Use List of Windows accounts to add reg keys using SIDSGet list of passed arguments in Windows batch script (.bat)Windows 7 REG ADD and %DATE%Problems finding the value of registry keysReg add for loopWindows Uninstall using REG Query to logDelete Parent Registry Key based on valueDynamically Inject Registry Key Based on if Certain Printer Name ExistsUse variable in batch file multiple timesgetting windows product key from bioswindows - reg add ignores /f
Should I disclose a colleague's illness (that I should not know) when others badmouth him
Is the Indo-European language family made up?
Is it true that cut time means "play twice as fast as written"?
Using credit/debit card details vs swiping a card in a payment (credit card) terminal
Image processing: Removal of two spots in fundus images
Should one buy new hardware after a system compromise?
Why did David Cameron offer a referendum on the European Union?
What is a Centaur Thief's climbing speed?
Compactness of finite sets
Plot twist where the antagonist wins
Filling between two arrays with ListPointPlot3D
Is it possible to build VPN remote access environment without VPN server?
Who will lead the country until there is a new Tory leader?
Reduction from Exact Cover to Fixed Exact Cover
How to respond to an upset student?
Why doesn't the Earth accelerate towards the Moon?
Make 24 using exactly three 3s
What are these arcade games in Ghostbusters 1984?
Line of lights moving in a straight line , with a few following
Crossing US border with music files I'm legally allowed to possess
Is the field of q-series 'dead'?
Python program to find the most frequent letter in a text
Would jet fuel for an F-16 or F-35 be producible during WW2?
Grammar Question Regarding "Are the" or "Is the" When Referring to Something that May or May not be Plural
Use List of Windows accounts to add reg keys using SIDS
Get list of passed arguments in Windows batch script (.bat)Windows 7 REG ADD and %DATE%Problems finding the value of registry keysReg add for loopWindows Uninstall using REG Query to logDelete Parent Registry Key based on valueDynamically Inject Registry Key Based on if Certain Printer Name ExistsUse variable in batch file multiple timesgetting windows product key from bioswindows - reg add ignores /f
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
edit re explanation to improve answers.
Project
As a third party engineer I am attending a site to install a piece of Software. The Infrastructure is "very" locked down. I will be supplied with an admin account for the day to install the software. However, to make the software work properly FOR ALL USERS (not just admin logged in) I have been instructed by IT dept. to manually create a KEY and then add a string value within created key for every user account on the PC. Our software in a standard environment caters for this with an all users reg key but it doesn't run (not allowed - don't ask!) in these specific places.
The location of where they want the the KEY is within the HKEY_USERS path in the reg:-
HKEY_USERSS-1-5-21-XXXXXXXXX-XXXXXXXXX-XXXXXXXXXX-XXXXXSoftwareMicrosoft
so lets say 2 people logged in this PC and they need to use our software later on
john.jones
mary.shelley
I need to find the sid relating to john jones and go and add the key to his section in HKEY_USERS
I then need to find mary.shelley sid and then go and the key to her HKEY_USERS section, etc.
Now I know from the environments I work in there could be 20 + user acounts on there so really would like to avoid manually adding they keys over and over for all the accounts on every PC I'm installing at.
A log on script would be better, but this all I have to deal with at present.
State of Script Now
@echo off
REM Read file with user names
FOR /F "usebackq tokens=*" %%G in ("users.txt") do (
REM use user name to find SID
FOR /F "delims=" %%H IN ('"wmic useraccount where name='%%~G' get sid| findstr /vi "SID""') DO (
REM Strip trailing line with CR
FOR /F "delims= " %%I IN ("%%~H") DO (
REM %%I is now the SID of the USER
REG ADD "HKEY_USERS%%ISoftwareMicrosoftaddstuffhere" /f
REG ADD "HKEY_USERS%%ISoftwareMicrosoftaddstuffhere" /t REG_SZ /d "addstuffhere"" /f
)
)
)
This is pretty much automating the whole thing as planned; loops through a text file of user names of users who use the PC, grabs the SID, applies sid as variable, then is used to write the key in the right place for that user, and on through the list doing to same for every account listed.
The only part that may need altering is the WMIC section is not finding certain users who have bona fide windows accounts.
when I tested the working code on my laptop it worked fine for my administrator account, but me logged in as joe_blogs (e.g.) came up with "no instance available". Because in isolation the WMIC code just brought up only a few not all, so couldn't do what it needed to do.
I know from previous questions this WMIC code brings up every account:-
WMIC Path Win32_UserProfile Where "Special='False' And Not LocalPath='Null'" Get LocalPath,SID | find /v ""
Perhaps that can be incorporated into current working code to make sure every account is catered for.
I know the users all need to have logged in at each PC for this to work, so with regards to the list of user profiles, I can garner that on the day asking "who of your users needs to use our stuff on the PC's" and make the users.txt
thanks - hope that really explains it :/
edit instructions for what I have been asked to do (altered key names slightly for privacy)
1. Log on to the PC with a standard technician admin account
2. Open regedit.exe
3. Navigate to* HKEY_USERSS-1-5-21-XXXXXXXXX-XXXXXXXXX-XXXXXXXXXX- XXXXXSoftwareMicrosoftTerminal Server ClientDefaultAddins
a. Right-click Addins > New > Key and create foo
b. Right-click foo > New > String Value and create Name
c. Double-click Name and in Value Data enter† C:foofilefoo.dll
4. Repeat step 3 for each user: it should be possible to edit the SID in an exported key by right-clicking on the next
HKEY_USERS entry > Rename > Ctrl+C > Esc then replacing the SID in the exported reg key – this has not been tested but may be worth trying
*The user SID is unique so this has to be done per user. If there are a lot of users listed in the registry it is possible to find which SID belongs to which user by checking the key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionProfileList
batch-file wmic
asked Mar 24 at 5:30
Tika9o9Tika9o9
10110
|
show 11 more comments
edit re explanation to improve answers.
Project
As a third party engineer I am attending a site to install a piece of Software. The Infrastructure is "very" locked down. I will be supplied with an admin account for the day to install the software. However, to make the software work properly FOR ALL USERS (not just admin logged in) I have been instructed by IT dept. to manually create a KEY and then add a string value within created key for every user account on the PC. Our software in a standard environment caters for this with an all users reg key but it doesn't run (not allowed - don't ask!) in these specific places.
The location of where they want the the KEY is within the HKEY_USERS path in the reg:-
HKEY_USERSS-1-5-21-XXXXXXXXX-XXXXXXXXX-XXXXXXXXXX-XXXXXSoftwareMicrosoft
so lets say 2 people logged in this PC and they need to use our software later on
john.jones
mary.shelley
I need to find the sid relating to john jones and go and add the key to his section in HKEY_USERS
I then need to find mary.shelley sid and then go and the key to her HKEY_USERS section, etc.
Now I know from the environments I work in there could be 20 + user acounts on there so really would like to avoid manually adding they keys over and over for all the accounts on every PC I'm installing at.
A log on script would be better, but this all I have to deal with at present.
