUID,1),(3 * ($nTokenIndex-1)) + 1) DLLStructSetData($TOKEN_PRIVILEGES,2,DllStructGetData($LUID,2),(3 * ($nTokenIndex-1)) + 2) DLLStructSetData($LUID,1,0) DLLStructSetData($LUID,2,0) EndIf $nTokenIndex += 1 WEnd $ret = DLLCall("advapi32.dll","int","AdjustTokenPrivileges","hwnd",$hToken,"int",0, _ "ptr",DllStructGetPtr($TOKEN_PRIVILEGES),"int",DllStructGetSize($NEWTOKEN_PRIVILEGES), _ "ptr",DllStructGetPtr($NEWTOKEN_PRIVILEGES),"int_ptr",0) $f = DLLCall("kernel32.dll","int","GetLastError") EndIf $NEWTOKEN_PRIVILEGES = 0 $TOKEN_PRIVILEGES = 0 $LUID = 0 If $SP_auxret[0] = 0 Then Return 0 $SP_auxret = DLLCall("kernel32.dll","int","CloseHandle","hwnd",$hToken) If Not $ret[0] And Not $SP_auxret[0] Then Return 0 return $ret[0] EndFunc ; === END SetPrivilege === Mine takes up less code and includes future users via the default profile. Edited May 6, 2013 by Charlesekeisler Link to comment Share on other sites More sharing options...
toasterking Posted October 29, 2018 Share Posted October 29, 2018 Thanks, this saved me a lot of work! Some minor changes here: Added command line options. Syntax examples: RegEveryUser.exe add "Software\Policies\Example" "My test value" REG_DWORD 2 RegEveryUser.exe delete "Software\Policies\Example" "My test value" RegEveryUser.exe delete "Software\Policies\Example" Also writes changes to the default user profile so changes will be applied to newly created user profiles. Retries unloading the hive up to 20 times over ~4 seconds if doing so fails. Incorporated thecharliec's SetPrivilege fix. Tidied code and added local variable declarations that were missing. Active Setup, which I consider a cleaner approach, is actually my preferred method for making registry changes or executing any commands once for every user. But in this case, I needed to make a change to a "Policies" key normally written by Group Policy in the absence of a proper GPO implementation. Per-user policy settings are applied by Group Policy by setting a registry value in the "Policies" of the user hive, but the permissions on this subkey are set such that the user cannot write there themselves unless they are a local administrator. In this case, this script is useful to run as a local Administrator to preset the value for every user. expandcollapse popup#NoTrayIcon #Region ;**** Directives created by AutoIt3Wrapper_GUI **** #AutoIt3Wrapper_Outfile=RegEveryUser.exe #AutoIt3Wrapper_Change2CUI=y #AutoIt3Wrapper_Res_Description=Multiple user registry hive updater #AutoIt3Wrapper_Res_Fileversion=1.0.0.100 #AutoIt3Wrapper_Res_Fileversion_AutoIncrement=y #AutoIt3Wrapper_Res_LegalCopyright=toasterking #AutoIt3Wrapper_Res_Language=1033 #EndRegion ;**** Directives created by AutoIt3Wrapper_GUI **** ;~ #AutoIt3Wrapper_Res_ProductVersion=1.0.0.0 #cs ---------------------------------------------------------------------------- AutoIt Version: 3.3.14.2 Author: Sean Hart Mods: thecharliec, toasterking Script Function: Command-line utility to write or delete registry keys from all user profiles on the system. Active Setup is more efficient unless the user doesn't have permission to manipulate a part of the registry in their own user profile. This is the case with anything in HKCU\Sofware\Policies. Uses _RegLoadHive functions provided by Larry #ce ---------------------------------------------------------------------------- #Region --- Include files #include <WinAPIShellEx.au3> #EndRegion --- Include files Opt("MustDeclareVars", 1) ; Because I'm paranoid. If $CmdLine[0] < 2 Then Exit 1 Switch $CmdLine[1] Case 'add' If $CmdLine[0] < 5 Then Exit 1 _RegWriteAllUsers($CmdLine[2],$CmdLine[3],$CmdLine[4],$CmdLine[5]) Case 'delete' If $CmdLine[0] = 2 Then ;Key only _RegDeleteAllUsers($CmdLine[2],"ÿ") ElseIf $CmdLine[0] >= 3 Then ;Key and value _RegDeleteAllUsers($CmdLine[2],$CmdLine[3]) Else Exit 1 EndIf EndSwitch Exit 0 ; === _RegWriteAllUsers === ; Writes "current user" registry data to every user profile on the system. ; Requires _RegLoadHive and _RegUnloadHive functions. ; ; Inputs: $key - see RegWrite function for details (no HKU\HKCU\HKLM required) ; $value - see RegWrite function for details ; $type - see RegWrite function for details ; $data - see RegWrite function for details ; ; Returns: nothing Func _RegWriteAllUsers($key, $value, $type, $data) Local $i, $curkey, $ExpandEnvStrings, $profiledir, $curdir, $search ; init variables $i = 1 Local $error = 0 $ExpandEnvStrings = Opt("ExpandEnvStrings", 1) $profiledir = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList", "ProfilesDirectory") ; change directory to profile directory $curdir = @WorkingDir FileChangeDir($profiledir) ; replace HKU / HKCU / HKLM in key if require Select Case StringLeft($key, 4) = "HKU\" $key = StringRight($key, StringLen($key) - 4) Case StringLeft($key, 5) = "HKCU\" $key = StringRight($key, StringLen($key) - 5) Case StringLeft($key, 5) = "HKLM\" $key = StringRight($key, StringLen($key) - 5) Case StringLeft($key, 11) = "HKEY_USERS\" $key = StringRight($key, StringLen($key) - 11) Case StringLeft($key, 18) = "HKEY_CURRENT_USER\" $key = StringRight($key, StringLen($key) - 18) Case StringLeft($key, 19) = "HKEY_LOCAL_MACHINE\" $key = StringRight($key, StringLen($key) - 19) EndSelect ; Go through all directories where ntuser.dat is accessible $search = FileFindFirstFile("*.*") Local $dir For $x = 99 To 0 Step -1 $dir = FileFindNextFile($search) If @error Then ;TK: If no more profile directories to process $dir = _WinAPI_GetDefaultUserProfileDirectory() ;TK: Update the default user profile for the last loop. $x = 0 ;TK: Make this the last loop EndIf ; Process directories If StringInStr(FileGetAttrib($profiledir & "\" & $dir), "D") Then ; Check for ntuser.dat If FileExists($profiledir & "\" & $dir & "\ntuser.dat") Then ; Try and load hive If _RegLoadHive("TempUser", $profiledir & "\" & $dir & "\ntuser.dat") Then ; Apply new registry data RegWrite("HKEY_USERS\TempUser\" & $key, $value, $type, $data) ; Unload hive For $z = 1 To 20 If _RegUnloadHive("TempUser") Then ExitLoop Sleep(200) Next EndIf EndIf EndIf Next ; Start by going through all currently logged on user keys (exclude system accounts and classes) $curkey = RegEnumKey("HKEY_USERS", $i) While @error = 0 If (StringLen($curkey) > 8) And (Not StringInStr($curkey, "_Classes")) Then RegWrite("HKEY_USERS\" & $curkey & "\" & $key, $value, $type, $data) EndIf $i = $i + 1 $curkey = RegEnumKey("HKEY_USERS", $i) WEnd ; Put settings back and change back to previous directory Opt("ExpandEnvStrings", $ExpandEnvStrings) FileChangeDir($curdir) EndFunc ;==>_RegWriteAllUsers ; === END _RegWriteAllUsers === ; === _RegDeleteAllUsers === ; Deletes "current user" registry data from every user profile on the system. ; Requires _RegLoadHive and _RegUnloadHive functions. ; ; Inputs: $key - see RegDelete function for details (no HKU\HKCU\HKLM required) ; $value - (optional) see RegDelete function for details ; ; Returns: nothing Func _RegDeleteAllUsers($key, $value = "ÿ") Local $i, $curkey, $ExpandEnvStrings, $profiledir, $curdir, $search ; init variables $i = 1 Local $error = 0 $ExpandEnvStrings = Opt("ExpandEnvStrings", 1) $profiledir = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList", "ProfilesDirectory") ; change directory to profile directory $curdir = @WorkingDir FileChangeDir($profiledir) ; replace HKU / HKCU / HKLM in key if require Select Case StringLeft($key, 4) = "HKU\" $key = StringRight($key, StringLen($key) - 4) Case StringLeft($key, 5) = "HKCU\" $key = StringRight($key, StringLen($key) - 5) Case StringLeft($key, 5) = "HKLM\" $key = StringRight($key, StringLen($key) - 5) Case StringLeft($key, 11) = "HKEY_USERS\" $key = StringRight($key, StringLen($key) - 11) Case StringLeft($key, 18) = "HKEY_CURRENT_USER\" $key = StringRight($key, StringLen($key) - 18) Case StringLeft($key, 19) = "HKEY_LOCAL_MACHINE\" $key = StringRight($key, StringLen($key) - 19) EndSelect ; Go through all directories where ntuser.dat is accessible $search = FileFindFirstFile("*.*") Local $dir For $x = 99 To 0 Step -1 $dir = FileFindNextFile($search) If @error Then ;TK: If no more profile directories to process $dir = _WinAPI_GetDefaultUserProfileDirectory() ;TK: Update the default user profile for the last loop. $x = 0 ;TK: Make this the last loop EndIf ; Process directories If StringInStr(FileGetAttrib($profiledir & "\" & $dir), "D") Then ; Check for ntuser.dat If FileExists($profiledir & "\" & $dir & "\ntuser.dat") Then ; Try and load hive If _RegLoadHive("TempUser", $profiledir & "\" & $dir & "\ntuser.dat") Then ; Delete registry data If $value = "ÿ" Then RegDelete("HKEY_USERS\TempUser\" & $key) Else RegDelete("HKEY_USERS\TempUser\" & $key, $value) EndIf ; Unload hive For $z = 1 To 20 If _RegUnloadHive("TempUser") Then ExitLoop Sleep(200) Next EndIf EndIf EndIf Next ; Start by going through all currently logged on user keys (exclude system accounts and classes) $curkey = RegEnumKey("HKEY_USERS", $i) While @error = 0 If (StringLen($curkey) > 8) And (Not StringInStr($curkey, "_Classes")) Then ; Delete registry data If $value = "ÿ" Then RegDelete("HKEY_USERS\" & $curkey & "\" & $key) Else RegDelete("HKEY_USERS\" & $curkey & "\" & $key, $value) EndIf EndIf $i = $i + 1 $curkey = RegEnumKey("HKEY_USERS", $i) WEnd EndFunc ;==>_RegDeleteAllUsers ; === END _RegDeleteAllUsers === ; === _RegLoadHive === ; Loads a ntuser.dat file as a registry hive ; Requires SetPrivilege function. ; ; Inputs: $hiveName - name for the hive ; $NTUSER_datFile - full path to ntuser.dat file to load ; $RLH_key - (optional) root for hive (defaults to HKU) ; ; Returns: 1 - Successful ; 0 - Error (sets @error) Func _RegLoadHive($hiveName, $NTUSER_datFile, $RLH_key = "HKU") If Not (@OSType == "WIN32_NT") Then SetError(-1) Return 0 EndIf Const $HKEY_LOCAL_MACHINE = 0x80000002 Const $HKEY_USERS = 0x80000003 Const $SE_RESTORE_NAME = "SeRestorePrivilege" Const $SE_BACKUP_NAME = "SeBackupPrivilege" Local $RLH_ret Local $aPriv[2] If $RLH_key = "HKLM" Then $RLH_key = $HKEY_LOCAL_MACHINE ElseIf $RLH_key = "HKU" Then $RLH_key = $HKEY_USERS Else SetError(-2) Return 0 EndIf $aPriv[0] = $SE_RESTORE_NAME $aPriv[1] = $SE_BACKUP_NAME SetPrivilege($aPriv, 1) $RLH_ret = DllCall("Advapi32.dll", "int", "RegLoadKey", "int", $RLH_key, "str", $hiveName, "str", $NTUSER_datFile) SetError($RLH_ret[0]) Return Not $RLH_ret[0] EndFunc ;==>_RegLoadHive ; === END _RegLoadHive === ; === _RegUnloadHive === ; Unloads a registry hive ; Requires SetPrivilege function. ; ; Inputs: $hiveName - name for the hive ; $RLH_key - (optional) root for hive (defaults to HKU) ; ; Returns: 1 - Successful ; 0 - Error (sets @error) Func _RegUnloadHive($hiveName, $RUH_key = "HKU") If Not (@OSType == "WIN32_NT") Then SetError(-1) Return 0 EndIf Const $HKEY_LOCAL_MACHINE = 0x80000002 Const $HKEY_USERS = 0x80000003 Local $RUH_ret If $RUH_key = "HKLM" Then $RUH_key = $HKEY_LOCAL_MACHINE ElseIf $RUH_key = "HKU" Then $RUH_key = $HKEY_USERS Else SetError(-2) Return 0 EndIf $RUH_ret = DllCall("Advapi32.dll", "int", "RegUnLoadKey", "int", $RUH_key, "Str", $hiveName) Return Not $RUH_ret[0] EndFunc ;==>_RegUnloadHive ; === _RegUnloadHive === ; === SetPrivilege === ; Special function for use with registry hive functions Func SetPrivilege($privilege, $bEnable) Const $TOKEN_ADJUST_PRIVILEGES = 0x0020 Const $TOKEN_QUERY = 0x0008 Const $SE_PRIVILEGE_ENABLED = 0x0002 Local $hToken, $SP_auxret, $SP_ret, $hCurrProcess, $nTokens, $nTokenIndex, $priv, $LUID, $TOKEN_PRIVILEGES, $NEWTOKEN_PRIVILEGES, $ret, $f $nTokens = 1 $LUID = DllStructCreate("dword;int") If IsArray($privilege) Then $nTokens = UBound($privilege) $TOKEN_PRIVILEGES = DllStructCreate("dword;dword[" & (3 * $nTokens) & "]") $NEWTOKEN_PRIVILEGES = DllStructCreate("dword;dword[" & (3 * $nTokens) & "]") $hCurrProcess = DllCall("kernel32.dll", "hwnd", "GetCurrentProcess") $SP_auxret = DllCall("advapi32.dll", "int", "OpenProcessToken", "hwnd", $hCurrProcess[0], "int", BitOR($TOKEN_ADJUST_PRIVILEGES, $TOKEN_QUERY), "int*", 0) If $SP_auxret[0] Then $hToken = $SP_auxret[3] DllStructSetData($TOKEN_PRIVILEGES, 1, 1) $nTokenIndex = 1 While $nTokenIndex <= $nTokens If IsArray($privilege) Then $priv = $privilege[$nTokenIndex - 1] Else $priv = $privilege EndIf $ret = DllCall("advapi32.dll", "int", "LookupPrivilegeValue", "str", "", "str", $priv, _ "ptr", DllStructGetPtr($LUID)) If $ret[0] Then If $bEnable Then DllStructSetData($TOKEN_PRIVILEGES, 2, $SE_PRIVILEGE_ENABLED, (3 * $nTokenIndex)) Else DllStructSetData($TOKEN_PRIVILEGES, 2, 0, (3 * $nTokenIndex)) EndIf DllStructSetData($TOKEN_PRIVILEGES, 2, DllStructGetData($LUID, 1), (3 * ($nTokenIndex - 1)) + 1) DllStructSetData($TOKEN_PRIVILEGES, 2, DllStructGetData($LUID, 2), (3 * ($nTokenIndex - 1)) + 2) DllStructSetData($LUID, 1, 0) DllStructSetData($LUID, 2, 0) EndIf $nTokenIndex += 1 WEnd $ret = DllCall("advapi32.dll", "int", "AdjustTokenPrivileges", "hwnd", $hToken, "int", 0, _ "ptr", DllStructGetPtr($TOKEN_PRIVILEGES), "int", DllStructGetSize($NEWTOKEN_PRIVILEGES), _ "ptr", DllStructGetPtr($NEWTOKEN_PRIVILEGES), "int*", 0) $f = DllCall("kernel32.dll", "int", "GetLastError") EndIf $NEWTOKEN_PRIVILEGES = 0 $TOKEN_PRIVILEGES = 0 $LUID = 0 If $SP_auxret[0] = 0 Then Return 0 $SP_auxret = DllCall("kernel32.dll", "int", "CloseHandle", "hwnd", $hToken) If Not $ret[0] And Not $SP_auxret[0] Then Return 0 Return $ret[0] EndFunc ;==>SetPrivilege ; === SetPrivilege === Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now