You need to change / read / add the Shell variable in the Windows registry along the path \ HKEY_USERS \\ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon for each user. However, only users who are logged in are located in \ HKEY_USERS \. If I correctly understood from the articles on the Internet, then I need to load user hives into the registry stored in C: \ Users \ <Username> \ NTUSER.DAT, which I tried to do:

[DllImport("advapi32.dll", SetLastError = true)] static extern Int32 RegLoadKey(UInt32 hKey, String lpSubKey, String lpFile); public enum HKEY : uint { LOCAL_MACHINE = 0x80000002, USERS = 0x80000003 } static void LoadUserHive() { string path = "C:\\Users\\Max\\NTUSER.DAT"; string SID = "S-1-5-21-2185061059-2250993091-2609513880-1001"; RegLoadKey((uint)HKEY.USERS, SID, path); }

The code runs without errors, but the user’s hive in \ HKEY_USERS \ is not observed.

Tell me what I'm doing wrong

  • What is куст пользователя ? - tym32167
  • Tell me what I'm doing wrong Manually doing something for which there are automated tools. Create a task in the scheduler to create this key when any user logon - unconditional or only in the absence. If I correctly understood from the articles on the Internet, then I need to load user hives into the registry stored in C: \ Users \ <Username> \ NTUSER.DAT, which I tried to do Yeah ... without checking if there are any rights, is is this profile the profile of an interactive user, is it disabled, etc. ... - Akina
  • The @ tym32167 Registry Bush is a group of sections, subsections, and registry settings with a set of supporting files that contain backup copies of this data. support.microsoft.com/ru-ru/help/256986/… - svolex
  • Cool, thanks. The first time I hear such a term :) - tym32167
  • @Akina This is checked in the program. Specifically, the user Max from the issue is good, it is turned on and not interactive. As for the option with the Task Scheduler, it will not work, since in addition to the recording, the program also needs to read this variable [Shell along the path \ HKEY_USERS \\ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon] (I'm sorry, I forgot to specify in the question ) - svolex

1 answer 1

In this case, RegLoadKey() does not throw exceptions in case of an error. The RegLoadKey() function returns zero if RegLoadKey() , or an int error code defined in Winerror.h (the class for expanding error codes for C # can be taken from here http://www.pinvoke.net/default.aspx/Constants.WINERROR ).

In addition to administrator rights, the SE_RESTORE_NAME and SE_BACKUP_NAME privileges are also required to perform the function. The installation process is described for C ++ here https://docs.microsoft.com/ru-ru/windows/desktop/SecAuthZ/enabling-and-disabling-privileges-in-c-- . It will not be difficult to translate the code from this example into C #. Or you can use a ready-made class for C # https://pastebin.com/R5HxeHnm .