State of Script Now
@echo off
REM Read file with user names
FOR /F "usebackq tokens=*" %%G in ("users.txt") do (
REM use user name to find SID
FOR /F "delims=" %%H IN ('"wmic useraccount where name='%%~G' get sid| findstr /vi "SID""') DO (
REM Strip trailing line with CR
FOR /F "delims= " %%I IN ("%%~H") DO (
REM %%I is now the SID of the USER
REG ADD "HKEY_USERS%%ISoftwareMicrosoftaddstuffhere" /f
REG ADD "HKEY_USERS%%ISoftwareMicrosoftaddstuffhere" /t REG_SZ /d "addstuffhere"" /f
)
)
)
This is pretty much automating the whole thing as planned; loops through a text file of user names of users who use the PC, grabs the SID, applies sid as variable, then is used to write the key in the right place for that user, and on through the list doing to same for every account listed.
The only part that may need altering is the WMIC section is not finding certain users who have bona fide windows accounts.
when I tested the working code on my laptop it worked fine for my administrator account, but me logged in as joe_blogs (e.g.) came up with "no instance available". Because in isolation the WMIC code just brought up only a few not all, so couldn't do what it needed to do.
I know from previous questions this WMIC code brings up every account:-
WMIC Path Win32_UserProfile Where "Special='False' And Not LocalPath='Null'" Get LocalPath,SID | find /v ""
Perhaps that can be incorporated into current working code to make sure every account is catered for.
I know the users all need to have logged in at each PC for this to work, so with regards to the list of user profiles, I can garner that on the day asking "who of your users needs to use our stuff on the PC's" and make the users.txt
thanks - hope that really explains it :/
edit instructions for what I have been asked to do (altered key names slightly for privacy)
1. Log on to the PC with a standard technician admin account
2. Open regedit.exe
3. Navigate to* HKEY_USERSS-1-5-21-XXXXXXXXX-XXXXXXXXX-XXXXXXXXXX- XXXXXSoftwareMicrosoftTerminal Server ClientDefaultAddins
a. Right-click Addins > New > Key and create foo
b. Right-click foo > New > String Value and create Name
c. Double-click Name and in Value Data enter† C:foofilefoo.dll
4. Repeat step 3 for each user: it should be possible to edit the SID in an exported key by right-clicking on the next
HKEY_USERS entry > Rename > Ctrl+C > Esc then replacing the SID in the exported reg key – this has not been tested but may be worth trying
*The user SID is unique so this has to be done per user. If there are a lot of users listed in the registry it is possible to find which SID belongs to which user by checking the key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionProfileList
batch-file wmic
asked Mar 24 at 5:30
Tika9o9Tika9o9
10110
You have to use aFOR /Fcommand to retrieve theWMICoutput.
– Squashman
Mar 24 at 6:29
Thanks, but the problem I’m having is isolating the actual Sid for the user in the text file?
– Tika9o9
Mar 24 at 6:34
Your input file example does not show the SIDS with the usernames. How is anyone supposed to know what format it is in? Why are you using WMIC if you already have the username and SID?
– Squashman
Mar 24 at 6:39
That’s the point, I don’t know the Sid, it’s a standard notepad text file Utf-8, so I want to match the user name in the text file against the output of WMIC command , get the Sid for that user, then write a reg key against the users Sid ID in hkey users
– Tika9o9
Mar 24 at 6:42
You are really confusing the hell out of me. I am looking at your previous questions about this same topic and you seem to have all the information you need in your previous questions.
– Squashman
Mar 24 at 6:47
|
show 11 more comments
edit re explanation to improve answers.
Project
As a third party engineer I am attending a site to install a piece of Software. The Infrastructure is "very" locked down. I will be supplied with an admin account for the day to install the software. However, to make the software work properly FOR ALL USERS (not just admin logged in) I have been instructed by IT dept. to manually create a KEY and then add a string value within created key for every user account on the PC. Our software in a standard environment caters for this with an all users reg key but it doesn't run (not allowed - don't ask!) in these specific places.
The location of where they want the the KEY is within the HKEY_USERS path in the reg:-
HKEY_USERSS-1-5-21-XXXXXXXXX-XXXXXXXXX-XXXXXXXXXX-XXXXXSoftwareMicrosoft
so lets say 2 people logged in this PC and they need to use our software later on
john.jones
mary.shelley
I need to find the sid relating to john jones and go and add the key to his section in HKEY_USERS
I then need to find mary.shelley sid and then go and the key to her HKEY_USERS section, etc.
Now I know from the environments I work in there could be 20 + user acounts on there so really would like to avoid manually adding they keys over and over for all the accounts on every PC I'm installing at.
A log on script would be better, but this all I have to deal with at present.
State of Script Now
@echo off
REM Read file with user names
FOR /F "usebackq tokens=*" %%G in ("users.txt") do (
REM use user name to find SID
FOR /F "delims=" %%H IN ('"wmic useraccount where name='%%~G' get sid| findstr /vi "SID""') DO (
REM Strip trailing line with CR
FOR /F "delims= " %%I IN ("%%~H") DO (
REM %%I is now the SID of the USER
REG ADD "HKEY_USERS%%ISoftwareMicrosoftaddstuffhere" /f
REG ADD "HKEY_USERS%%ISoftwareMicrosoftaddstuffhere" /t REG_SZ /d "addstuffhere"" /f
)
)
)
This is pretty much automating the whole thing as planned; loops through a text file of user names of users who use the PC, grabs the SID, applies sid as variable, then is used to write the key in the right place for that user, and on through the list doing to same for every account listed.
The only part that may need altering is the WMIC section is not finding certain users who have bona fide windows accounts.
when I tested the working code on my laptop it worked fine for my administrator account, but me logged in as joe_blogs (e.g.) came up with "no instance available". Because in isolation the WMIC code just brought up only a few not all, so couldn't do what it needed to do.
I know from previous questions this WMIC code brings up every account:-
WMIC Path Win32_UserProfile Where "Special='False' And Not LocalPath='Null'" Get LocalPath,SID | find /v ""
Perhaps that can be incorporated into current working code to make sure every account is catered for.
I know the users all need to have logged in at each PC for this to work, so with regards to the list of user profiles, I can garner that on the day asking "who of your users needs to use our stuff on the PC's" and make the users.txt
thanks - hope that really explains it :/
edit instructions for what I have been asked to do (altered key names slightly for privacy)
1. Log on to the PC with a standard technician admin account
2. Open regedit.exe
3. Navigate to* HKEY_USERSS-1-5-21-XXXXXXXXX-XXXXXXXXX-XXXXXXXXXX- XXXXXSoftwareMicrosoftTerminal Server ClientDefaultAddins
a. Right-click Addins > New > Key and create foo
b. Right-click foo > New > String Value and create Name
c. Double-click Name and in Value Data enter† C:foofilefoo.dll
4. Repeat step 3 for each user: it should be possible to edit the SID in an exported key by right-clicking on the next
HKEY_USERS entry > Rename > Ctrl+C > Esc then replacing the SID in the exported reg key – this has not been tested but may be worth trying
*The user SID is unique so this has to be done per user. If there are a lot of users listed in the registry it is possible to find which SID belongs to which user by checking the key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionProfileList
batch-file wmic
asked Mar 24 at 5:30
Tika9o9Tika9o9
10110
edit re explanation to improve answers.
Project
As a third party engineer I am attending a site to install a piece of Software. The Infrastructure is "very" locked down. I will be supplied with an admin account for the day to install the software. However, to make the software work properly FOR ALL USERS (not just admin logged in) I have been instructed by IT dept. to manually create a KEY and then add a string value within created key for every user account on the PC. Our software in a standard environment caters for this with an all users reg key but it doesn't run (not allowed - don't ask!) in these specific places.
