Version: 3
restore

Contents

Method

RegistryUserValueExists

ModuleNativeServices
LibraryCore
Action

Checks whether a given value exists for every user under HKU.

Parameters

Subkey (string): The registry key to look for.

Name (string): The name of the registry value to check.

Return values

Exists (boolean): True if the key exists, false if it doesn't.

Sid (string): SID the value was found under.

Username (string): Domain\Username of the aforementioned SID.

Example
 NativeServices.RegistryUserValueExists(Subkey:"Console\\%SystemRoot%_System32_cmd.exe", Name:"FaceName");
Platforms
  • Windows
Notes

If information is retrieved from the .DEFAULT key or a _Classes key, the Username will be reported as "Unknown". It is possible to determine the owner of a _Classes key from the SID that precedes it (which will have a correct Username).

This method may attempt to call AD to translate a SID to a username.