RegistrySettingsForAllUsers Question


I am attempting to use Invoke-HKCURegistrySettingsForAllUsers function to make various HKCU changes. It works fine and targets all accounts, however, I would like to have it not target the administrator account (instead focusing on the default and 1 other account).

I see this should be possible using the -UserProfiles parameter. However, I can’t seem to find the right way to pass the accounts/variables in to that parameter.

Any advice on how to pass accounts in to exclude/include would be awesome, thank you :slight_smile:

In AppDeployToolkitMain.ps1, in the definition of the Set-ActiveSetup Function, they give a hint.

Invoke-HKCURegistrySettingsForAllUsers -RegistrySettings $RemoveHKCUActiveSetupKey -UserProfiles (Get-UserProfiles -ExcludeDefaultUser)

I would guess you just build an array using Get-UserProfiles and remove the Admin accounts.
Something like:

$arAllProfiles = Get-UserProfiles  -ExcludeDefaultUser -excludeSystemProfiles -ExcludeNTAccount
ForEach ($Profile in $arAllProfiles) {
   <Filter admin account>

in the definition of the Get-UserProfiles Function, you can see how they filter out profiles:

If ($ExcludeSystemProfiles) {
	[string[]]$SystemProfiles = 'S-1-5-18', 'S-1-5-19', 'S-1-5-20'
	[psobject[]]$UserProfiles = $UserProfiles | Where-Object { $SystemProfiles -notcontains $_.SID }
If ($ExcludeNTAccount) {
	[psobject[]]$UserProfiles = $UserProfiles | Where-Object { $ExcludeNTAccount -notcontains $_.NTAccount }

I assume your admin account names are like ADMINKYLE-4 so I would use the -Like operator instead of -notcontains because -notcontains cannot do wildcards.

Thank you very much! The line below is exactly what I was after and it works great! :slight_smile:

Invoke-HKCURegistrySettingsForAllUsers -RegistrySettings $RemoveHKCUActiveSetupKey -UserProfiles (Get-UserProfiles -ExcludeDefaultUser)

1 Like