Show UAC Virtualized Registry Keys for All Users (Updated 1.2) Print E-mail

Problem determination can be made more difficult by UAC Virtualization.  This is especially true of registry virtualization.  Since the VirtualStore registry key is specific to each user, you cannot get a global view of UAC registry key virtualization or even view it for a single user.  This script can list UAC virtualizated registry keys for another user or for ALL other users.

The registry VirtualStore subkeys are in the user registry at HKCU\Software\Classes\VirtualStore\MACHINE\Software.

Finding these keys for each user is challenging because this registry key is not stored in the user's NTUSER.DAT registry file - instead it is in the user's Usrclass.dat registry file.

It is also necessary to check if the target user's Usrclass.dat is already loaded and to load and unload it as needed.

The VBScript function CSI_ListUACVirtRegKeys() provides a method to view these keys.  The function takes one argument which can be any of the following:
  • "CURRENT" - list UAC virtualized registry keys for the user running the script.
  • "ALL" - list UAC virtualized registry keys for all users who have logged in interactively. 
    (Requires that the script run with elevated admin permissions)
  • <SpecificUserID> - list UAC virtualized registry keys for a user ID that you specify.
    (Requires that the script run with elevated admin permissions)
Like this script? Subscribe to our newsletter (without loosing your place in this article).
captcha
(Please ensure that the confirmation email clears your spam filter so that you will see future mailings.)

RoadMap

It is my plan to enhance this script to do the following: delete registry keys, view and delete UAC virtualized files and run as an MSI Custom Action.

Update Log

  • 11/16/2010 - Version 1.2 - Multiple fixes to GetUserIDorSIDInfo()
  • 10/20/2010 - Version 1.1 - initial release.

Attachments:
Download this file (CSI_ListUACVirtRegKeys.zip)CSI_ListUACVirtRegKeys.zip[ ]3 Kb
Tags: