Version: 4
restore

Contents

Method

RegistryDeleteUserKey

ModuleNativeServices
LibraryCore
Action

Deletes a given key and all subkeys and values for every user under HKU.

Parameters

Subkey (string): The registry key to look for.

Return values

Status (string): The deletion status of the key. "Deleted key" if it has been deleted.

Sid (string): SID the key was found under.

Username (string): Domain\Username of the aforementioned SID.

Example
 NativeServices.RegistryDeleteUserKey(Subkey:"somethingSpecific");
Platforms
  • Windows
Notes

If information is retrieved from the .DEFAULT key or a _Classes key, the Username will be reported as "Unknown". It is possible to determine the owner of a _Classes key from the SID that precedes it (which will have a correct Username).

This method may attempt to call AD to translate a SID to a username.