Sysinternals Homepage
Forum Home Forum Home > Sysinternals Utilities > PsTools
  New Posts New Posts RSS Feed: PsGetSID output to dos cmd
  FAQ FAQ  Forum Search   Calendar   Register Register  Login Login

PsGetSID output to dos cmd
 Post Reply Post Reply
Author
Message
  Topic Search Topic Search  Topic Options Topic Options
jsnell View Drop Down
Newbie
Newbie


Joined: 13 July 2006
Location: United States
Online Status: Offline
Posts: 3 		  Quote jsnell Quote  Post ReplyReply Direct Link To This Post Topic: PsGetSID output to dos cmd
    Posted: 13 July 2006 at 5:24pm

I would like to be able to pipe the output of GetSID to a another dos command, but can't figure out how.  Any suggestions?

Thanks,
jj
jj
Back to Top
Karlchen View Drop Down
Senior Member
Senior Member
Avatar

Joined: 18 June 2005
Location: Germany
Online Status: Offline
Posts: 5121 		  Quote Karlchen Quote  Post ReplyReply Direct Link To This Post Posted: 14 July 2006 at 3:02am
Good morning, jsnell.

The name is PsGetSid.exe.

Piping can be done the normal ways by using |, >, >>, 2>, 2>>.

Eg..: 
psgetsid domain\karlchen > result.txt 2>&1

will write the psgetsid output (stdout and stderr) to the file result.txt. 

psgetsid domain\karlchen | some_other_console_command

would pipe stdout to some other console application that must be able to read stdin.

Hope this helps.
Karl



Edited by Karlchen - 14 July 2006 at 3:02am
Back to Top
jsnell View Drop Down
Newbie
Newbie


Joined: 13 July 2006
Location: United States
Online Status: Offline
Posts: 3 		  Quote jsnell Quote  Post ReplyReply Direct Link To This Post Posted: 14 July 2006 at 12:13pm

I already tried most of these... though I have never seen "2>" before...

I tried these without any success.
psgetsid %userdomain%\%username% > %temp%\results.txt 2> notepad.exe
psgetsid %userdomain%\%username% > %temp%\results.txt | notepad.exe
psgetsid %userdomain%\%username% > %temp%\results.txt > notepad.exe

My end result is to export the registry where the user's profile is registered using:

regedit /e "%userprofile%\%Username%-Profile.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList"

While this works, it pulls ALL profiles, and not just the current user's. What I need is the \SID added to the end of the registry key.
jj
Back to Top
Karlchen View Drop Down
Senior Member
Senior Member
Avatar

Joined: 18 June 2005
Location: Germany
Online Status: Offline
Posts: 5121 		  Quote Karlchen Quote  Post ReplyReply Direct Link To This Post Posted: 14 July 2006 at 6:09pm
Good evening, jsnell.

psgetsid %userdomain%\%username% > %temp%\results.txt 2> notepad.exe

The meaning of the second part is quite different from what you think it is. And it is dangerous, too, if you happen to be in the notepad.exe programme folder:
First you tell psgetsid.exe to write its stdout to results.txt (OK), but then you tell it to write its stderr output to a file named notepad.exe. (If you are in the %windir% folder, this means bye bye to your original notepad.exe.)

psgetsid %userdomain%\%username% > %temp%\results.txt | notepad.exe

This is syntactically completely incorrect.
1.) You redirect stdout of psgetsid.exe to results.txt (OK).
2.) You try to pipe stdout a second time, IMPOSSIBLE. (unless you have got a tee command)
3.) You try to pipe the screen output as input to Notepad.exe. Notepad.exe is a GUI application, not a commandline or console application. Notepad cannot read from stdin.

psgetsid %userdomain%\%username% > %temp%\results.txt > notepad.exe

This is incorrect for almost the same reasons as the previous command line.
Only this time you try to redirect stdout twice: 1. to results.txt (OK), 2. to notepad.exe (IMPOSSIBLE), stdout is already redirected to results.txt.

A sequence of 2 separate commands that should work would be e.g.: 
psgetsid %userdomain%\%username% > %temp%\results.txt 2>&1

notepad %temp%\results.txt


My end result is to export the registry where the user's profile is registered using:

The most important point before trying to export the user's registry hive is to make sure it is loaded. You can only export a loaded registry hive.
If the user is not currently logged on the machine, his/her hive will not be loaded.

