Solved

VB6 how to load other user registry hives and write the content of a .reg file

Posted on 2010-08-23
9
827 Views
Last Modified: 2012-05-10
Hi Experts,

Is anyone able to help me with programetically loading the regsitry hives for each user on the computer (one at a time) and write the contents of an existing .reg file to each of the user's registry ?

Thanks in advance
0
Comment
Question by:meperera
  • 5
  • 4
9 Comments
 
LVL 42

Expert Comment

by:sedgwick
ID: 33508137
if you wish to change the registry entry for all users on a single machine, simply modify the LOCAL_MACHINE registry hive.
can you post an example of .reg file you wish to write to the registry?
0
 

Author Comment

by:meperera
ID: 33508573
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Options]
"PROGRAMDIR"="C:\\Program Files\\Microsoft Office\\Office12\\"
"FirstRun"=dword:00000000
"OptionsDlgSizePos"=hex:48,03,00,00,ad,02,00,00,5c,00,00,00,1b,00,00,00,00,00,\
  00,00
"SQLSecurityCheck"=dword:00000000


[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Security]
"Security Levels"=dword:00000000
"AccessVBOM"=dword:00000001
"VBAWarnings"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Security\Trusted Locations]

[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Security\Trusted Locations\Location0]
"Path"=hex(2):25,00,41,00,50,00,50,00,44,00,41,00,54,00,41,00,25,00,5c,00,4d,\
  00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,54,00,65,00,6d,00,\
  70,00,6c,00,61,00,74,00,65,00,73,00,00,00
"Description"="0"

[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Security\Trusted Locations\Location1]
"AllowSubFolders"=dword:00000001
"Path"="C:\\Program Files\\Microsoft Office\\Templates\\"
"Description"="1"

[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Security\Trusted Locations\Location2]
"Path"=hex(2):25,00,41,00,50,00,50,00,44,00,41,00,54,00,41,00,25,00,5c,00,4d,\
  00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,6f,00,72,00,\
  64,00,5c,00,53,00,74,00,61,00,72,00,74,00,75,00,70,00,00,00
"Description"="2"

0
 
LVL 42

Expert Comment

by:sedgwick
ID: 33508594
can u check if the registry path in this file are also existed in the LOCAL_MACHINE?
0
 

Author Comment

by:meperera
ID: 33508767
Thanks sedgwick,

I did. Unfortunately they don't exist in the LOCAL_MACHINE key. I have so far managed to load each user's registry hive through my program. What I'm having difficulties with is to run the reg file so it would get inserted in to the loaded hive.

Many thanks again
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 42

Expert Comment

by:sedgwick
ID: 33508772
how did u load each user's registry hive ?
0
 

Author Comment

by:meperera
ID: 33508830
With the following code
Private Const TOKEN_ADJUST_PRIVLEGES = &H20

Private Const TOKEN_QUERY = &H8

Private Const SE_PRIVILEGE_ENABLED = &H2

Private Const HKEY_USERS = &H80000003

Private Const SE_RESTORE_NAME = "SeRestorePrivilege"

Private Const SE_BACKUP_NAME = "SeBackupPrivilege"



Private Declare Function GetCurrentProcess Lib "kernel32" () As Long



Private Declare Function OpenProcessToken Lib "advapi32.dll" _

        (ByVal ProcessHandle As Long, ByVal DesiredAccess As Long, _

        TokenHandle As Long) As Long



Private Declare Function LookupPrivilegeValue Lib "advapi32.dll" Alias _

        "LookupPrivilegeValueA" (ByVal lpSystemName As String, _

        ByVal lpName As String, lpLuid As LUID) As Long



Private Declare Function AdjustTokenPrivileges Lib "advapi32.dll" _

        (ByVal TokenHandle As Long, ByVal DisableAllPrivileges As Long, _

        NewState As TOKEN_PRIVILEGES, ByVal BufferLength As Long, _

        ByVal PreviousState As Long, ByVal ReturnLength As Long) As Long



Private Declare Function RegLoadKey Lib "advapi32.dll" Alias "RegLoadKeyA" _

        (ByVal hKey As Long, ByVal lpSubKey As String, ByVal lpFile As String) _

        As Long



Private Declare Function RegUnLoadKey Lib "advapi32.dll" Alias "RegUnLoadKeyA" _

        (ByVal hKey As Long, ByVal lpSubKey As String) As Long



Private RetVal As Long

Private strKeyName As String

Private MyToken As Long

Private TP As TOKEN_PRIVILEGES

Private RestoreLuid As LUID

Private BackupLuid As LUID

Public regusrs As String







Public Function OffLineReg(Usr As String, regv As Integer, ByVal prof As String)

    strKeyName = "OasisKey"







    RetVal = OpenProcessToken(GetCurrentProcess, TOKEN_ADJUST_PRIVLEGES _

            Or TOKEN_QUERY, MyToken)





    RetVal = LookupPrivilegeValue(vbNullString, SE_RESTORE_NAME, _

            RestoreLuid)





    RetVal = LookupPrivilegeValue(vbNullString, SE_BACKUP_NAME, BackupLuid)





