Read HKCU for info

Function funGetUsers(sComputer As String) As String

        Dim regHKLM As RegistryKey

        Dim regHive As RegistryHive

        Try

            regHKLM = RegistryKey.OpenRemoteBaseKey(RegistryHive.Users, sComputer)

            'Dim asd2 = regHKLM.OpenSubKey("SYSTEM\CurrentControlSet\Control\Session Manager\Environment", True)

            'Dim asd = asd2.GetValue("PROCESSOR_ARCHITECTURE")

            'debug.print(asd.ToString)

            funGetUsers = ""

            For Each oKeys As String In regHKLM.OpenSubKey("").GetSubKeyNames

                'debug.print(oKeys.ToString)

                Try

                    'debug.print("AccountName: " & AccountName.ToString)

                    'debug.print("User: " & regHKLM.OpenSubKey(oKeys & "\Volatile Environment").GetValue("USERNAME"))

                    'funGetUsers += regHKLM.OpenSubKey(oKeys & "\Volatile Environment").GetValue("USERDOMAIN") & "\" & regHKLM.OpenSubKey(oKeys & "\Volatile Environment").GetValue("USERNAME") & ","

                    Dim sSession As String = ""

                    For Each keySession As String In regHKLM.OpenSubKey(oKeys & "\Volatile Environment").GetSubKeyNames

                        sSession += keySession & "||" & regHKLM.OpenSubKey(oKeys & "\Volatile Environment\" & keySession).GetValue("CLIENTNAME") & "||" & regHKLM.OpenSubKey(oKeys & "\Volatile Environment\" & keySession).GetValue("SESSIONNAME") & "||"

                    Next

                    funGetUsers += regHKLM.OpenSubKey(oKeys & "\Volatile Environment").GetValue("USERNAME") & "||" & sSession & ","

                Catch

                    If oKeys <> "S-1-5-18" And oKeys <> "S-1-5-19" And oKeys <> "S-1-5-20" And oKeys.ToLower.ToString <> ".default" And Strings.Right(oKeys.ToLower.ToString, 8) <> "_classes" Then

                        'debug.print("Catch Key: " & oKeys.Trim.ToString().Replace(".bak", "").ToString)

                        Try

                            Dim sidToFind As SecurityIdentifier = New SecurityIdentifier(oKeys.Trim.ToString().Replace(".bak", "").ToString)

                            Dim AccountName = sidToFind.Translate(GetType(NTAccount)).ToString()

                            'debug.print("AccountName: " & AccountName)

                            Dim sSession As String = ""

                            For Each keySession As String In regHKLM.OpenSubKey(oKeys & "\Volatile Environment").GetSubKeyNames

                                sSession += " (" & keySession & ")"

                            Next

                            funGetUsers += AccountName & sSession & ","

                        Catch ex As Exception

                            Debug.Print(ex.Message.ToString)

                        End Try

                    End If

                End Try

                'regHKLM.OpenSubKey("")

            Next

        Catch

            funGetUsers = "Err: Remote Registry Running?"

        End Try

    End Function

 

Convert SID to User (sAMAccountName)

Dim sidToFind As SecurityIdentifier = New SecurityIdentifier(oKeys.Trim.ToString().Replace(".bak""").ToString)
Dim AccountName = sidToFind.Translate(GetType(NTAccount)).ToString()

Convert User (sAMaccountName) to SID

Dim objSID As SecurityIdentifier = New SecurityIdentifier(sGUID)

Dim objUser As String = objSID.Translate(GetType(NTAccount)).ToString