Reading HKEY CURRENT USER from the registry in Python, specifying the user_问答_开发者

Reading HKEY CURRENT USER from the registry in Python, specifying the user

开发者 https://www.devze.com 2022-12-08 10:59 出处：网络

In my application I run subprocesses under several different user accounts. I need to be able to read some of the information written to the registry by these subprocesses. Ea开发者_C百科ch one is writing to HKEY_CURRENT_USER, and I know the user account name that they are running under.

In Python, how can I read values from HKEY_CURRENT_USER for a specific user? I assume I need to somehow load the registry values under the user's name, and then read them from there, but how?

edit: Just to make sure it's clear, my Python program is running as Administrator, and I have accounts "user1", "user2", and "user3", which each have information in their own HKEY_CURRENT_USER. As Administrator, how do I read user1's HKEY_CURRENT_USER data?

According to MSDN, HKEY_CURRENT_USER is a pointer to HKEY_USERS/SID of the current user. You can use pywin32 to look up the SID for an account name. Once you have this, you can use open and use the registry key with the _winreg module.

import win32security
import _winreg as winreg

sid = win32security.LookupAccountName(None, user_name)[0]
sidstr = win32security.ConvertSidToStringSid(sid)
key = winreg.OpenKey(winreg.HKEY_USERS, sidstr)
# do something with the key

HKEY_CURRENT_USER maps to a HKEY_USERS\{id} key.

Try finding the id by matching the HKEY_USERS{id}\Volatile Environment\USERNAME key to the username of the user (by enumerating/iterating over the {id}s that are present on the system). When you find the match just use HKEY_USERS{id} as if it was HKEY_CURRENT_USER

If you don't want to install win32 stuff for Python and since you are already using subprocess, you can run built in Windows commands to get at the registry data you are looking for.

To query the SID of a particular user:

wmic useraccount where name='John' get sid

Then you can use that SID to query other registry entries for that particular user:

reg query HKEY_USERS\[SID]

For example, if you want to know the mounted network drives for a particular user:

reg query HKEY_USERS\S-1-5-21-4205028929-649740040-1951280400-500\Network /s /v RemotePath

The output will look something like this:

HKEY_USERS\S-1-5-21-4205028929-649740040-1951280400-500\Network\R
    RemotePath    REG_SZ    \\MACHINENAME1\shared

HKEY_USERS\S-1-5-21-4205028929-649740040-1951280400-500\Network\T
    RemotePath    REG_SZ    \\MACHINENAME2\testing

HKEY_USERS\S-1-5-21-4205028929-649740040-1951280400-500\Network\V
    RemotePath    REG_SZ    \\MACHINENAME3\videos

End of search: 3 match(es) found.

which should be relatively simple to parse in Python.

References:

http://www.windows-commandline.com/get-sid-of-user/

https://superuser.com/questions/135752/list-mapped-network-drives-from-the-command-line-to-text-file