I'm working on a simple application to delete user profile entries from the registry, but I've ran into an issue.
So first, I'm getting all the subkeys that are in the ProfileList through the following code:
List<string> KeyList = new List<string>();
RegistryKey ProfileList = Registry.LocalMachine.OpenSubKey(#"SOFTWARE\\Microsoft\Windows NT\\CurrentVersion\\ProfileList\\");
foreach (string ProfileKey in ProfileList.GetSubKeyNames())
{
KeyList.Add(ProfileKey);
}
From there, I'm getting the ProfileImagePath value of each of those keys and adding them to a checked list box:
KeyList.ForEach(delegate(string ProfileKey)
{
ProfileList = Registry.LocalMachine.OpenSubKey(#"SOFTWARE\\Microsoft\Windows NT\\CurrentVersion\\ProfileList\\" + ProfileKey + "\\");
checkedListBox1.Items.Add(ProfileList.GetValue("ProfileImagePath").ToString());
});
Then, when the user clicks the delete button, I want the application to delete the user profiles that are checked. However, I would have to get the value of each checked item (which looks something like C:/Users/Name) and determine which registry keys to delete. I assume I can do this in a foreach loop, but I'm not quite sure how.
What is the best way to go around doing this?
Thanks.
Here you go. You could execute this code when the user clicks a button such as "Delete Selected Users". Here is the shell of the code:
string[] CheckItemsArray = new string[checkedListBox1.CheckedItems.Count+1];
checkedListBox1.CheckedItems.CopyTo(CheckItemsArray, 0);
foreach (string CheckedItem in CheckItemsArray)
{
if (CheckedItem != null)
{
//your deleting logic here
}
}
Related
I know that I can read the Security logs of a Windows PC using:
var securityLog = new EventLog("security");
foreach (EventLogEntry entry in securityLog.Entries) {
...
}
The entry item contains all the interesting log fields I expect to see like: InstanceId, Message and others. What I want to do now is read the same things from an event log that was saved to disk as an .evtx file.
I have seen suggestions for using
string xpathQuery = "*";
var eventsQuery = args.Length == 0
? new EventLogQuery("Security", PathType.LogName, xpathQuery)
: new EventLogQuery(args[0], PathType.FilePath, xpathQuery);
using (var eventLogReader = new EventLogReader(eventsQuery)) {
EventLogRecord entry;
while ((entry = (EventLogRecord) eventLogReader.ReadEvent()) != null) {
...
}
}
but the entry in the second version doesn't contain the same members/values as the first example. I totally dig that I am confused and am looking at the problem the wrong way.
How should one go about reading the actual per record content from either an active or saved system log?
Or, can I go from an EventLogRecord to an EventLogEntry? I have not seen that conversion method yet.
I want to list out all user data sources using c# but I can't do it because I don't have permission to read the registry key. How can I get all user data sources?
I tried below code but no use
private List<string> ENUMDSN()
{
List<string> list = new List<string>();
list.AddRange(ENUMDSN(Registry.CurrentUser));
list.AddRange(ENUMDSN(Registry.LocalMachine));
XElement xmlele = new XElement("list", list.Select(i => new XElement("list", i)));
return list;
}
private IEnumerable<string> ENUMDSN(RegistryKey rootkey)
{
RegistryKey regkey = rootkey.OpenSubKey(#"Software\ODBC\ODBC.INI\ODBC Data Sources");
foreach (string name in regkey.GetValueNames())
{
string value = regkey.GetValue(name, "").ToString();
yield return name;
}
}
"CurrentUser" registry keys doesn't need any specific permission you can read/write without any problem, but if you want to read keys which in the "LocalMachine" subkey you have to have administrator permissions, there is no other way.
EDIT:
If you run your code under IIS you cannot get key values under the "CurrentUser" or "LocalMachine" because IIS Application Pools doesn't run under your "current account" they runs under their "user accounts".
For solution maybe you can change your Application Pool's user account but it's not recommended for some security reasons.
I'm writing a small app that checks to see if a computer and current user are members of the appropriate security groups in Active Directory. I stumbled across this question LINK but it looks like it was forgotten and I'm running into the same issues as the OP. The end result is I want to be able to create an array that is very similar to running the following command from a command prompt.
gpresult /r
Here is a code sample that I have tried from the above link, I'm running into the same errors as the OP specifically "out of range" exception" when attempting to set LoggingUser and LoggingComputer. Since I can't get past these errors I'm not even sure if this method is the right route.
