Get currenlty logged on users SID

Hello!
 
I would like to remove a regkey from the current logged user, is ther a way of doing this?
 
I am stuck at getting grab of the SID of the user as you can see in the pic below.
http://img403.imageshack.us/img403/8598/registerx.jpg
 
For example:
HKEY_USERS/<SID of Logged In User>/Software/<Program Folder>
HKEY_USERS/S-1-5-21-23635808756-545454-234324/Software/McAfee
 
Any one knows how to accomplish this?

// Bartoooo

Using WMI and the Win32_Process class, query the owner of the of the 'explorer.exe' process and then use the .GetOwnerSID method of the process class.

Why Win32_Process?

Set net = CreateObject("WScript.Network")
Set wmi = GetObject("winmgmts://./root/cimv2")
WScript.Echo wmi.Get("Win32_UserAccount.Name='" & net.UserName & "',Domain='" & net.UserDomain & "'").SID

The Win32_Process can be easily used to remotely get the same information.  I don't like making a script that can only be ran on the local computer and not remotely.

Wakawaka
 
Using WMI and the Win32_Process class, query the owner of the of the 'explorer.exe' process and then use the .GetOwnerSID method of the process class. 

 
Great Idea! Not just sure on how to do it  :)
This is my code, The only thing it returns is "0". And from what i can see from the link below it's a Successfull completion, But how do i get the actual SID ? http://msdn.microsoft.com...aa390459(v=VS.85).aspx
 
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery("Select * from Win32_Process WHERE Caption='explorer.exe'")
For Each objItem in colItems
Wscript.Echo "Name: " & objItem.Caption  & vbCr & _
"Process SID: " & objItem.GetOwnerSid(objItem.Caption)
Next

Thanks in advanced!
// Bartoooo
 

 

This worked for me! Its just that i need to run the VBscript as Administrator but return the SID for the logged on user but this return the SID for the user that runs the script. In this case the administrator.
 
Any good idea on how to fix that problem? This script will be runned localy so it does not mattes if i can run i remote or now :)
 
Thanks in advance!

Firstly, you are using the GetOwnerSID method wrong.  The GetOwnerSID method doesn't actually return a value.  You have to call it by itself and pass it a parameter that it loads with the SID. 
 

Dim sUserSID 
  ...
objItem.GetOwnerSID sUserSID 
  ...
Msgbox sUserSID 

Secondly, I would use the Name property instead of the caption property.

 "SELECT * FROM Win32_Process WHERE Name='explorer.exe'" 

Wakawaka


Firstly, you are using the GetOwnerSID method wrong.  The GetOwnerSID method doesn't actually return a value.  You have to call it by itself and pass it a parameter that it loads with the SID. 

Dim sUserSID    
 ...   
 objItem.GetOwnerSID sUserSID    
 ...   
 Msgbox sUserSID 

Secondly, I would use the Name property instead of the caption property.

 "SELECT * FROM Win32_Process WHERE Name='explorer.exe'" 

Big thanks Wakawaka!

Final Code!

Option ExplicitDim strComputerDim objWMIServiceDim objItemDim colItemsDim sUserSID  
 
 strComputer = "."Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2") Set colItems = objWMIService.ExecQuery("Select * from Win32_Process WHERE Name='explorer.exe'")  
 For Each objItem in colItems	objItem.GetOwnerSID sUserSID	MsgBox "Name: " & objItem.Name  & vbCr & _	"Process SID: " & sUserSIDNext

 
EDIT: My Line breakes does not work in the [ Code ] ! :)

Hello,

Add to this,

does any one knows how to get the "explorer.exe" owner. and by owner i mean the logged on user ?
 

Use the GetOwner method of the Process object.