The location of where they want the the KEY is within the HKEY_USERS path in the reg:-
HKEY_USERSS-1-5-21-XXXXXXXXX-XXXXXXXXX-XXXXXXXXXX-XXXXXSoftwareMicrosoft
so lets say 2 people logged in this PC and they need to use our software later on
john.jones
mary.shelley
I need to find the sid relating to john jones and go and add the key to his section in HKEY_USERS
I then need to find mary.shelley sid and then go and the key to her HKEY_USERS section, etc.
Now I know from the environments I work in there could be 20 + user acounts on there so really would like to avoid manually adding they keys over and over for all the accounts on every PC I'm installing at.
A log on script would be better, but this all I have to deal with at present.
State of Script Now
@echo off
REM Read file with user names
FOR /F "usebackq tokens=*" %%G in ("users.txt") do (
REM use user name to find SID
FOR /F "delims=" %%H IN ('"wmic useraccount where name='%%~G' get sid| findstr /vi "SID""') DO (
REM Strip trailing line with CR
FOR /F "delims= " %%I IN ("%%~H") DO (
REM %%I is now the SID of the USER
REG ADD "HKEY_USERS%%ISoftwareMicrosoftaddstuffhere" /f
REG ADD "HKEY_USERS%%ISoftwareMicrosoftaddstuffhere" /t REG_SZ /d "addstuffhere"" /f
)
)
)
This is pretty much automating the whole thing as planned; loops through a text file of user names of users who use the PC, grabs the SID, applies sid as variable, then is used to write the key in the right place for that user, and on through the list doing to same for every account listed.
The only part that may need altering is the WMIC section is not finding certain users who have bona fide windows accounts.
when I tested the working code on my laptop it worked fine for my administrator account, but me logged in as joe_blogs (e.g.) came up with "no instance available". Because in isolation the WMIC code just brought up only a few not all, so couldn't do what it needed to do.
I know from previous questions this WMIC code brings up every account:-
WMIC Path Win32_UserProfile Where "Special='False' And Not LocalPath='Null'" Get LocalPath,SID | find /v ""
Perhaps that can be incorporated into current working code to make sure every account is catered for.
I know the users all need to have logged in at each PC for this to work, so with regards to the list of user profiles, I can garner that on the day asking "who of your users needs to use our stuff on the PC's" and make the users.txt
thanks - hope that really explains it :/
edit instructions for what I have been asked to do (altered key names slightly for privacy)
1. Log on to the PC with a standard technician admin account
2. Open regedit.exe
3. Navigate to* HKEY_USERSS-1-5-21-XXXXXXXXX-XXXXXXXXX-XXXXXXXXXX- XXXXXSoftwareMicrosoftTerminal Server ClientDefaultAddins
a. Right-click Addins > New > Key and create foo
b. Right-click foo > New > String Value and create Name
c. Double-click Name and in Value Data enter† C:foofilefoo.dll
4. Repeat step 3 for each user: it should be possible to edit the SID in an exported key by right-clicking on the next
HKEY_USERS entry > Rename > Ctrl+C > Esc then replacing the SID in the exported reg key – this has not been tested but may be worth trying
*The user SID is unique so this has to be done per user. If there are a lot of users listed in the registry it is possible to find which SID belongs to which user by checking the key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionProfileList
batch-file wmic
batch-file wmic
asked Mar 24 at 5:30
Tika9o9Tika9o9
10110
asked Mar 24 at 5:30
Tika9o9Tika9o9
10110
edited Mar 24 at 16:50
Tika9o9
asked Mar 24 at 5:30
Tika9o9Tika9o9
10110
asked Mar 24 at 5:30
Tika9o9Tika9o9
10110
asked Mar 24 at 5:30
Tika9o9Tika9o9
10110
10110
You have to use aFOR /Fcommand to retrieve theWMICoutput.
– Squashman
Mar 24 at 6:29
Thanks, but the problem I’m having is isolating the actual Sid for the user in the text file?
– Tika9o9
Mar 24 at 6:34
Your input file example does not show the SIDS with the usernames. How is anyone supposed to know what format it is in? Why are you using WMIC if you already have the username and SID?
– Squashman
Mar 24 at 6:39
That’s the point, I don’t know the Sid, it’s a standard notepad text file Utf-8, so I want to match the user name in the text file against the output of WMIC command , get the Sid for that user, then write a reg key against the users Sid ID in hkey users
– Tika9o9
Mar 24 at 6:42
You are really confusing the hell out of me. I am looking at your previous questions about this same topic and you seem to have all the information you need in your previous questions.
– Squashman
Mar 24 at 6:47
|
show 11 more comments
You have to use aFOR /Fcommand to retrieve theWMICoutput.
– Squashman
Mar 24 at 6:29
Thanks, but the problem I’m having is isolating the actual Sid for the user in the text file?
– Tika9o9
Mar 24 at 6:34
Your input file example does not show the SIDS with the usernames. How is anyone supposed to know what format it is in? Why are you using WMIC if you already have the username and SID?
– Squashman
Mar 24 at 6:39
That’s the point, I don’t know the Sid, it’s a standard notepad text file Utf-8, so I want to match the user name in the text file against the output of WMIC command , get the Sid for that user, then write a reg key against the users Sid ID in hkey users
– Tika9o9
Mar 24 at 6:42
You are really confusing the hell out of me. I am looking at your previous questions about this same topic and you seem to have all the information you need in your previous questions.
– Squashman
Mar 24 at 6:47
You have to use a
FOR /F command to retrieve the WMIC output.– Squashman
Mar 24 at 6:29
You have to use a
FOR /F command to retrieve the WMIC output.– Squashman
Mar 24 at 6:29
Thanks, but the problem I’m having is isolating the actual Sid for the user in the text file?
– Tika9o9
Mar 24 at 6:34
Thanks, but the problem I’m having is isolating the actual Sid for the user in the text file?
– Tika9o9
Mar 24 at 6:34
Your input file example does not show the SIDS with the usernames. How is anyone supposed to know what format it is in? Why are you using WMIC if you already have the username and SID?
– Squashman
Mar 24 at 6:39
Your input file example does not show the SIDS with the usernames. How is anyone supposed to know what format it is in? Why are you using WMIC if you already have the username and SID?
– Squashman
Mar 24 at 6:39
That’s the point, I don’t know the Sid, it’s a standard notepad text file Utf-8, so I want to match the user name in the text file against the output of WMIC command , get the Sid for that user, then write a reg key against the users Sid ID in hkey users
– Tika9o9
Mar 24 at 6:42
That’s the point, I don’t know the Sid, it’s a standard notepad text file Utf-8, so I want to match the user name in the text file against the output of WMIC command , get the Sid for that user, then write a reg key against the users Sid ID in hkey users
– Tika9o9
Mar 24 at 6:42
You are really confusing the hell out of me. I am looking at your previous questions about this same topic and you seem to have all the information you need in your previous questions.
– Squashman
Mar 24 at 6:47
You are really confusing the hell out of me. I am looking at your previous questions about this same topic and you seem to have all the information you need in your previous questions.
– Squashman
Mar 24 at 6:47
|
show 11 more comments
2 Answers
2
active
oldest
votes
After reading your edit, it sounds like there's some room to wiggle here. If we take 2 small liberties, this could be done in a single command line. If one or both liberties can't be taken, let me know.