GPRsop rsop = new GPRsop(RsopMode.Logging, "root\\RSOP\\Computer");
rsop.LoggingComputer = "MyComputer";
rsop.LoggingUser = "domain\\user";
rsop.LoggingMode = LoggingMode.Computer;
rsop.CreateQueryResults();
rsop.GenerateReportToFile(ReportType.Xml, "C:\\Temp\\test.xml");
I found a roundabout way to accomplish what I needed by reading the registry keys located in "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History" for applied group policies, added them to an ArrayList then checked to see if the list contained the policy I'm interested in.
To make sure these keys are dynamically updated, I removed the machine in question from the GPO group, rebooted and the keys associated with that policy were removed.
ArrayList groupPolicies = new ArrayList();
using (RegistryKey historyKey = Registry.LocalMachine.OpenSubKey(#"SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History"))
{
foreach (string historySubkey in historyKey.GetSubKeyNames())
{
using (RegistryKey guidKey = historyKey.OpenSubKey(historySubkey))
{
foreach (string guidsubkey in guidKey.GetSubKeyNames())
{
using (RegistryKey keyvalue = guidKey.OpenSubKey(guidsubkey))
{
groupPolicies.Add(keyvalue.GetValue("DisplayName"));
//Console.WriteLine(keyvalue.GetValue("DisplayName"));
}
}
}
}
}
if (!groupPolicies.Contains("replacewithyourGPOname"))
{
Console.WriteLine("The machine is not a member of the policy");
}
I'm having difficulty changing the DisableTaskMgr value in the registry. Here's what I'm trying so far:
RegistryKey taskMgr = Registry.CurrentUser.OpenSubKey("Software").OpenSubKey("Microsoft").OpenSubKey("Windows").OpenSubKey("CurrentVersion").OpenSubKey("Policies");
string[] subKeys = taskMgr.GetSubKeyNames();
bool foundSystemKey = false;
foreach (string s in subKeys)
if (s == "System")
{
foundSystemKey = true;
break;
}
if (!foundSystemKey)
{
taskMgr = taskMgr.CreateSubKey("System");
// here is where I'm getting the exception even when I do OpenSubkey("Policies" , true)
}
taskMgr.OpenSubKey("System", true);
taskMgr.SetValue("DisableTaskMgr", 1); // 0 to enable, 1 to disable.
I've also tried the following, am seeing the same error get thrown while executing the last line:
RegistrySecurity myRegSecurity = taskMgr.GetAccessControl();
string User = System.Environment.UserName;
myRegSecurity.ResetAccessRule(new RegistryAccessRule(User, RegistryRights.FullControl , AccessControlType.Allow));
taskMgr.SetAccessControl(myRegSecurity); // right here ..
Do you have any explanation as to what's going wrong? Thanks in advance :)
You likely have a permissions issue.
Open regedit, find your key ('Policies')
Right click on the key and select 'Permissions'
Permissions my be inherited, but try adding "Everyone" and re-run your code. If it works, remove "Everyone" and decide on a new group name, add the new group to either the domain, or the local machine. Then add the new group to the key and then add all users who need the permissions to the new group.
I am having trouble displaying all the registry keys in the startup section for Windows. I want to display all of the registry keys that tell programs to startup in a text box. I have been able to create a directory listing for the HKEY_LOCAL_MACHINE, but I can't manage to narrow it down to the keys listed in the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run directory. Here is my code:
TreeNode localMachineNode = new TreeNode(Registry.LocalMachine.Name);
string[] localMachineSubKeys = Registry.LocalMachine.GetSubKeyNames();
foreach (string key in localMachineSubKeys)
{
TreeNode node = new TreeNode(key, 0, 1);
}
If there is a better way to do this, i'd love to hear about it. Mind you, that is only part of my code.
Use OpenSubKey to open a key using a path:
var runs = Registry.LocalMachine.OpenSubKey(
#"Software\Microsoft\Windows\CurrentVersion\Run");
var valueNames = runs.GetValueNames();
var values = new List<object>();
foreach (var valueName in valueNames)
{
values.Add(runs.GetValue(valueName));
}
Is this what you are after?
var keys = Microsoft.Win32.Registry.LocalMachine
.OpenSubKey(#"Software\Microsoft\Windows\CurrentVersion\Run")
.GetSubKeyNames();