How can I update all profiles on a machine even if they're not currently loaded?

A. In the FAQ "How can I update a registry value for all users on a machine?" at , I explain how to enumerate HKEY_USERS and update each profile with a registry change; however, that change works only for profiles that are loaded. For example, if I have 100 profiles stored on a machine, they're not all loaded all the time under HKEY_USERS. Therefore, my original code would have updated only currently logged-on users or profiles that had processes still running under them or the well-known built-in credentials (NT System, Local Service, and Network Service) that are always loaded. You should test this code to ensure that it behaves as expected, especially if you run it when a user might log on because it could cause a new profile to be created for the user. I typically use this method as part of an OS upgrade scenario when I want to set something initially or outside of Group Policy for the existing profiles on a machine before user logon is possible.

I've created a script that takes a different approach to updating profiles. The code, which you can download at enumerates the "Documents and Settings" folder and, for each subfolder (a profile), mounts the ntuser.dat file, modifies the file, unloads it, then moves to the next subfolder. The code also changes the desktop wallpaper, but you can obviously change the actual "work" that the script performs.

Dim objFSO, oShell, strBasePath, objFolder, objSubFolders, objSubFolder, strRun, nRtn
Dim strKeyPath, strKeyPathUser
const HKEY_USERS = &H80000003

Set objFSO = CreateObject("Scripting.FileSystemObject")

strKeyPath = "\Control Panel\PowerCfg\GlobalPowerPolicy" 

Set oShell = WScript.CreateObject("WScript.Shell") 
strBasePath = oShell.ExpandEnvironmentStrings("%ALLUSERSPROFILE%") 
strBasePath = left(strBasePath,InStrRev(strBasePath,"\")-1)
wscript.echo strBasePath

Dim binValue() 
strComputer = "." 

Set objReg=GetObject("winmgmts:\{impersonationLevel=impersonate\}!\\" & strComputer & "\root\default:StdRegProv") 

Set objFolder = objFSO.GetFolder(strBasePath)
Set objSubFolders = objFolder.SubFolders
For Each objSubFolder in objSubFolders
    Wscript.Echo objSubFolder.Name
    If objFso.FileExists(strBasePath & "\" & objSubFolder.Name & "\" & "ntuser.dat") = True Then
        strRun = "REG.EXE load " & "HKU\TempHive " & Chr(34) & strBasePath & "\" & objSubFolder.Name & "\" & "ntuser.dat" & Chr(34)
        nRtn = oShell.Run(strRun, 1, True) 

        ' The work portion. Change this to anything task you want to perform.
        if objReg.GetBinaryValue(HKEY_USERS, "TempHive" & strKeyPath, "Policies", binValue) = 0 then 
            objReg.GetStringValue HKEY_USERS, "TempHive\Software\Microsoft\Windows\CurrentVersion\Explorer", "Logon User Name", userName 
            Wscript.Echo "Updating username " & userName 
            objReg.SetBinaryValue HKEY_USERS, "TempHive" & strKeyPath, "Policies", binValue 
            objReg.SetStringValue HKEY_USERS, "TempHive\Control Panel\Desktop" , "Wallpaper", "D:\Multimedia\Images\Space\rocks.bmp"
            objReg.SetStringValue HKEY_USERS, "TempHive\Control Panel\Desktop" , "WallpaperStyle", "2"
        end if 
        ' End of the work portion

        strRun = "REG.EXE unload HKU\TempHive"
        nRtn = oShell.Run(strRun, 1, True) 
    End If
You should run the script under the system context so that it has write access to everyone's profile (e.g., run it as a scheduled job). Also, instead of enumerating "Documents and Settings," you can enumerate HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList and read the list of profiles.

Thanks to Toby Ovod-Everett for pointing out the limitation in my previous FAQ.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.