使用Windows帐户列表使用SIDS添加注册表项 [英] Use List of Windows accounts to add reg keys using SIDS
问题描述
项目
作为第三方工程师,我正在一个网站上安装软件.基础架构是非常"的.锁定.我将获得当天安装该软件的管理员帐户.但是,为了让该软件对所有用户有效(不仅仅是管理员登录),IT部门已指示我.手动创建KEY,然后为PC上的每个用户帐户在创建的密钥内添加字符串值.我们在标准环境中的软件使用所有用户的注册码来满足此要求,但在这些特定位置无法运行(不允许-不要问!).
As a third party engineer I am attending a site to install a piece of Software. The Infrastructure is "very" locked down. I will be supplied with an admin account for the day to install the software. However, to make the software work properly FOR ALL USERS (not just admin logged in) I have been instructed by IT dept. to manually create a KEY and then add a string value within created key for every user account on the PC. Our software in a standard environment caters for this with an all users reg key but it doesn't run (not allowed - don't ask!) in these specific places.
他们想要KEY的位置在reg的HKEY_USERS路径内:-
The location of where they want the the KEY is within the HKEY_USERS path in the reg:-
HKEY_USERS \ S-1-5-21-XXXXXXXXX-XXXXXXXXX-XXXXXXXXXX-XXXXX \ Software \ Microsoft \
HKEY_USERS\S-1-5-21-XXXXXXXXX-XXXXXXXXX-XXXXXXXXXX-XXXXX\Software\Microsoft\
所以可以说有2个人登录了这台PC,以后需要使用我们的软件
so lets say 2 people logged in this PC and they need to use our software later on
john.jones
john.jones
mary.shelley
mary.shelley
我需要找到与约翰·琼斯有关的sid,然后将密钥添加到他在HKEY_USERS中的部分
I need to find the sid relating to john jones and go and add the key to his section in HKEY_USERS
然后我需要找到mary.shelley sid,然后转到其HKEY_USERS部分的密钥,依此类推.
I then need to find mary.shelley sid and then go and the key to her HKEY_USERS section, etc.
现在我从我所处的环境中知道那里可能有20多个用户帐户,因此,我真的想避免一遍又一遍地为我要安装的每台PC上的所有帐户手动添加密钥.
Now I know from the environments I work in there could be 20 + user acounts on there so really would like to avoid manually adding they keys over and over for all the accounts on every PC I'm installing at.
登录脚本会更好,但这是我目前必须处理的所有事情.
A log on script would be better, but this all I have to deal with at present.
脚本状态
@echo off
REM Read file with user names
FOR /F "usebackq tokens=*" %%G in ("users.txt") do (
REM use user name to find SID
FOR /F "delims=" %%H IN ('"wmic useraccount where name='%%~G' get sid| findstr /vi "SID""') DO (
REM Strip trailing line with CR
FOR /F "delims= " %%I IN ("%%~H") DO (
REM %%I is now the SID of the USER
REG ADD "HKEY_USERS\%%I\Software\Microsoft\addstuffhere" /f
REG ADD "HKEY_USERS\%%I\Software\Microsoft\addstuffhere" /t REG_SZ /d "addstuffhere"" /f
)
)
)
这几乎可以按计划使整个过程自动化;遍历使用PC的用户的用户名文本文件,获取SID,将sid应用为变量,然后用于在该用户的正确位置写入密钥,并在列表中对每个帐户进行相同的操作列出.
This is pretty much automating the whole thing as planned; loops through a text file of user names of users who use the PC, grabs the SID, applies sid as variable, then is used to write the key in the right place for that user, and on through the list doing to same for every account listed.
可能唯一需要更改的部分是WMIC部分,未找到具有真实Windows帐户的某些用户.
The only part that may need altering is the WMIC section is not finding certain users who have bona fide windows accounts.
当我在笔记本电脑上测试工作代码时,它对于我的管理员帐户而言可以正常工作,但是我以joe_blogs(例如)提出无可用实例"的身份登录.因为孤立地显示WMIC代码仅带来了一些而不是全部,所以无法做它需要做的事情.
when I tested the working code on my laptop it worked fine for my administrator account, but me logged in as joe_blogs (e.g.) came up with "no instance available". Because in isolation the WMIC code just brought up only a few not all, so couldn't do what it needed to do.
从以前的问题中我知道,此WMIC代码启用了每个帐户:-
I know from previous questions this WMIC code brings up every account:-
WMIC Path Win32_UserProfile Where "Special='False' And Not LocalPath='Null'" Get LocalPath,SID | find /v ""
也许可以合并到当前的工作代码中,以确保满足每个帐户的需求.
