Error Opening HKEY_USERS for [COMPUTER NAME] PsLoggedon
Solution 1:
Use PowerShell:
Get-WmiObject -Class win32_process -ComputerName remote-hostname |
Where-Object{ $_.Name -eq "explorer.exe" } |
ForEach-Object{ ($_.GetOwner()).Domain + "\\" + ($_.GetOwner()).User; }
...replacing remote-hostname with the computer name.
Solution 2:
OK, it's hard to tell what exactly applies here, and what doesn't, but check this post at the SysInternals forum, specifically, what I'm going to copy below.
On your target machine check if
... [long list of things I clipped out, as they may not apply here, bringing us to]...
As soon as your target machine meets all of the above listed requirements, from your local machine try to execute these commands to your target machine:
net use \\target\Admin$ /user:Administrator
dir \\target\Admin$
net use \\target\Admin$ /delete
(only disconnects, does not delete anything.)
(They also have resources like a FAQ on the tools and links to the MS download page for the tools, so they're worth a visit for information on or questions about the Sysinternals suite.)
Now, assuming that all those criteria are met, and you can actually execute the three commands above, the most common cause of that error from PSLoggedon is... the Remote Registry Service being disabled. It's disabled by default, but required for PSLoggedon (among other things) to work. Check the services on your target machine, and I bet you'll need to enable it to get this tool working for you.
EDIT:
To start a service remotely with PSExec, you'd use:
psexec \\[target] -u [username with admin rights] -p [password] net start [servicename]
So you could use PSExec to remotely start the required services, then use PSLoggedOn, without having to actually go around to every machine, or deploying a GPO.
Solution 3:
The user context under which the application is running (the Default Network Credentials), needs acces to open and read from the HKEY_USERS
hive, on the computers you want to query.
To "elevate the command session", right click the executable (cmd.exe
for instance), and choose "Run as Administrator". Now all executables run from that command prompt, will be run with "elevated privileges"
Read more on TechNet about User Account Control, the feature managing token elevation in Windows