How can I programmatically find a users HKEY_USERS registry key using powershell?

$User = New-Object System.Security.Principal.NTAccount($env:UserName)$sid = $User.Translate([System.Security.Principal.SecurityIdentifier]).value

The above snippet gives you the SID of the logged-in user. This when appended to the HKEY_USERS givs you the right path for that username.

New-PSDrive HKU Registry HKEY_USERSGet-Item "HKU:\${sid}"

This answer is not complete, as HKEY_USERS does not contain all the users, just those that are currently active.

You'll need to load the registry hive for the user(s) you want to work with using

reg load hku\ThatUserName C:\Users\ThatUserName\NTUSER.DAT

See this SO answer for an example of how to load the registry hive for all the user(s).

You can then access the registry for that user with

Set-Location HKU:\ThatUserName

Or call New-PSDrive to give the user's registry it's own drive, like so:

New-PSDrive -Name HKThatUser -PSProvider Registry -Root HKU\ThatUserName Set-Location HKThatUser:

Be sure to unload the registry, and do garbage collection to ensure the hive is released when done:

reg unload hku\ThatUserName[gc]::collect()

See this post for more info

This does it for me

ls 'hklm:software/microsoft/windows nt/currentversion/profilelist' | ? {  $_.getvalue('profileimagepath') -match 'Steven'} | % pschildname

Example