If WMIC isn't required, and if we can target all SIDs present rather than trying to match names to SIDs, then 'reg.exe' and 'for' can do this quickly. Here's an example with sample output:
(Optional) Enum Profiles:
cmd:
for /f "delims= tokens=2" %A in ('reg query hku ^| findstr /i "S-1-5-21-" ^| findstr /v /i "_Classes"') do @echo ;[i] Profile Found: %A
output:
;[i] Profile Found: S-1-5-21-277974881-2357464463-7727422770-1001
;[i] Profile Found: S-1-5-21-277974881-2357464463-7727422770-1002
;[i] Profile Found: S-1-5-21-277974881-2357464463-7727422770-1007
Add Key+Value
cmd:
for /f "delims= tokens=2" %A in ('reg query hku ^| findstr /i "S-1-5-21-" ^| findstr /v /i "_Classes"') do @(reg add "hku%ASoftwareMicrosoftTerminal Server ClientDefaultAddinsFooKey" /v FooName /t REG_SZ /d "C:foofilefoo.dll" /f >nul 2>&1 && (echo ;[i] Reg Key Added %A) || (echo ;[i] Reg Key Failed To Add %A))
output:
;[i] Reg Key Added S-1-5-21-277974881-2357464463-7727422770-1001
;[i] Reg Key Added S-1-5-21-277974881-2357464463-7727422770-1002
;[i] Reg Key Added S-1-5-21-277974881-2357464463-7727422770-1007
(Optional) Verify Success:
cmd:
for /f "delims= tokens=2" %A in ('reg query hku ^| findstr /i "S-1-5-21-" ^| findstr /v /i "_Classes"') do @(reg query "hku%ASoftwareMicrosoftTerminal Server ClientDefaultAddinsFooKey" /v FooName 2>nul || echo ;[e] Couldn't Find Key %A)
output:
HKEY_USERSS-1-5-21-277974881-2357464463-7727422770-1001SoftwareMicrosoftTerminal Server ClientDefaultAddinsFooKey
FooName REG_SZ C:foofilefoo.dll
HKEY_USERSS-1-5-21-277974881-2357464463-7727422770-1002SoftwareMicrosoftTerminal Server ClientDefaultAddinsFooKey
FooName REG_SZ C:foofilefoo.dll
HKEY_USERSS-1-5-21-277974881-2357464463-7727422770-1007SoftwareMicrosoftTerminal Server ClientDefaultAddinsFooKey
FooName REG_SZ C:foofilefoo.dll
answered Mar 27 at 21:02
SecurityAndPrivacyGuruSecurityAndPrivacyGuru
1267
Hey, thanks for this, looks good! I tried the first line as bat file, didn’t run, then in cmd window, %A was unexpected at this time, also if possible a quick run through of how the delims/tokens part works, always struggle getting head round that :-)
– Tika9o9
Mar 27 at 22:47
Made the %A %%A and it worked! For enum, so the S-1-5-21 part in the key is that always given to actual user accounts ? Thanks !
– Tika9o9
Mar 27 at 23:13
Yes, "S-1-5-21" means user account. The next 3 parts are the domain (which is either an AD domain, or the local "domain (aka, local computer), followed by the last part which is RID (aka sequential number of creation)).
– SecurityAndPrivacyGuru
Mar 29 at 13:42
Did that answer everything for you? :-)
– SecurityAndPrivacyGuru
Mar 29 at 13:42
As for delims/tokens, the "delims" is where to chop the line. In this example, I wanted to chop the line between back slashes (""). The "tokens" is which of the chopped parts you want back. Since you didn't want "HKEY_USERS", I only asked for the 2nd token back, which of course was the SID.
– SecurityAndPrivacyGuru
Mar 29 at 13:45
|
show 1 more comment
Not sure if I am understanding your question. My first comment should have made it quite clear. You need to use a FOR /F command to capture the WMIC output. That is the only way you can assign the SID to a variable.
@echo off
REM Read file with user names
FOR /F "usebackq tokens=*" %%G in ("users.txt") do (
REM use user name to find SID
FOR /F "delims=" %%H IN ('"wmic useraccount where name='%%~G' get sid| findstr /vi "SID""') DO (
REM Strip trailing line with CR
FOR /F "delims= " %%I IN ("%%~H") DO (
REM %%I is now the SID of the USER
REG ADD "HKEY_USERS%%ISoftwareMicrosoftaddstuffhere" /f
REG ADD "HKEY_USERS%%ISoftwareMicrosoftaddstuffhere" /t REG_SZ /d "addstuffhere"" /f
)
)
)
answered Mar 24 at 7:00
SquashmanSquashman
9,44632033
That's exactly it, sorry for confusing you, I have tested and almost there the sid get extracted perfect but fails in the reg part, if I echo the variable to a text file seems there is some trailing spaces also meaning the reg part fails because it thinks the SID is wrong with the spaces at the back
– Tika9o9
Mar 24 at 7:12
Yes I fixed that with my last edit.
– Squashman
Mar 24 at 7:12
Wow, smashed it, that works, for some reason for Administrator account of the test machines works amazing, but for me logged on it says there is no instance available, might need to tweak WMIC to show all accounts, sorry to be a pain...appreciate this....
– Tika9o9
Mar 24 at 7:29
2
Piping from wmic.exe is far from ideal since it's hard coded to write OEM encoded text. Make sure the console codepage is set to whatever the OEM codepage is in order to avoid mojibake. But give up all hope if you have user names and profile paths with arbitrary Unicode characters. There's no way to handle that with a legacy codepage, unless you're running Windows 10 with the beta support enabled to set OEM/ANSI to UTF-8.
– eryksun
Mar 24 at 9:21
Also, I'm surprised that the profile is loaded for every name in your list. Normally it's only loaded for an interactive session, and eventually gets unloaded when then user logs off. I 'd expect that you'd have to manually load some of the ntuser.dat hive files to a temporary key.
– eryksun
Mar 24 at 9:23
|
show 1 more comment
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55320994%2fuse-list-of-windows-accounts-to-add-reg-keys-using-sids%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
After reading your edit, it sounds like there's some room to wiggle here. If we take 2 small liberties, this could be done in a single command line. If one or both liberties can't be taken, let me know.
