[Logged SIDs]\SOFTWARE\Microsoft\ExchangeWhere [Logged SIDs] is a variable of the current user SID logged on the remote computer.
All Forums
> Network Scanner
> Current topic
Using SIDs in Remote Registry queries
Started by RMPF2
RMPF2
Using SIDs in Remote Registry queries 14 September 2022, 05:37 |
Re: Using SIDs in Remote Registry queries 15 September 2022, 10:40 |
Admin Registered: 18 years ago Posts: 3 519 |
You can use VB scripting for that under Options - Remote Scripting.
Here is a sample script that prints logged SIDs with their %PATH% variable read from the registry:
Here is a sample script that prints logged SIDs with their %PATH% variable read from the registry:
const HKEY_USERS = 2147483651 'Connect using current user Set objWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & Input.Current & "\root\cimv2") 'Get interactive session Set colSessions = objWMI.ExecQuery _ ("Select * from Win32_LogonSession Where LogonType = 2") If colSessions.Count = 0 Then 'No interactive session found Output.Write "No interactive user found" Else 'Interactive session found For Each objSession in colSessions Set colList = objWMI.ExecQuery("Associators of " _ & "{Win32_LogonSession.LogonId=" & objSession.LogonId & "} " _ & "Where AssocClass=Win32_LoggedOnUser Role=Dependent" ) 'Setup registry access Set objReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & Input.Current & "\root\default:StdRegProv") 'Query registry for those SIDs For Each objItem in colList errCode = objReg.GetStringValue(HKEY_USERS, objItem.SID & "\Environment", "Path", Value) If errCode = 0 Then Output.Write "Logged SID: " & objItem.SID Output.Write "%PATH% Value: " & Value End If Next Next End If
RMPF2
Re: Using SIDs in Remote Registry queries 16 September 2022, 01:35 |
Ok. Thanks.
Just to clarify, to understand how it works: How exactly the "Options - Remote Registry" feature behaves in the case when the desired query is against HKEY_Users? Because if we open the Registry Browser, the only SIDs there are the local ones in relation to the user that is running NetScan.
Just to clarify, to understand how it works: How exactly the "Options - Remote Registry" feature behaves in the case when the desired query is against HKEY_Users? Because if we open the Registry Browser, the only SIDs there are the local ones in relation to the user that is running NetScan.
Re: Using SIDs in Remote Registry queries 16 September 2022, 08:56 |
Admin Registered: 18 years ago Posts: 3 519 |
In the Options - Remote Registry feature the Registry Browser operates on the local machine. It is present merely for convenience and allows you to choose a path to query from the local registry.
If you need to query a value or key that is not on the local machine, you will need to type it manually.
If you need to query a value or key that is not on the local machine, you will need to type it manually.