Solved

Reading registry key from HKCU and not hklm

Posted on 2016-10-18
10
64 Views
Last Modified: 2016-11-03
Hello.
We have a program, which is access by various users using remote desktop, and a program which uses hklm for storing custom settings. Each time one user mąkę changes to their settings,  they are populated to all users. Is there any way (registry tool for example) that could force this program to use HKCU instead?
0
Comment
Question by:Rafał Kowalski
  • 3
  • 2
  • 2
10 Comments
 
LVL 23

Assisted Solution

by:Dr. Klahn
Dr. Klahn earned 125 total points
ID: 41849493
Question:  Is the program in question a commercial product, which is already compiled, and you do not have the source to it?

If that is the case, the answer is no.  The name of the key is compiled into the program.  A change such as this requires changing the source program and recompiling it.
0
 
LVL 62

Assisted Solution

by:☠ MASQ ☠
☠ MASQ ☠ earned 125 total points
ID: 41849497
It's unlikely as where the registry is written to depends on the programming.
Assume you have no support from the publisher. Is it written for multiple users?  
Also because your users are using RDP the remote machine is running as a single user so this would be expected behaviour.  The program "thinks" that single user keeps changing their mind about how the settings should be stored.
0
 
LVL 32

Expert Comment

by:sarabande
ID: 41849562
you may try the following:

copy key and all entries to hkcu. then rename the key in hklm.

reboot and check what happened.

it is a chance that the program detects where it gets its registry data from and after that worked correctly.

Sara
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 23

Expert Comment

by:Dr. Klahn
ID: 41870272
The comments by myself and Masqueraid directly address the question, "Is it possible to ..."?

The answer is, "No, it is not, under these circumstances."

The fact that it is not possible to do X does not mean that the comments have no merit.  The question should be closed with points so that the answers can remain available for future similar cases.
0
 
LVL 62

Expert Comment

by:☠ MASQ ☠
ID: 41870692
Sara, normally I'd agree with that disposition but I'm not aware of any software that has a failback to HKCU if the search at HKLM fails - if you can show an example I'm happy to go with the delete otherwise I'd agree with Dr. Klahn's summary that this time the correct answer is "You can't do that".

Can we sit it in the RA queue for arbitration?
0
 
LVL 32

Accepted Solution

by:
sarabande earned 250 total points
ID: 41871000
>> I'm not aware of any software that has a failback to HKCU if the search at HKLM fails

I know many applications which have  a fallback to HKLM if access to HKCU failed. The other direction is indeed somewhat strange.

I am a Windows programmer since 1990 if I remember rightly. We used win.ini file and later own Inifiles which were located with the application and later in a data folder.  After 2000 MS mapped Inifiles to the registry, see

https://support.microsoft.com/en-us/kb/102889

The Default Path was \HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\IniFileMapping

With the Profile API the Developers could add options to their entries to change the default behavior, for example by specifying

>>      USR: - This prefix stands for HKEY_CURRENT_USER, and the text after the prefix is relative to that key.

Even Visual Studio itself changed their Settings from HKLM to HKCU in VS.NET because many Users run VS with no admin rights and couldn't change important options (like new Active-X Add-Ons) after that (even today I run VS 2010 'as Administrator or some of my batch scripts would fail to install 3rd-Party components to the registry). I don't know whether they do a fallback to HKLM now, but I am pretty sure they did in the early 2000 years.

Anyway, if an application used HKLM settings, these settings only could be changed by an Admin User. In the original post we had the information, that the application runs at a server machine and the Clients are using Remote Desktop. Is it likely that all Users have local admin rights at the Server? Perhaps. If that is true, it also it might be possible, that the application stores their variables in HKLM and only there. It could even be that this is an intended behavior to prevent non-Admin Users from changing the settings. It also could be that the application still was maintained and that it was possible to get the issue changed.

We didn't get an answer from the Asker (not even now) and therefore all this is pure speculation.

>> Can we sit it in the RA queue for arbitration?

Of course. Moderators please decide at your convenience.

Sara
0
 
LVL 62

Expert Comment

by:☠ MASQ ☠
ID: 41871001
Thanks Sara,  that history usefully describes why HKCU can failback to HKLM but, because of the registry heirarchy, won't work the other way around. It also adds value to this thread and is point worthy in itself.

Not sure why the thread has defaulted back to 4 day delete, so just resetting so the RA can get picked up on.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now