Accessing another user registry on Win2k prof.

I have a Win2k prof. stand-alone PC with 3 users (A, B and C) and me (D) as the admin. I want to modify A's registry values while being logged in as D (admin). How can I do that?

That is, how can I edit another user's registry (the equivalent on my own HKEY_CURRENT_USER hive)?

This, for instance, to forbid only user A to run program foo.exe. Or to lock only user A's desktop bitmap, etc.
dncmrcAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MSGeekCommented:
You would not accomplish this through policy modifications directly, but through a local security policy.  Start - Settings - Control Panel - Administrative Tools - Local Security Policy. There are a number of templates that may be imported here.

You may want to read this KB article so your changes do not apply to the administrator: http://support.microsoft.com/default.aspx?scid=kb;en-us;293655
0
Dave HoweSoftware and Hardware EngineerCommented:
Fairly easy
1. run RegEdt32
2. select the HKEY_USERS window
3. select Registry>>Load Hive
4. navigate to c:\documents and settings\<username>
5. select ntuser.dat (you may need to use the "show hidden files" and "show system files" options in folder setup, or you can just type it into the box
6. give it a key name of <username>
7. repeat for the other user

HKEY_USERS should now have an extra two entries in the root - which are your two user's HKEY_CURRENT_USER hives.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
NEOsporinCommented:
open "regedit" or even "regedt32" for regedt32 go to Registry, select computer, either navigate to it, or type \\computername or even \\IP_of_remote_pc. If your logged in as admin that will be no problem. for "regedit" go to Registry, connect to remote registry. Then you just navigate down the registry as if you were on your own machine, settings are changed and added just the same.
-NEO
0
ON-DEMAND: 10 Easy Ways to Lose a Password

Learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees in this on-demand webinar. We cover the importance of multi-factor authentication and how these solutions can better protect your business!

MSGeekCommented:
NEOsporin.. your losing your touch  :)  Read his question again.  It's one workstation :)
0
GoldwingCommented:
/me is looking at NEOsporin, and thinking... this is why your parents said... "stay off the booze"
0
GoldwingCommented:
<grin>
0
NT_XP_GodfatherCommented:
MSGeek is right. Your only way out is a template. Unfortunately the template is native to Windows XP but not Windows 2000. I am not sure if copying the Reg keys from Windows XP registry to a Win2K registry would help.
Also, I have used the appsec.exe utility from the resource kit on a windows 2000 server but not workstation. You may want to give that a try also.
0
MSGeekCommented:
NT_XP_Godfather..

>> Unfortunately the template is native to Windows XP but not Windows 2000

FYI, XP policy templates (adm files) are fully backward compatible with Win2k.
0
NEOsporinCommented:
Yeah- i didn't have my coffee... oops. Next Time Gadget...Next time.
-NEO
0
dncmrcAuthor Commented:
Thanks Dave. And then I guess SaveAs...NTUSER.DAT.
0
MSGeekCommented:
dncmrc.. Dave definitely provided the direct response too your question, I am just curious as to whether a local security policy would have accomplished what you are attempting to do?  I know for the examples you cited it would, perhaps there are other tasks you are trying to accomplish?
0
dncmrcAuthor Commented:
MSGeek, in my understanding local security policy allows only for a admin. vs all_other_users dichotomy. What I am looking for is a user_by_user differentiation.

I want to prevent just one of my "users" (i.e. kids) to run mIRC and hang there for hours every day. I want also to configure for the same "user" the Poweroff utility (http://users.pandora.be/jbosman/applications.html) to limit his logon time.
0
MSGeekCommented:
Thanks for the great feedback.  I recently configured policies for a large school district so I know what your up against.  Best of luck, hopefully you can get them on a domain where you can afford seperate policies for Technicians, Adults and Students.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.