Modify a user’s registry hive without logging in

by Shijaz Abdulla on 23.06.2007 at 13:35

ModifyProfile, an ingenious freeware tool written by Marty List, lets you modify the HKEY_CURRENT_USER registry hive of any user on your machine, without requiring the user to login.

By design, Windows has a different HKEY_CURRENT_USER hive for every user that has a profile on the Windows computer. This is stored in the C:Documents & SettingsusernameNTUser.dat file in each user’s profile. This hive is “loaded” whenever the user logs in and is displayed in REGEDIT as the HKEY_CURRENT_USER hive. Depending on which user is logged in, the hive is different, because a different NTUser.dat file has been loaded.

Sometimes an administrator needs to change a registry value in the HKEY_CURRENT_USER hive of many or all users who log on to a particular system. I’ve seen that adminsitrators are usually confronted with this kind of a challenge on Terminal Servers, where multiple users estabish remote desktop/terminal sessions, and a change/restriction needs to be made in the HKEY_CURRENT_USER hive of all users.

Instead of having to login to each user’s session or write a login script to make the change, the administrator can pick a time when no user will be logged in (because the NTUser.dat file should not be “in use”) and use the ModifyProfile tool from the administrator’s command line.

For instance, I can implement a registry change stored in a .reg file for all users, by using a single command like:

ModifyProfile.exe /PROFILE:ALL /REG:”C:TEMPChanges.reg” /KEYNAME:TempHive
and ModifyProfile will open each user’s hive and do the job!

Trackback Permanent Link

5 Responses to Modify a user’s registry hive without logging in

  1. Anonymous says:

    Shijaz,
    Is there a way to do it programmatically without using this tool? Any clue about how ModifyProfile is implemented?

  2. VDJEUGT says:

    Hi Shijaz,
    But what about roaming profiles, where the NTUSER.DAT on the computer will be overwritten by the one located on the server at the next logon?

    Luc

  3. Rolando R. says:

    In Windows 7 the folder whete ntuser.dat is stored is: C:Users

  4. Bob Z says:

    This works in Windows 7, 2008 where the profiles are in C:Users instead. I just tried it. It probably uses Windows’ profile variable name %profilename% which would make it work in all environments.

Leave a Reply