13

How to change or edit registry values of other user than the current user? I know the credentials of that other user.

Saw
  • 6,199
  • 11
  • 53
  • 104

2 Answers2

11

You can impersonate the user and then change the registry for that current context. Here are a couple of resources on C# and Impersonation:

What you want to do is something like this (pseudo):

using(var impersonation = new Impersonate(username,password))
{
    ChangeRegistry(keys, values);
}

And when the impersonation is disposed, you are back using the running user again. Here is an example implementation of an Impersonate class that implements IDisposable to act like the pseudo-exampel shown above and here is another example.

Here is an example on how you change registry values:

var registry = Registry.CurrentUser;
var key =
registry.OpenSubKey(
   @"HKEY_CURRENT_USER\Some\Path\That\You\Want\ToChange", true);

key.SetValue(null, "");              
Registry.CurrentUser.Flush();

Update

So what you need to do in order to access HKCU is that you also have to load the user profile. This is done by invoking another Win32 Method that is called LoadUserProfile. There's a complete example here that you can use, but I'm going to include the important bits here.

First you need to include the Win32 methods like this:

[DllImport("userenv.dll", SetLastError = true, CharSet = CharSet.Auto)]
public static extern bool LoadUserProfile(IntPtr hToken, 
                                         ref ProfileInfo lpProfileInfo);

[DllImport("userenv.dll",  CallingConvention = CallingConvention.Winapi, 
                           SetLastError = true, CharSet = CharSet.Auto)]
public static extern bool UnloadUserProfile(IntPtr hToken, 
                                                   IntPtr lpProfileInfo);

Inside your impersonation using-block you need to do the following:

ProfileInfo profileInfo = new ProfileInfo();
profileInfo.dwSize = Marshal.SizeOf(profileInfo);
profileInfo.lpUserName = userName;
profileInfo.dwFlags = 1;
Boolean loadSuccess = LoadUserProfile(tokenDuplicate, ref profileInfo);

And after this you should be able to access the HKCU. When you're done, you need to unload the profile using UnloadUserProfile(tokenDuplicate, profileInfo.hProfile);.

Community
  • 1
  • 1
Filip Ekberg
  • 36,033
  • 20
  • 126
  • 183
  • Thanks very much but it didn't work, it changed the registry of current user and not the impersonated user! – Saw Jul 03 '11 at 17:14
  • Are you sure that the impersonation worked out? You can try and print out the current user identity and see who it really is. Also, is this and ASP.NET applications or a Windows application? If it is a Web-application, you need to allow impersonation. – Filip Ekberg Jul 03 '11 at 17:16
  • No, it is an WPF app. using (ImpersonatedUser im = new ImpersonatedUser("aaa", Environment.MachineName, "1")) { Registry.CurrentUser.CreateSubKey("TMP10"); Registry.CurrentUser.Flush(); } It created the key in the current user but no in 'aaa' :( – Saw Jul 03 '11 at 17:24
  • Ok, and if you print out `Environment.UserName` does it give you the correct user? – Filip Ekberg Jul 03 '11 at 17:28
  • It gives the impersonated user, the impersonation is ok! – Saw Jul 03 '11 at 17:31
  • Ok, did you try the example from CodePlex? – Filip Ekberg Jul 04 '11 at 10:35
  • Thannnnks it worked, the mistake was that I'm using the HKCU immediately without using:RegistryKey tempUserHKCU = RegistryKey.FromHandle(safeHandle); – Saw Jul 04 '11 at 11:04
6

You have two options. You can impersonate that user if you have their credentials as Filip Ekberg better demonstrates; or

HKCU is just a symbolic link for one of the keys under HKEY_USERS. If you know the SID of that user, then you can find it in there. You can get the SID as so:

var account = new NTAccount("userName");
var identifier = (SecurityIdentifier)account.Translate(typeof(SecurityIdentifier));
var sid = identifier.Value;

The better option is to impersonate. The second option might work better when you don't know that user's credentials. The disadvantage is you will need administrative rights to write in someone else's account.

vcsjones
  • 138,677
  • 31
  • 291
  • 286
  • The impersonation did not work, but the sid is useful but i clashed with unauthorized access exception, although the UAC is off and i am an administrator! – Saw Jul 03 '11 at 17:22
  • @MSS, try request elevated permissions. – Filip Ekberg Jul 03 '11 at 17:33
  • It worked, my mistake was that I've opened the key for reading!! the mistake: var key = Registry.Users.OpenSubKey(sid); the right is :var key = Registry.Users.OpenSubKey(sid. true);!!! – Saw Jul 04 '11 at 10:31
  • But i need more neat way to do that, such as impersonation but it didn't work! – Saw Jul 04 '11 at 10:31
  • HKEY_CURRENT_USER is a symbolic link to sub folders in HKEY_USERS\. You can use sid and select the current folder and change the key values. It will reflect on the HKEY_CURRENT_USER when the user is logged on. – amilamad Apr 05 '19 at 08:39
  • Note that `HKEY_USERS\` only exists when the user is logged in as well. You can verify that with the registry editor. If the user is not logged in, you'd have to load the users' `NTUSER.DAT` which is the registry hive and then modify it. – Thomas Glaser Dec 14 '20 at 10:17