Copying Windows Registry Keys from One User to Another

Windows Registry - regedit.exe

After switching the logged on user on a Windows Service, I found out that the original user had some printers set up that were not present in the new user’s profile.

While I could have manually set up the necessary printers on the new user, it seemed that there must be a way to do this that would ensure that all of the printers were set up correctly on the new user.

Printer information for each user is stored in the HKEY_CURRENT_USER\Printers registry key.

However, the HKEY_CURRENT_USER hive only shows registry information for whatever user you’re logged on as. What if you wanted to copy from one user (other than you), to some other user?

The HKEY_CURRENT_USER key for each user is found in the registry under the HKEY_USERS hive, under each user’s SID. If you don’t have an easy way to find out what a user’s SID is, what then?

There is a solution! The information that is displayed in the HKEY_CURRENT_USER hive is stored in the NTUSER.DAT file in each user’s profile.

Each user’s hive can be loaded either from the Registry Editor or the command line. Both of these must be started as an Administrator to have the privileges to do this.

The example below shows how to do this from a command line. If the user whose hive to be copied is called OLDUSER, the following command (reg load) should attach the OLDUSER hive as HKEY_USERS\OLDUSER. This can be run from Command Prompt or PowerShell.

reg load C:\Users\OLDUSER\NTUSER.DAT

Do the same thing with the new user (NEWUSER):

reg load C:\Users\NEWUSER\NTUSER.DAT

Note: If either of these users is currently logged on or running a service, they must first be logged off or the service stopped.

In the Registry Editor, export (in this case) the Printers key from HKEY_USERS\OLDUSER into a .reg file.

Open the .reg file with an editor and replace all instances of OLDUSER with NEWUSER. Save the file. Execute the file by double-clicking on it. Confirm the dialog box to add the information to NEWUSER’s hive.

confirm registry change

To unload both users’ hives, execute the following commands:

reg unload OLDUSER
reg unload NEWUSER

(Remember to restart any Services that were stopped before loading!)

To verify that the information was copied correctly, you can log on as the new user and examine its HKEY_CURRENT_USER hive.

Enabling Single Sign-On in Citrix Receiver

Citrix logo

After downloading a new version of Citrix Receiver and installing it, I discovered that the single sign-on (SSO) functionality that used to “just work”, had stopped working.

After hunting through the Local Group Policy Editor, the registry, and the folder in which Citrix was installed, I was able to put together the following instructions. Completing these steps fixed my problem, however, the fole locations may vary somewhat depending on how your Windows and Citrix installations are configured.

Note: The person executing these steps will need local admin rights on the PC.

  1. Add the following site(s) to the Local Intranet zone in Internet Options. (These will be specific to your organization.)
    1. http://yourcitrixwebportal.com
    2. https://yourcitrixwebportal.com
    3. In Internet Explorer, go to Tools –> Internet options.
      On the Security tab, click “Local intranet” in the “Select a zone…” area.
      Internet Options dialog box
      Click the Sites button, and on the next dialog box, click the Advanced button.
      Local intranet zone box
      Add each site above by pasting or typing the URL into the “Add this website…” field and click the Add button for each one. The checkbox requiring HTTPS should be unchecked.
      Local intranet zone - add sites
      Click Close, OK.

      Click the Advanced tab on the Internet Options box. Make sure the “Enable Integrated Windows Authentication” checkbox is checked. If not, check it. (You will also need to reboot the PC if this setting is changed after closing Internet Options.)
      Internet Options box - Advanced tab
      Click OK to close Internet Options.

  2. Copy files from the Citrix Receiver client into the appropriate Windows folder to enable Citrix Group Policies.
    1. Copy CitrixBase.admx and receiver.admx from “C:\Program Files (x86)\Citrix\ICA Client\Configuration” to “C:\Windows\PolicyDefinitions”
    2. Copy CitrixBase.adml and receiver.adml from “C:\Program Files (x86)\Citrix\ICA Client\Configuration\en-US” to “C:\Windows\PolicyDefinitions\en-US”

  3. Click Start –> Run –> type gpedit.msc in the search field and hit Enter to open the Local Group Policy Editor. Find the “User authentication” folder in the left pane under Local Computer Policy –> Computer Configuration –> Administrative Templates –> Citrix Components –> Citrix Receiver. Click “User authentication” to display its settings in the right pane. In the right pane, double click “Local user name and password”. Click the Enabled radio button, and make sure that the “Enable pass-through authentication” and “Allow pass-through authentication for all ICA connections” checkboxes are checked. Click OK to close the “Local user name and password” settings box. Close the Local Group Policy Editor.
    Local Group Policy Editor
  4. Reboot the PC.
  5. When opening the Citrix app you may see a box asking to Permit or Block access to local resources. Check the checkbox and select Permit.

Updating the PrmBootStrap.xml Primavera P6 DB Configuration File on Citrix Servers

Oracle Primavera P6 EPPM

I support an environment where users access the Primavera P6 thick client on Windows via Citrix.

If I connect to the Database Configuration app and add, modify, or delete the connection to a P6 database, the PrmBootStrap.xml file that is in my profile. For the version we are using (8.2), that location is C:\Users(username)\AppData\Local\Oracle\Primavera P6\P6 Professional. It appears that the file is also copied to the “%PROGRAMDATA%\Oracle\Primavera P6\P6 Professional” folder and the “All Users” profile (if it exists) as well, in “C:\Users\All Users\AppData\Local\Oracle\Primavera P6\P6 Professional”.
In the code below, I copy from the ProgramData folder instead of from my profile, but it would be easy to eliminate the outer for loop and uncomment two lines to make it copy from my profile.

Since I have multiple Citrix servers for P6, I normally would manually copy the file to the folders on the other Citrix servers so that the users will have the same list no matter where they log on. To simplify this, I wrote this Windows batch script to automate this copy process.

@echo off
cls
setlocal EnableDelayedExpansion
rem //Citrix servers hosting Primavera P6 should be in the serverlist variable, separated by spaces
set serverlist=citrixserver1 citrixserver2 citrixserver3
rem //Windows username of person who has standard file
set usersname=foobar

set programdataunc=%PROGRAMDATA::=$%
set filepath=Oracle\Primavera P6\P6 Professional
set filename=PrmBootStrap.xml

rem set Sourceloc="C:\Users\%usersname%\AppData\Local\%filepath%\%filename%"

for %%s in (%serverlist%) do (	
	set Sourceloc="\\%%s\%programdataunc%\%filepath%\%filename%"
	
	if not exist !Sourceloc! (
		echo No file found: !Sourceloc!
	) else (
		for %%a in (!Sourceloc!) do set SourceFileDate=%%~ta

		set offset=0
		if "!SourceFileDate:~-2!" == "PM" set offset=12					
		set /a "SourceFileDateHour=!SourceFileDate:~11,2!+!offset!"
		set "SourceFileDateCompare=!SourceFileDate:~6,4!!SourceFileDate:~0,2!!SourceFileDate:~3,2!!SourceFileDateHour!!SourceFileDate:~14,2!"					

		for %%x in (%serverlist%) do (
			echo.			
			echo DestinationServer = %%x
			echo SourceServer = %%s
			echo .
			if not %%x==%%s (
				set firstloc="\\%%x\%programdataunc%\%filepath%\%filename%"
				set secondloc="\\%%x\C$\Users\All Users\%filepath%\%filename%"
				
				for %%y in (!firstloc! !secondloc!) do (			    
					if exist %%y (						
						echo =-=-=-=-=-=
						for %%a in (%%y) do set DestinationFileDate=%%~ta
						set offset=0
						if "!DestinationFileDate:~-2!" == "PM" set offset=12					
						set /a "DestinationFileDateHour=!DestinationFileDate:~11,2!+!offset!"
						set "DestinationFileDateCompare=!DestinationFileDate:~6,4!!DestinationFileDate:~0,2!!DestinationFileDate:~3,2!!DestinationFileDateHour!!DestinationFileDate:~14,2!"							
						echo DestinationFileDateCompare = !DestinationFileDateCompare!
						echo SourceFileDateCompare = !SourceFileDateCompare!
						echo .
						if "!SourceFileDateCompare!" gtr "!DestinationFileDateCompare!" (					    
							set NewDestinationFileName=!filename!_!DestinationFileDateCompare!
							echo !NewDestinationFileName!
							ren %%y !NewDestinationFileName!
							copy !Sourceloc! %%y						
						) else (							
							echo Destination file %%y is newer than or the same as !Sourceloc!.
						)
						echo =-=-=-=-=-=
						echo.
					) else (
						echo.
						echo =x=x=x=x=x=
						echo INFO: %%y not found					
						echo =x=x=x=x=x=
						echo.
					)  
				)
			) else (
				echo Destination and Source servers are the same: no file copied.
			)
		)
	)
)
rem pause

If you uncomment the pause command at the end, you can look at the command window to make sure it’s working properly.

Problems with Installing Applications on Windows Servers via Remote Desktop

Terminal Server remote client not allowed dialog box

If you have tried to install an application on a Windows Server when logged in with Remote Desktop Connection and the result was a dialog box like the one above, this post is for you.

Understandably, many software companies want different kinds of licensing to be used when installing on a server running Terminal Services. The assumption is that you will likely be using it as a Citrix server, allowing many users to access the application at once. If this is what you are intending to do, then you must follow the licensing scheme required by the software vendor.

However, what if your intention is to install it only for yourself? In my case, I have a virtual development server that no one else uses, but I log onto it with Remote Desktop. When trying to install an application the other day, I got a message similar to the one above. How does it know that I’m logging on remotely?

Other users have had similar experiences, and some of the suggestions on this post on SuperUser gave me an idea.

What if I was logged onto the Console rather than an RDP session? This is a virtual server that is not physically located in the same place as me, so that seemed unlikely. Then I remembered VNC! After installing a free copy of UltraVNC Server on the server and Viewer on my PC, I was able to log in as an apparent session from the Console.

The application was satisfied and allowed me to install it without any further complications.