Skip to main content

1E 8.1 (on-premises)

NativeServices.RegistryDeleteUserKey

Method

RegistryDeleteUserKey

Module

NativeServices

Library

Core

Action

Deletes a given key and all subkeys and values for every user under HKU.

Parameters

Subkey (string): The registry key to look for.

Return values

For each user for whom the key existed:

Status (string): The deletion status of the key. "Deleted key" if it has been successfully deleted.

Sid (string): SID the key was found under.

Username (string): Domain\Username of the aforementioned SID.

No result is returned for users for whom the key did not exist.

Example

NativeServices.RegistryDeleteUserKey(Subkey:"somethingSpecific");

Platforms

  • Windows

Notes

Unlike most registry methods, the 8192 limit is not imposed because doing so would leave the system in an inconsistent state (some users would have the key deleted, others not), and in practice it is highly unlikely that any system would have that many users.

If information is retrieved from the .DEFAULT key or a _Classes key, the Username will be reported as "Unknown". It is possible to determine the owner of a _Classes key from the SID that precedes it (which will have a correct Username).

Warning

This method may attempt to call AD to translate a SID to a username.

No output is returned for users for whom the key does not exist, i.e. only keys that were actually deleted are reported.

For consistency with other registry user methods, this would be better named as "RegistryDeleteUserKeys".

In this section: