It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda RMM
formerly Managed Workplace

Work With User Variables Through Automation

  • Last updated on

When authoring custom scripts for automation through Barracuda RMM, the script will run as the “Local System” account on the target Windows device. This can impact scripts that are intended to manage user settings since it is not running as the logged in user. Scripts run as the Local System account when they are launched through automation. As a result, user-specific variables or objects will reference Local System's configurations. Please see the example below.  

To reference the Local System’s registry hive or profile directory: HKEY_CURRENT_USER or %USERPROFILE% Registry hive location: (HKEY_USERS\S-1-5-18) or profile directory %SYSTEMROOT%\system32\config\systemprofile) Listed below are three options for writing scripts for remote execution when targeting other users’ profiles.

Listed below are three options for writing scripts for remote execution when targeting other users’ profiles.

Option 1

When targeting a currently-logged-in account specifically, a script check for the owner should be performed to ensure all running instances of explorer.exe (instances of the Win32_Process WMI class) have a convenient GetOwner. This is the method as per Microsoft (https://msdn.microsoft.com/en-us/library/aa394372(v=vs.85).aspx)

Option 2

When targeting all users who have active profiles on the system, as an alternative it is possible to iterate over the registry key:
KEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList

The subkeys of ProfileList are the SIDs of each user who has logged into the system, and each of those keys has relevant values like ProfileImagePath, which defines that user's %USERPROFILE% environment variable, as per https://technet.microsoft.com/en-us/library/cc775560(v=ws.10).aspx#sectionSection3

Option 3

An even simpler, less precise, approach is to have the script run through every subdirectory of %SYSTEMROOT%\users and do the relevant tasks to them, whether the subdirs are for an actual user or not.