If WMIC isn't required, and if we can target all SIDs present rather than trying to match names to SIDs, then 'reg.exe' and 'for' can do this quickly. Here's an example with sample output:
(Optional) Enum Profiles:
cmd:
for /f "delims= tokens=2" %A in ('reg query hku ^| findstr /i "S-1-5-21-" ^| findstr /v /i "_Classes"') do @echo ;[i] Profile Found: %A
output:
;[i] Profile Found: S-1-5-21-277974881-2357464463-7727422770-1001
;[i] Profile Found: S-1-5-21-277974881-2357464463-7727422770-1002
;[i] Profile Found: S-1-5-21-277974881-2357464463-7727422770-1007
Add Key+Value
cmd:
for /f "delims= tokens=2" %A in ('reg query hku ^| findstr /i "S-1-5-21-" ^| findstr /v /i "_Classes"') do @(reg add "hku%ASoftwareMicrosoftTerminal Server ClientDefaultAddinsFooKey" /v FooName /t REG_SZ /d "C:foofilefoo.dll" /f >nul 2>&1 && (echo ;[i] Reg Key Added %A) || (echo ;[i] Reg Key Failed To Add %A))
output:
;[i] Reg Key Added S-1-5-21-277974881-2357464463-7727422770-1001
;[i] Reg Key Added S-1-5-21-277974881-2357464463-7727422770-1002
;[i] Reg Key Added S-1-5-21-277974881-2357464463-7727422770-1007
(Optional) Verify Success:
cmd:
for /f "delims= tokens=2" %A in ('reg query hku ^| findstr /i "S-1-5-21-" ^| findstr /v /i "_Classes"') do @(reg query "hku%ASoftwareMicrosoftTerminal Server ClientDefaultAddinsFooKey" /v FooName 2>nul || echo ;[e] Couldn't Find Key %A)
output:
HKEY_USERSS-1-5-21-277974881-2357464463-7727422770-1001SoftwareMicrosoftTerminal Server ClientDefaultAddinsFooKey
FooName REG_SZ C:foofilefoo.dll
HKEY_USERSS-1-5-21-277974881-2357464463-7727422770-1002SoftwareMicrosoftTerminal Server ClientDefaultAddinsFooKey
FooName REG_SZ C:foofilefoo.dll
HKEY_USERSS-1-5-21-277974881-2357464463-7727422770-1007SoftwareMicrosoftTerminal Server ClientDefaultAddinsFooKey
FooName REG_SZ C:foofilefoo.dll
answered Mar 27 at 21:02
SecurityAndPrivacyGuruSecurityAndPrivacyGuru
1267
Hey, thanks for this, looks good! I tried the first line as bat file, didn’t run, then in cmd window, %A was unexpected at this time, also if possible a quick run through of how the delims/tokens part works, always struggle getting head round that :-)
– Tika9o9
Mar 27 at 22:47
Made the %A %%A and it worked! For enum, so the S-1-5-21 part in the key is that always given to actual user accounts ? Thanks !
– Tika9o9
Mar 27 at 23:13
Yes, "S-1-5-21" means user account. The next 3 parts are the domain (which is either an AD domain, or the local "domain (aka, local computer), followed by the last part which is RID (aka sequential number of creation)).
– SecurityAndPrivacyGuru
Mar 29 at 13:42
Did that answer everything for you? :-)
– SecurityAndPrivacyGuru
Mar 29 at 13:42
As for delims/tokens, the "delims" is where to chop the line. In this example, I wanted to chop the line between back slashes (""). The "tokens" is which of the chopped parts you want back. Since you didn't want "HKEY_USERS", I only asked for the 2nd token back, which of course was the SID.
– SecurityAndPrivacyGuru
Mar 29 at 13:45
|
show 1 more comment
After reading your edit, it sounds like there's some room to wiggle here. If we take 2 small liberties, this could be done in a single command line. If one or both liberties can't be taken, let me know.
If WMIC isn't required, and if we can target all SIDs present rather than trying to match names to SIDs, then 'reg.exe' and 'for' can do this quickly. Here's an example with sample output:
(Optional) Enum Profiles:
cmd:
for /f "delims= tokens=2" %A in ('reg query hku ^| findstr /i "S-1-5-21-" ^| findstr /v /i "_Classes"') do @echo ;[i] Profile Found: %A
output:
;[i] Profile Found: S-1-5-21-277974881-2357464463-7727422770-1001
;[i] Profile Found: S-1-5-21-277974881-2357464463-7727422770-1002
;[i] Profile Found: S-1-5-21-277974881-2357464463-7727422770-1007
Add Key+Value
cmd:
for /f "delims= tokens=2" %A in ('reg query hku ^| findstr /i "S-1-5-21-" ^| findstr /v /i "_Classes"') do @(reg add "hku%ASoftwareMicrosoftTerminal Server ClientDefaultAddinsFooKey" /v FooName /t REG_SZ /d "C:foofilefoo.dll" /f >nul 2>&1 && (echo ;[i] Reg Key Added %A) || (echo ;[i] Reg Key Failed To Add %A))
output:
;[i] Reg Key Added S-1-5-21-277974881-2357464463-7727422770-1001
;[i] Reg Key Added S-1-5-21-277974881-2357464463-7727422770-1002
;[i] Reg Key Added S-1-5-21-277974881-2357464463-7727422770-1007
(Optional) Verify Success:
cmd:
for /f "delims= tokens=2" %A in ('reg query hku ^| findstr /i "S-1-5-21-" ^| findstr /v /i "_Classes"') do @(reg query "hku%ASoftwareMicrosoftTerminal Server ClientDefaultAddinsFooKey" /v FooName 2>nul || echo ;[e] Couldn't Find Key %A)
output:
HKEY_USERSS-1-5-21-277974881-2357464463-7727422770-1001SoftwareMicrosoftTerminal Server ClientDefaultAddinsFooKey
FooName REG_SZ C:foofilefoo.dll
HKEY_USERSS-1-5-21-277974881-2357464463-7727422770-1002SoftwareMicrosoftTerminal Server ClientDefaultAddinsFooKey
FooName REG_SZ C:foofilefoo.dll
HKEY_USERSS-1-5-21-277974881-2357464463-7727422770-1007SoftwareMicrosoftTerminal Server ClientDefaultAddinsFooKey
FooName REG_SZ C:foofilefoo.dll
answered Mar 27 at 21:02
SecurityAndPrivacyGuruSecurityAndPrivacyGuru
1267
Hey, thanks for this, looks good! I tried the first line as bat file, didn’t run, then in cmd window, %A was unexpected at this time, also if possible a quick run through of how the delims/tokens part works, always struggle getting head round that :-)
– Tika9o9
Mar 27 at 22:47
Made the %A %%A and it worked! For enum, so the S-1-5-21 part in the key is that always given to actual user accounts ? Thanks !
– Tika9o9
Mar 27 at 23:13
Yes, "S-1-5-21" means user account. The next 3 parts are the domain (which is either an AD domain, or the local "domain (aka, local computer), followed by the last part which is RID (aka sequential number of creation)).
– SecurityAndPrivacyGuru
Mar 29 at 13:42
Did that answer everything for you? :-)
– SecurityAndPrivacyGuru
Mar 29 at 13:42
As for delims/tokens, the "delims" is where to chop the line. In this example, I wanted to chop the line between back slashes (""). The "tokens" is which of the chopped parts you want back. Since you didn't want "HKEY_USERS", I only asked for the 2nd token back, which of course was the SID.
– SecurityAndPrivacyGuru
Mar 29 at 13:45
|
show 1 more comment
After reading your edit, it sounds like there's some room to wiggle here. If we take 2 small liberties, this could be done in a single command line. If one or both liberties can't be taken, let me know.
