Error Opening HKEY_USERS for [COMPUTER NAME] PsLoggedon

windows-server-2008 windows-server-2008-r2

Solution 1:

Use PowerShell:

Get-WmiObject -Class win32_process -ComputerName remote-hostname | 
    Where-Object{ $_.Name -eq "explorer.exe" } | 
    ForEach-Object{ ($_.GetOwner()).Domain + "\\" + ($_.GetOwner()).User; }

...replacing remote-hostname with the computer name.

Solution 2:

OK, it's hard to tell what exactly applies here, and what doesn't, but check this post at the SysInternals forum, specifically, what I'm going to copy below.

On your target machine check if

... [long list of things I clipped out, as they may not apply here, bringing us to]...

As soon as your target machine meets all of the above listed requirements, from your local machine try to execute these commands to your target machine:

net use \\target\Admin$ /user:Administrator

dir \\target\Admin$

net use \\target\Admin$ /delete

(only disconnects, does not delete anything.)

(They also have resources like a FAQ on the tools and links to the MS download page for the tools, so they're worth a visit for information on or questions about the Sysinternals suite.)

Now, assuming that all those criteria are met, and you can actually execute the three commands above, the most common cause of that error from PSLoggedon is... the Remote Registry Service being disabled. It's disabled by default, but required for PSLoggedon (among other things) to work. Check the services on your target machine, and I bet you'll need to enable it to get this tool working for you.

EDIT:

To start a service remotely with PSExec, you'd use:

psexec \\[target] -u [username with admin rights] -p [password] net start [servicename]

So you could use PSExec to remotely start the required services, then use PSLoggedOn, without having to actually go around to every machine, or deploying a GPO.

Solution 3:

The user context under which the application is running (the Default Network Credentials), needs acces to open and read from the HKEY_USERS hive, on the computers you want to query.

To "elevate the command session", right click the executable (cmd.exe for instance), and choose "Run as Administrator". Now all executables run from that command prompt, will be run with "elevated privileges"

Read more on TechNet about User Account Control, the feature managing token elevation in Windows

Related

Is there any way to limit bandwidth usage by process ID in Windows?
How to stay up to date with the latest information about UNIX software patches and upgrades?
Some visitors cannot access my website
User to send as anyone in Exchange?
POSTFIX Won't Start says: bind 0.0.0.0 port 25: Address already in use, what should i do?
SSH closes connection after login Exit status 254
How do you NAT Hairpin in IOS 8.3+
Supervisor process exits with 'exit status 1; not expected'
Why was the FTP protocol designed to use more than one port?
Yum install php-pecl-memcached - No package found (Have epel-release-6-8.noarch.rpm)
Finding all domain names that resolve to the same ip?
tcpdump shows traffic until I use a filter