Perhaps that can be incorporated into current working code to make sure every account is catered for.
我知道所有用户都需要在每台PC上登录才能正常工作,因此关于用户个人资料列表,我可以建议当天询问您的用户中谁需要使用我们的产品"在PC的并创建users.txt
I know the users all need to have logged in at each PC for this to work, so with regards to the list of user profiles, I can garner that on the day asking "who of your users needs to use our stuff on the PC's" and make the users.txt
谢谢-希望能真正解释它:/
thanks - hope that really explains it :/
1. Log on to the PC with a standard technician admin account
2. Open regedit.exe
3. Navigate to* HKEY_USERS\S-1-5-21-XXXXXXXXX-XXXXXXXXX-XXXXXXXXXX- XXXXX\Software\Microsoft\Terminal Server Client\Default\Addins\
a. Right-click Addins > New > Key and create foo
b. Right-click foo > New > String Value and create Name
c. Double-click Name and in Value Data enter† C:\foo\file\foo.dll
4. Repeat step 3 for each user: it should be possible to edit the SID in an exported key by right-clicking on the next
HKEY_USERS entry > Rename > Ctrl+C > Esc then replacing the SID in the exported reg key – this has not been tested but may be worth trying
*The user SID is unique so this has to be done per user. If there are a lot of users listed in the registry it is possible to find which SID belongs to which user by checking the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
推荐答案
在阅读完您的编辑后,听起来这里有些摆动的地方.如果我们有2个小自由,则可以在单个命令行中完成.如果不能享有其中一项或两项自由,请告诉我.
After reading your edit, it sounds like there's some room to wiggle here. If we take 2 small liberties, this could be done in a single command line. If one or both liberties can't be taken, let me know.
如果不需要WMIC,并且如果我们可以定位存在的所有SID,而不是尝试将名称与SID匹配,则"reg.exe"和"for"可以快速完成此操作.这是带有示例输出的示例:
If WMIC isn't required, and if we can target all SIDs present rather than trying to match names to SIDs, then 'reg.exe' and 'for' can do this quickly. Here's an example with sample output:
(可选)枚举配置文件:
(Optional) Enum Profiles:
cmd:
for /f "delims=\ tokens=2" %A in ('reg query hku ^| findstr /i "S-1-5-21-" ^| findstr /v /i "_Classes"') do @echo ;[i] Profile Found: {%A}
output:
;[i] Profile Found: {S-1-5-21-277974881-2357464463-7727422770-1001}
;[i] Profile Found: {S-1-5-21-277974881-2357464463-7727422770-1002}
;[i] Profile Found: {S-1-5-21-277974881-2357464463-7727422770-1007}
添加键+值
cmd:
for /f "delims=\ tokens=2" %A in ('reg query hku ^| findstr /i "S-1-5-21-" ^| findstr /v /i "_Classes"') do @(reg add "hku\%A\Software\Microsoft\Terminal Server Client\Default\Addins\FooKey" /v FooName /t REG_SZ /d "C:\foo\file\foo.dll" /f >nul 2>&1 && (echo ;[i] Reg Key Added {%A}) || (echo ;[i] Reg Key Failed To Add {%A}))
output:
;[i] Reg Key Added {S-1-5-21-277974881-2357464463-7727422770-1001}
;[i] Reg Key Added {S-1-5-21-277974881-2357464463-7727422770-1002}
;[i] Reg Key Added {S-1-5-21-277974881-2357464463-7727422770-1007}
(可选)验证成功:
cmd:
for /f "delims=\ tokens=2" %A in ('reg query hku ^| findstr /i "S-1-5-21-" ^| findstr /v /i "_Classes"') do @(reg query "hku\%A\Software\Microsoft\Terminal Server Client\Default\Addins\FooKey" /v FooName 2>nul || echo ;[e] Couldn't Find Key {%A})
output:
HKEY_USERS\S-1-5-21-277974881-2357464463-7727422770-1001\Software\Microsoft\Terminal Server Client\Default\Addins\FooKey
FooName REG_SZ C:\foo\file\foo.dll
HKEY_USERS\S-1-5-21-277974881-2357464463-7727422770-1002\Software\Microsoft\Terminal Server Client\Default\Addins\FooKey
FooName REG_SZ C:\foo\file\foo.dll
HKEY_USERS\S-1-5-21-277974881-2357464463-7727422770-1007\Software\Microsoft\Terminal Server Client\Default\Addins\FooKey
FooName REG_SZ C:\foo\file\foo.dll
这篇关于使用Windows帐户列表使用SIDS添加注册表项的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