If WMIC isn't required, and if we can target all SIDs present rather than trying to match names to SIDs, then 'reg.exe' and 'for' can do this quickly. Here's an example with sample output:
(Optional) Enum Profiles:
cmd:
for /f "delims= tokens=2" %A in ('reg query hku ^| findstr /i "S-1-5-21-" ^| findstr /v /i "_Classes"') do @echo ;[i] Profile Found: %A
output:
;[i] Profile Found: S-1-5-21-277974881-2357464463-7727422770-1001
;[i] Profile Found: S-1-5-21-277974881-2357464463-7727422770-1002
;[i] Profile Found: S-1-5-21-277974881-2357464463-7727422770-1007
Add Key+Value
cmd:
for /f "delims= tokens=2" %A in ('reg query hku ^| findstr /i "S-1-5-21-" ^| findstr /v /i "_Classes"') do @(reg add "hku%ASoftwareMicrosoftTerminal Server ClientDefaultAddinsFooKey" /v FooName /t REG_SZ /d "C:foofilefoo.dll" /f >nul 2>&1 && (echo ;[i] Reg Key Added %A) || (echo ;[i] Reg Key Failed To Add %A))
output:
;[i] Reg Key Added S-1-5-21-277974881-2357464463-7727422770-1001
;[i] Reg Key Added S-1-5-21-277974881-2357464463-7727422770-1002
;[i] Reg Key Added S-1-5-21-277974881-2357464463-7727422770-1007
(Optional) Verify Success:
cmd:
for /f "delims= tokens=2" %A in ('reg query hku ^| findstr /i "S-1-5-21-" ^| findstr /v /i "_Classes"') do @(reg query "hku%ASoftwareMicrosoftTerminal Server ClientDefaultAddinsFooKey" /v FooName 2>nul || echo ;[e] Couldn't Find Key %A)
output:
HKEY_USERSS-1-5-21-277974881-2357464463-7727422770-1001SoftwareMicrosoftTerminal Server ClientDefaultAddinsFooKey
FooName REG_SZ C:foofilefoo.dll
HKEY_USERSS-1-5-21-277974881-2357464463-7727422770-1002SoftwareMicrosoftTerminal Server ClientDefaultAddinsFooKey
FooName REG_SZ C:foofilefoo.dll
HKEY_USERSS-1-5-21-277974881-2357464463-7727422770-1007SoftwareMicrosoftTerminal Server ClientDefaultAddinsFooKey
FooName REG_SZ C:foofilefoo.dll
answered Mar 27 at 21:02
SecurityAndPrivacyGuruSecurityAndPrivacyGuru
1267
After reading your edit, it sounds like there's some room to wiggle here. If we take 2 small liberties, this could be done in a single command line. If one or both liberties can't be taken, let me know.
If WMIC isn't required, and if we can target all SIDs present rather than trying to match names to SIDs, then 'reg.exe' and 'for' can do this quickly. Here's an example with sample output:
(Optional) Enum Profiles:
cmd:
for /f "delims= tokens=2" %A in ('reg query hku ^| findstr /i "S-1-5-21-" ^| findstr /v /i "_Classes"') do @echo ;[i] Profile Found: %A
output:
;[i] Profile Found: S-1-5-21-277974881-2357464463-7727422770-1001
;[i] Profile Found: S-1-5-21-277974881-2357464463-7727422770-1002
;[i] Profile Found: S-1-5-21-277974881-2357464463-7727422770-1007
Add Key+Value
cmd:
for /f "delims= tokens=2" %A in ('reg query hku ^| findstr /i "S-1-5-21-" ^| findstr /v /i "_Classes"') do @(reg add "hku%ASoftwareMicrosoftTerminal Server ClientDefaultAddinsFooKey" /v FooName /t REG_SZ /d "C:foofilefoo.dll" /f >nul 2>&1 && (echo ;[i] Reg Key Added %A) || (echo ;[i] Reg Key Failed To Add %A))
output:
;[i] Reg Key Added S-1-5-21-277974881-2357464463-7727422770-1001
;[i] Reg Key Added S-1-5-21-277974881-2357464463-7727422770-1002
;[i] Reg Key Added S-1-5-21-277974881-2357464463-7727422770-1007
(Optional) Verify Success:
cmd:
for /f "delims= tokens=2" %A in ('reg query hku ^| findstr /i "S-1-5-21-" ^| findstr /v /i "_Classes"') do @(reg query "hku%ASoftwareMicrosoftTerminal Server ClientDefaultAddinsFooKey" /v FooName 2>nul || echo ;[e] Couldn't Find Key %A)
output:
HKEY_USERSS-1-5-21-277974881-2357464463-7727422770-1001SoftwareMicrosoftTerminal Server ClientDefaultAddinsFooKey
FooName REG_SZ C:foofilefoo.dll
HKEY_USERSS-1-5-21-277974881-2357464463-7727422770-1002SoftwareMicrosoftTerminal Server ClientDefaultAddinsFooKey
FooName REG_SZ C:foofilefoo.dll
HKEY_USERSS-1-5-21-277974881-2357464463-7727422770-1007SoftwareMicrosoftTerminal Server ClientDefaultAddinsFooKey
FooName REG_SZ C:foofilefoo.dll
answered Mar 27 at 21:02
SecurityAndPrivacyGuruSecurityAndPrivacyGuru
1267
answered Mar 27 at 21:02
SecurityAndPrivacyGuruSecurityAndPrivacyGuru
1267
answered Mar 27 at 21:02
SecurityAndPrivacyGuruSecurityAndPrivacyGuru
1267
answered Mar 27 at 21:02
SecurityAndPrivacyGuruSecurityAndPrivacyGuru
1267
1267
Hey, thanks for this, looks good! I tried the first line as bat file, didn’t run, then in cmd window, %A was unexpected at this time, also if possible a quick run through of how the delims/tokens part works, always struggle getting head round that :-)
– Tika9o9
Mar 27 at 22:47
Made the %A %%A and it worked! For enum, so the S-1-5-21 part in the key is that always given to actual user accounts ? Thanks !
– Tika9o9
Mar 27 at 23:13
Yes, "S-1-5-21" means user account. The next 3 parts are the domain (which is either an AD domain, or the local "domain (aka, local computer), followed by the last part which is RID (aka sequential number of creation)).
– SecurityAndPrivacyGuru
Mar 29 at 13:42
Did that answer everything for you? :-)
– SecurityAndPrivacyGuru
Mar 29 at 13:42
As for delims/tokens, the "delims" is where to chop the line. In this example, I wanted to chop the line between back slashes (""). The "tokens" is which of the chopped parts you want back. Since you didn't want "HKEY_USERS", I only asked for the 2nd token back, which of course was the SID.
– SecurityAndPrivacyGuru
Mar 29 at 13:45
|
show 1 more comment
Hey, thanks for this, looks good! I tried the first line as bat file, didn’t run, then in cmd window, %A was unexpected at this time, also if possible a quick run through of how the delims/tokens part works, always struggle getting head round that :-)
– Tika9o9
Mar 27 at 22:47
Made the %A %%A and it worked! For enum, so the S-1-5-21 part in the key is that always given to actual user accounts ? Thanks !
– Tika9o9
Mar 27 at 23:13
Yes, "S-1-5-21" means user account. The next 3 parts are the domain (which is either an AD domain, or the local "domain (aka, local computer), followed by the last part which is RID (aka sequential number of creation)).
– SecurityAndPrivacyGuru
Mar 29 at 13:42
Did that answer everything for you? :-)
– SecurityAndPrivacyGuru
Mar 29 at 13:42
As for delims/tokens, the "delims" is where to chop the line. In this example, I wanted to chop the line between back slashes (""). The "tokens" is which of the chopped parts you want back. Since you didn't want "HKEY_USERS", I only asked for the 2nd token back, which of course was the SID.
– SecurityAndPrivacyGuru
Mar 29 at 13:45
Hey, thanks for this, looks good! I tried the first line as bat file, didn’t run, then in cmd window, %A was unexpected at this time, also if possible a quick run through of how the delims/tokens part works, always struggle getting head round that :-)
– Tika9o9
Mar 27 at 22:47
Hey, thanks for this, looks good! I tried the first line as bat file, didn’t run, then in cmd window, %A was unexpected at this time, also if possible a quick run through of how the delims/tokens part works, always struggle getting head round that :-)
– Tika9o9
Mar 27 at 22:47
Made the %A %%A and it worked! For enum, so the S-1-5-21 part in the key is that always given to actual user accounts ? Thanks !
