I'd like to know if I can find particular user's registry after that user logoff?
I notice that after user logs off, that corresponding key int HKEY_USERS will disappear (For example, HKEY_USERS\S-1-5-21-245205834-4096572605-1844777647-1002 correspond to user account AAA, after AAA logs off this key will disappear, too).
This registry contains some information I need, so I want to read/open it no matter user login or not, I'd like to do it in C/C++ way, and I appreciate any possible solution.
A user's registry configs are stored in NTUSER.DAT file. This file can give you the desired user's HKEY_CURRENT_USER. The file is stored in the user's profile directory.
From MSDN,
A registry hive. The registry hive is the file NTuser.dat. The hive is loaded by the system at user logon, and it is mapped to the HKEY_CURRENT_USER registry key. The user's registry hive maintains the user's registry-based preferences and configuration.
Note: The file is locked if already mounted i.e., if the user is logged-in, you can not access the file. So, before loading the file, you should check by opening the respective HKCU if user is logged-in or not.