Working on the registry is a tricky thing, even more so if you wish to do so by using a script.

If your script is faulty you will pretty easily manage to scramble your registry.

What you want to do is this:
1. take a user's name and get the user's SID
2. make sure the user's registry hive is loaded
3. if it is not, then load it
4. export it
5. if it has been loaded by you unload it again

This is much more than you asked for in your starting post.

This can be done using a batch file.

Yet, it is not really trivial. And it is not the kind of batch file one should start with if one is not too experienced in writing batch files (no offense meant).

Maybe someone has got such a script ready and is willing to share it.
(1 A.M. local time, too late to start any difficult tasks for me, sorry. And too complex a task to just give a rough outline.)

Karl
--
P.S.:
+ GUI application: programme having a graphical user interface, e.g. notepade.exe, calc.exe, procexp.exe
+ console application, programme not having a grahical interface, e.g. cmd.exe, psgetsid.exe, reg.exe
+ stdout: "normal" screen output of console applications
+ stderr: often used for writing error messages to the screen
+ stdin: "normal" (keyboard) input for a console application
+ > %temp%\file.txt .. write stdout to the file, overwriting it if it exists.
+ >> %temp%\file.txt .. write stdout to the file, appending at the end if it exists.
+ 2> %temp%\file.txt .. write stderr to the file, overwriting it if it exists.
+ >> %temp%\file.txt .. write stderr to the file, appending at the end if it exists.
+ echo. | format a: .. pipe output of 1st command "echo" as stdin to the second command "format"
+ 2>&1 .. redirect stderr to the same output device as stdout
Back to Top
Karlchen View Drop Down
Senior Member
Senior Member
Avatar

Joined: 18 June 2005
Location: Germany
Online Status: Offline
Posts: 5121 		  Quote Karlchen Quote  Post ReplyReply Direct Link To This Post Posted: 14 July 2006 at 6:24pm
Hello, jsnell.

As my previous post was rather lengthy, I thought I put a hopefully useful suggestion into a short second post.

Without giving a complete solution for your task I would like to suggest to use this approach (script): 
@echo off

:: just switches off echoing of command lines



:: we will use the variable named "uSID" to store the user's SID

set uSID= 



:: tricky 1-line (!) command to get the SID and store it in the  variable uSID

for /F "usebackq delims== skip=1" %%i in (`psgetsid.exe %userdomain%\%username%`) do set uSID=%%i 



:: we just write the SID to screen to show we have got it

echo uSID=%uSID%



:: and now I just added jsnell's command, modified

regedit /e "%userprofile%\%Username%-Profile.reg" HKEY_USERS\%uSID%


Hope it works. The worst case should be that the user's registry hive is not loaded and thus cannot be exported.

Please make sure that psgetsid.exe can be found in your search path %PATH%.

Karl



Edited by Karlchen - 21 July 2006 at 3:58am
Back to Top
jsnell View Drop Down
Newbie
Newbie


Joined: 13 July 2006
Location: United States
Online Status: Offline
Posts: 3 		  Quote jsnell Quote  Post ReplyReply Direct Link To This Post Posted: 20 July 2006 at 7:03pm

Das hilft mir sehr viel. Vielen Danke!    

It works perfect once I changed removed the quotes and changed HKU to HKEY_USERS

for /F "usebackq delims== skip=1" %%i in (`psgetsid.exe %userdomain%\%username%`) do set uSID=%%i

regedit /e "%userprofile%\%Username%-Profile.reg" HKEY_USERS\%uSID%
jj
Back to Top
Karlchen View Drop Down
Senior Member
Senior Member
Avatar

Joined: 18 June 2005
Location: Germany
Online Status: Offline
Posts: 5121 		  Quote Karlchen Quote  Post ReplyReply Direct Link To This Post Posted: 21 July 2006 at 4:01am
Hi, jsnell.

Thanks for your feedback. I changed my previous post accordingly:
+ dropped the double quotes around HKEY_USERS\%uSID%
+ changed HKU\%uSID% to read HKEY_USERS\%uSID%
(REG.EXE does accecpt short forms like HKR, HKLM, HKCU, HKU. Looks as if REGEDIT likes the verbose forms only.)

Karl
Back to Top
 Post Reply Post Reply

Forum Jump Forum Permissions View Drop Down

Privacy Statement