– Tika9o9
Mar 27 at 23:13
Made the %A %%A and it worked! For enum, so the S-1-5-21 part in the key is that always given to actual user accounts ? Thanks !
– Tika9o9
Mar 27 at 23:13
Yes, "S-1-5-21" means user account. The next 3 parts are the domain (which is either an AD domain, or the local "domain (aka, local computer), followed by the last part which is RID (aka sequential number of creation)).
– SecurityAndPrivacyGuru
Mar 29 at 13:42
Yes, "S-1-5-21" means user account. The next 3 parts are the domain (which is either an AD domain, or the local "domain (aka, local computer), followed by the last part which is RID (aka sequential number of creation)).
– SecurityAndPrivacyGuru
Mar 29 at 13:42
Did that answer everything for you? :-)
– SecurityAndPrivacyGuru
Mar 29 at 13:42
Did that answer everything for you? :-)
– SecurityAndPrivacyGuru
Mar 29 at 13:42
As for delims/tokens, the "delims" is where to chop the line. In this example, I wanted to chop the line between back slashes (""). The "tokens" is which of the chopped parts you want back. Since you didn't want "HKEY_USERS", I only asked for the 2nd token back, which of course was the SID.
– SecurityAndPrivacyGuru
Mar 29 at 13:45
As for delims/tokens, the "delims" is where to chop the line. In this example, I wanted to chop the line between back slashes (""). The "tokens" is which of the chopped parts you want back. Since you didn't want "HKEY_USERS", I only asked for the 2nd token back, which of course was the SID.
– SecurityAndPrivacyGuru
Mar 29 at 13:45
|
show 1 more comment
Not sure if I am understanding your question. My first comment should have made it quite clear. You need to use a FOR /F command to capture the WMIC output. That is the only way you can assign the SID to a variable.
@echo off
REM Read file with user names
FOR /F "usebackq tokens=*" %%G in ("users.txt") do (
REM use user name to find SID
FOR /F "delims=" %%H IN ('"wmic useraccount where name='%%~G' get sid| findstr /vi "SID""') DO (
REM Strip trailing line with CR
FOR /F "delims= " %%I IN ("%%~H") DO (
REM %%I is now the SID of the USER
REG ADD "HKEY_USERS%%ISoftwareMicrosoftaddstuffhere" /f
REG ADD "HKEY_USERS%%ISoftwareMicrosoftaddstuffhere" /t REG_SZ /d "addstuffhere"" /f
)
)
)
answered Mar 24 at 7:00
SquashmanSquashman
9,44632033
That's exactly it, sorry for confusing you, I have tested and almost there the sid get extracted perfect but fails in the reg part, if I echo the variable to a text file seems there is some trailing spaces also meaning the reg part fails because it thinks the SID is wrong with the spaces at the back
– Tika9o9
Mar 24 at 7:12
Yes I fixed that with my last edit.
– Squashman
Mar 24 at 7:12
Wow, smashed it, that works, for some reason for Administrator account of the test machines works amazing, but for me logged on it says there is no instance available, might need to tweak WMIC to show all accounts, sorry to be a pain...appreciate this....
– Tika9o9
Mar 24 at 7:29
2
Piping from wmic.exe is far from ideal since it's hard coded to write OEM encoded text. Make sure the console codepage is set to whatever the OEM codepage is in order to avoid mojibake. But give up all hope if you have user names and profile paths with arbitrary Unicode characters. There's no way to handle that with a legacy codepage, unless you're running Windows 10 with the beta support enabled to set OEM/ANSI to UTF-8.
– eryksun
Mar 24 at 9:21
Also, I'm surprised that the profile is loaded for every name in your list. Normally it's only loaded for an interactive session, and eventually gets unloaded when then user logs off. I 'd expect that you'd have to manually load some of the ntuser.dat hive files to a temporary key.
– eryksun
Mar 24 at 9:23
|
show 1 more comment
Not sure if I am understanding your question. My first comment should have made it quite clear. You need to use a FOR /F command to capture the WMIC output. That is the only way you can assign the SID to a variable.
@echo off
REM Read file with user names
FOR /F "usebackq tokens=*" %%G in ("users.txt") do (
REM use user name to find SID
FOR /F "delims=" %%H IN ('"wmic useraccount where name='%%~G' get sid| findstr /vi "SID""') DO (
REM Strip trailing line with CR
FOR /F "delims= " %%I IN ("%%~H") DO (
REM %%I is now the SID of the USER
REG ADD "HKEY_USERS%%ISoftwareMicrosoftaddstuffhere" /f
REG ADD "HKEY_USERS%%ISoftwareMicrosoftaddstuffhere" /t REG_SZ /d "addstuffhere"" /f
)
)
)
answered Mar 24 at 7:00
SquashmanSquashman
9,44632033
That's exactly it, sorry for confusing you, I have tested and almost there the sid get extracted perfect but fails in the reg part, if I echo the variable to a text file seems there is some trailing spaces also meaning the reg part fails because it thinks the SID is wrong with the spaces at the back
– Tika9o9
Mar 24 at 7:12
Yes I fixed that with my last edit.
– Squashman
Mar 24 at 7:12
Wow, smashed it, that works, for some reason for Administrator account of the test machines works amazing, but for me logged on it says there is no instance available, might need to tweak WMIC to show all accounts, sorry to be a pain...appreciate this....
– Tika9o9
Mar 24 at 7:29
2
Piping from wmic.exe is far from ideal since it's hard coded to write OEM encoded text. Make sure the console codepage is set to whatever the OEM codepage is in order to avoid mojibake. But give up all hope if you have user names and profile paths with arbitrary Unicode characters. There's no way to handle that with a legacy codepage, unless you're running Windows 10 with the beta support enabled to set OEM/ANSI to UTF-8.
– eryksun
Mar 24 at 9:21
Also, I'm surprised that the profile is loaded for every name in your list. Normally it's only loaded for an interactive session, and eventually gets unloaded when then user logs off. I 'd expect that you'd have to manually load some of the ntuser.dat hive files to a temporary key.
– eryksun
Mar 24 at 9:23
|
show 1 more comment
Not sure if I am understanding your question. My first comment should have made it quite clear. You need to use a FOR /F command to capture the WMIC output. That is the only way you can assign the SID to a variable.
@echo off
REM Read file with user names
FOR /F "usebackq tokens=*" %%G in ("users.txt") do (
REM use user name to find SID
FOR /F "delims=" %%H IN ('"wmic useraccount where name='%%~G' get sid| findstr /vi "SID""') DO (
REM Strip trailing line with CR
FOR /F "delims= " %%I IN ("%%~H") DO (
REM %%I is now the SID of the USER
REG ADD "HKEY_USERS%%ISoftwareMicrosoftaddstuffhere" /f
REG ADD "HKEY_USERS%%ISoftwareMicrosoftaddstuffhere" /t REG_SZ /d "addstuffhere"" /f
)
)
)
answered Mar 24 at 7:00
SquashmanSquashman
9,44632033
Not sure if I am understanding your question. My first comment should have made it quite clear. You need to use a FOR /F command to capture the WMIC output. That is the only way you can assign the SID to a variable.