    TP.PrivilegeCount = 2

    TP.Privileges(0).pLuid = RestoreLuid

    TP.Privileges(0).Attributes = SE_PRIVILEGE_ENABLED

    TP.Privileges(1).pLuid = BackupLuid

    TP.Privileges(1).Attributes = SE_PRIVILEGE_ENABLED



    RetVal = AdjustTokenPrivileges(MyToken, vbFalse, TP, Len(TP), 0&, 0&)







    RetVal = RegLoadKey(HKEY_USERS, strKeyName, Usr)

    If RetVal = 0 Then regusrs = regusrs & vbNewLine & prof

    Select Case regv

        Case 1

            FileCopy "WORDXPG.reg", "C:\WORDXPG.reg"

            Call ShellAndWait("regedit /s C:\WORDXPG.reg ", 4)

            Kill "C:\WORDXPG.reg"

        Case 2

            FileCopy "WORD2003G.reg", "C:\WORD2003G.reg"

            Call ShellAndWait("regedit /s C:\WORD2003G.reg ", 4)

            Kill "C:\WORD2003G.reg"

        Case 3

            FileCopy "WORD2007G.reg", "C:\WORD2007G.reg"

            Call ShellAndWait("regedit /s C:\WORD2007G.reg ", 4)

            Kill "C:\WORD2007G.reg"

        Case 4

            FileCopy "WORD2010G.reg", "C:\WORD2010G.reg"

            Call ShellAndWait("regedit /s C:\WORD2010G.reg ", 4)

            Kill "C:\WORD2010G.reg"

        Case Else



    End Select



    RetVal = RegUnLoadKey(HKEY_USERS, strKeyName)







End Function

Open in new window

0
 
LVL 42

Expert Comment

by:sedgwick
ID: 33509471
in the reg file you've posted earlier (ID:33508573) there are 6 registry entries.
are they correspondent to the 6 users of the machine?
0
 
LVL 42

Accepted Solution

by:
sedgwick earned 500 total points
ID: 33509499
i guess u meant to run this reg file for each of the users, which mean under HKEY_USERS.
under HKEY_USERS there the SIDs entries of each user.
do i guess the reg file should modified as such:

assume the following HKEY_USERS SIDs:

s-1-2-3
s-1-2-4
s-1-2-5

then the.reg file should be modified like this:

[HKEY_USERS\s-1-2-3\Software\Microsoft\Office\14.0\Word\Options]
"PROGRAMDIR"="C:\\Program Files\\Microsoft Office\\Office12\\"
"FirstRun"=dword:00000000
"OptionsDlgSizePos"=hex:48,03,00,00,ad,02,00,00,5c,00,00,00,1b,00,00,00,00,00,\
  00,00
"SQLSecurityCheck"=dword:00000000


[HKEY_USERS\s-1-2-3\Software\Microsoft\Office\14.0\Word\Security]
"Security Levels"=dword:00000000
"AccessVBOM"=dword:00000001
"VBAWarnings"=dword:00000001

[HKEY_USERS\s-1-2-3\Software\Microsoft\Office\14.0\Word\Security\Trusted Locations]

[HKEY_USERS\s-1-2-3\Software\Microsoft\Office\14.0\Word\Security\Trusted Locations\Location0]
"Path"=hex(2):25,00,41,00,50,00,50,00,44,00,41,00,54,00,41,00,25,00,5c,00,4d,\
  00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,54,00,65,00,6d,00,\
  70,00,6c,00,61,00,74,00,65,00,73,00,00,00
"Description"="0"

[HKEY_USERS\s-1-2-3\Software\Microsoft\Office\14.0\Word\Security\Trusted Locations\Location1]
"AllowSubFolders"=dword:00000001
"Path"="C:\\Program Files\\Microsoft Office\\Templates\\"
"Description"="1"

[HKEY_USERS\s-1-2-3\Software\Microsoft\Office\14.0\Word\Security\Trusted Locations\Location2]
"Path"=hex(2):25,00,41,00,50,00,50,00,44,00,41,00,54,00,41,00,25,00,5c,00,4d,\
  00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,6f,00,72,00,\
  64,00,5c,00,53,00,74,00,61,00,72,00,74,00,75,00,70,00,00,00
"Description"="2"

and same thing to every SID.


is that what you are looking for?



0
 

Author Comment

by:meperera
ID: 33519837
Thank you so much. That gave me the basic idea. I went on and loaded each hive and wrote to the registry through coding instead of trying to run the .reg file.

That did the trick. Really appreciate your assistance.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

The debugging module of the VB 6 IDE can be accessed by way of the Debug menu item. That menu item can normally be found in the IDE's main menu line as shown in this picture.   There is also a companion Debug Toolbar that looks like the followin…
If you have ever used Microsoft Word then you know that it has a good spell checker and it may have occurred to you that the ability to check spelling might be a nice piece of functionality to add to certain applications of yours. Well the code that…
Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…
Get people started with the utilization of class modules. Class modules can be a powerful tool in Microsoft Access. They allow you to create self-contained objects that encapsulate functionality. They can easily hide the complexity of a process from…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now