Is there a method or utility I could use to enumerate a list of Registry keys currently configured with a particular owner - which I specify? It would be preferable to be able to specify the desired owner by SID, but I am open to alternative methods/suggestions.
I am dealing with migrating a user from a (crashed) domain onto a local workgroup, and in this case, there is only the local copy of the user's profile (including the user's registry hive) available - no domain controller. I have successfully copied this locally-cached domain profile onto a new profile structure (new user), but one small challenge remains.
I updated the security on the registry to provide full access to the new user, and that has worked perfectly for the majority of the software on the computer. However, I noticed two programs which were not quite behaving 100%. I determined that, in both cases, the Owner appeared to be the old/domain user (an unresolvable SID). I changed the owner to be the new user, and that resolved the issues.
My concern is, there are probably a few other similar cases in the registry which are waiting to eventually make their presence known. Rather than deal with this on a ongoing and per-complaint basis, I would rather proactively search the registry to identify any remaining keys which are flagged with the now-non-existent (domain-user) owner. Once I have identified them, updating the ownership will be a snap.
Thanks in advance for any insight.