@echo off
REM Read file with user names
FOR /F "usebackq tokens=*" %%G in ("users.txt") do (
REM use user name to find SID
FOR /F "delims=" %%H IN ('"wmic useraccount where name='%%~G' get sid| findstr /vi "SID""') DO (
REM Strip trailing line with CR
FOR /F "delims= " %%I IN ("%%~H") DO (
REM %%I is now the SID of the USER
REG ADD "HKEY_USERS%%ISoftwareMicrosoftaddstuffhere" /f
REG ADD "HKEY_USERS%%ISoftwareMicrosoftaddstuffhere" /t REG_SZ /d "addstuffhere"" /f
)
)
)
answered Mar 24 at 7:00
SquashmanSquashman
9,44632033
edited Mar 24 at 7:05
answered Mar 24 at 7:00
SquashmanSquashman
9,44632033
answered Mar 24 at 7:00
SquashmanSquashman
9,44632033
answered Mar 24 at 7:00
SquashmanSquashman
9,44632033
9,44632033
That's exactly it, sorry for confusing you, I have tested and almost there the sid get extracted perfect but fails in the reg part, if I echo the variable to a text file seems there is some trailing spaces also meaning the reg part fails because it thinks the SID is wrong with the spaces at the back
– Tika9o9
Mar 24 at 7:12
Yes I fixed that with my last edit.
– Squashman
Mar 24 at 7:12
Wow, smashed it, that works, for some reason for Administrator account of the test machines works amazing, but for me logged on it says there is no instance available, might need to tweak WMIC to show all accounts, sorry to be a pain...appreciate this....
– Tika9o9
Mar 24 at 7:29
2
Piping from wmic.exe is far from ideal since it's hard coded to write OEM encoded text. Make sure the console codepage is set to whatever the OEM codepage is in order to avoid mojibake. But give up all hope if you have user names and profile paths with arbitrary Unicode characters. There's no way to handle that with a legacy codepage, unless you're running Windows 10 with the beta support enabled to set OEM/ANSI to UTF-8.
– eryksun
Mar 24 at 9:21
Also, I'm surprised that the profile is loaded for every name in your list. Normally it's only loaded for an interactive session, and eventually gets unloaded when then user logs off. I 'd expect that you'd have to manually load some of the ntuser.dat hive files to a temporary key.
– eryksun
Mar 24 at 9:23
|
show 1 more comment
That's exactly it, sorry for confusing you, I have tested and almost there the sid get extracted perfect but fails in the reg part, if I echo the variable to a text file seems there is some trailing spaces also meaning the reg part fails because it thinks the SID is wrong with the spaces at the back
– Tika9o9
Mar 24 at 7:12
Yes I fixed that with my last edit.
– Squashman
Mar 24 at 7:12
Wow, smashed it, that works, for some reason for Administrator account of the test machines works amazing, but for me logged on it says there is no instance available, might need to tweak WMIC to show all accounts, sorry to be a pain...appreciate this....
– Tika9o9
Mar 24 at 7:29
2
Piping from wmic.exe is far from ideal since it's hard coded to write OEM encoded text. Make sure the console codepage is set to whatever the OEM codepage is in order to avoid mojibake. But give up all hope if you have user names and profile paths with arbitrary Unicode characters. There's no way to handle that with a legacy codepage, unless you're running Windows 10 with the beta support enabled to set OEM/ANSI to UTF-8.
– eryksun
Mar 24 at 9:21
Also, I'm surprised that the profile is loaded for every name in your list. Normally it's only loaded for an interactive session, and eventually gets unloaded when then user logs off. I 'd expect that you'd have to manually load some of the ntuser.dat hive files to a temporary key.
– eryksun
Mar 24 at 9:23
That's exactly it, sorry for confusing you, I have tested and almost there the sid get extracted perfect but fails in the reg part, if I echo the variable to a text file seems there is some trailing spaces also meaning the reg part fails because it thinks the SID is wrong with the spaces at the back
– Tika9o9
Mar 24 at 7:12
That's exactly it, sorry for confusing you, I have tested and almost there the sid get extracted perfect but fails in the reg part, if I echo the variable to a text file seems there is some trailing spaces also meaning the reg part fails because it thinks the SID is wrong with the spaces at the back
– Tika9o9
Mar 24 at 7:12
Yes I fixed that with my last edit.
– Squashman
Mar 24 at 7:12
Yes I fixed that with my last edit.
– Squashman
Mar 24 at 7:12
Wow, smashed it, that works, for some reason for Administrator account of the test machines works amazing, but for me logged on it says there is no instance available, might need to tweak WMIC to show all accounts, sorry to be a pain...appreciate this....
– Tika9o9
Mar 24 at 7:29
Wow, smashed it, that works, for some reason for Administrator account of the test machines works amazing, but for me logged on it says there is no instance available, might need to tweak WMIC to show all accounts, sorry to be a pain...appreciate this....
– Tika9o9
Mar 24 at 7:29
2
2
Piping from wmic.exe is far from ideal since it's hard coded to write OEM encoded text. Make sure the console codepage is set to whatever the OEM codepage is in order to avoid mojibake. But give up all hope if you have user names and profile paths with arbitrary Unicode characters. There's no way to handle that with a legacy codepage, unless you're running Windows 10 with the beta support enabled to set OEM/ANSI to UTF-8.
– eryksun
Mar 24 at 9:21
Piping from wmic.exe is far from ideal since it's hard coded to write OEM encoded text. Make sure the console codepage is set to whatever the OEM codepage is in order to avoid mojibake. But give up all hope if you have user names and profile paths with arbitrary Unicode characters. There's no way to handle that with a legacy codepage, unless you're running Windows 10 with the beta support enabled to set OEM/ANSI to UTF-8.
– eryksun
Mar 24 at 9:21
Also, I'm surprised that the profile is loaded for every name in your list. Normally it's only loaded for an interactive session, and eventually gets unloaded when then user logs off. I 'd expect that you'd have to manually load some of the ntuser.dat hive files to a temporary key.
– eryksun
Mar 24 at 9:23
Also, I'm surprised that the profile is loaded for every name in your list. Normally it's only loaded for an interactive session, and eventually gets unloaded when then user logs off. I 'd expect that you'd have to manually load some of the ntuser.dat hive files to a temporary key.
– eryksun
Mar 24 at 9:23
|
show 1 more comment
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55320994%2fuse-list-of-windows-accounts-to-add-reg-keys-using-sids%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
You have to use a
FOR /Fcommand to retrieve theWMICoutput.– Squashman
Mar 24 at 6:29
Thanks, but the problem I’m having is isolating the actual Sid for the user in the text file?
– Tika9o9
Mar 24 at 6:34
Your input file example does not show the SIDS with the usernames. How is anyone supposed to know what format it is in? Why are you using WMIC if you already have the username and SID?
– Squashman
Mar 24 at 6:39
That’s the point, I don’t know the Sid, it’s a standard notepad text file Utf-8, so I want to match the user name in the text file against the output of WMIC command , get the Sid for that user, then write a reg key against the users Sid ID in hkey users
– Tika9o9
Mar 24 at 6:42
You are really confusing the hell out of me. I am looking at your previous questions about this same topic and you seem to have all the information you need in your previous questions.
– Squashman
Mar 24 at 6:47