1

In my application I run subprocesses under several different user accounts. I need to be able to read some of the information written to the registry by these subprocesses. Each one is writing to HKEY_CURRENT_USER, and I know the user account name that they are running under.

In Python, how can I read values from HKEY_CURRENT_USER for a specific user? I assume I need to somehow load the registry values under the user's name, and then read them from there, but how?

edit: Just to make sure it's clear, my Python program is running as Administrator, and I have accounts "user1", "user2", and "user3", which each have information in their own HKEY_CURRENT_USER. As Administrator, how do I read user1's HKEY_CURRENT_USER data?

Improve this question

3 Answers 3

Reset to default
4

According to MSDN, HKEY_CURRENT_USER is a pointer to HKEY_USERS/SID of the current user. You can use pywin32 to look up the SID for an account name. Once you have this, you can use open and use the registry key with the _winreg module.

import win32security
import _winreg as winreg

sid = win32security.LookupAccountName(None, user_name)[0]
sidstr = win32security.ConvertSidToStringSid(sid)
key = winreg.OpenKey(winreg.HKEY_USERS, sidstr)
# do something with the key
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2

HKEY_CURRENT_USER maps to a HKEY_USERS\{id} key.

Try finding the id by matching the HKEY_USERS{id}\Volatile Environment\USERNAME key to the username of the user (by enumerating/iterating over the {id}s that are present on the system). When you find the match just use HKEY_USERS{id} as if it was HKEY_CURRENT_USER

Improve this answer

3 Comments

This was the solution I had come up with as well, but I was hoping for something more 'correct' seeming - Lukas' suggestion is a bit more concrete.
I would have to agree :). His answer is more robust.
I gave this a + because it works outside Python and doesn't need extra programs - the idea works on any platform.
0

If you don't want to install win32 stuff for Python and since you are already using subprocess, you can run built in Windows commands to get at the registry data you are looking for.

To query the SID of a particular user:

wmic useraccount where name='John' get sid

Then you can use that SID to query other registry entries for that particular user:

reg query HKEY_USERS\[SID]

For example, if you want to know the mounted network drives for a particular user:

reg query HKEY_USERS\S-1-5-21-4205028929-649740040-1951280400-500\Network /s /v RemotePath

The output will look something like this:

HKEY_USERS\S-1-5-21-4205028929-649740040-1951280400-500\Network\R
    RemotePath    REG_SZ    \\MACHINENAME1\shared

HKEY_USERS\S-1-5-21-4205028929-649740040-1951280400-500\Network\T
    RemotePath    REG_SZ    \\MACHINENAME2\testing

HKEY_USERS\S-1-5-21-4205028929-649740040-1951280400-500\Network\V
    RemotePath    REG_SZ    \\MACHINENAME3\videos

End of search: 3 match(es) found.

which should be relatively simple to parse in Python.

References:

http://www.windows-commandline.com/get-sid-of-user/

https://superuser.com/questions/135752/list-mapped-network-drives-from-the-command-line-to-text-file

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.