How to Programmatically Set Environment Variables for Another User on Windows


1 views

When managing Windows servers or multi-user systems, administrators often need to configure environment variables for other user accounts - especially for service accounts running applications like ASP.NET. The standard System Properties GUI only allows modifying variables for the current user.

The most reliable method involves directly editing the Windows Registry where user environment variables are stored:

Windows Registry Editor Version 5.00

[HKEY_USERS\SID\Environment]
"TMP"="D:\\CustomTempPath"

First, you'll need to obtain the target user's SID (Security Identifier). Run this PowerShell command:

$user = New-Object System.Security.Principal.NTAccount("domain\username")
$sid = $user.Translate([System.Security.Principal.SecurityIdentifier])
$sid.Value

For automated deployments, PowerShell provides a cleaner solution:

# Requires admin privileges
$User = "DOMAIN\UserName"
$RegPath = "Registry::HKEY_USERS\$((New-Object System.Security.Principal.NTAccount($User)).Translate([System.Security.Principal.SecurityIdentifier]).Value)\Environment"

Set-ItemProperty -Path $RegPath -Name "TMP" -Value "D:\AppTemp" -Type ExpandString

# Broadcast WM_SETTINGCHANGE to make changes effective immediately
$HWND_BROADCAST = [IntPtr]0xFFFF
$WM_SETTINGCHANGE = 0x1A
$null = [Win32]::SendNotifyMessage($HWND_BROADCAST, $WM_SETTINGCHANGE, [IntPtr]::Zero, "Environment")

Add-Type -TypeDefinition @"
using System;
using System.Runtime.InteropServices;
public class Win32 {
    [DllImport("user32.dll", SetLastError=true, CharSet=CharSet.Auto)]
    public static extern IntPtr SendNotifyMessage(IntPtr hWnd, uint Msg, IntPtr wParam, string lParam);
}
"@

In domain environments, Group Policy Preferences offer the most maintainable solution:

  1. Open Group Policy Management Console (gpmc.msc)
  2. Create/edit a GPO that applies to target users
  3. Navigate to: User Configuration → Preferences → Windows Settings → Environment
  4. Create a new Environment variable with:
    • Action: Update
    • Name: TMP
    • Value: %SystemDrive%\CustomTemp
    • User variables section
  • Changes won't affect already running processes - they require restart
  • For ASP.NET specifically, consider modifying web.config instead: 
    <system.web>
    <compilation tempDirectory="D:\CustomCompilationTemp" />
</system.web>
  • Registry modifications require administrative privileges
  • Always test in non-production environments first

When working with ASP.NET applications on Windows servers, you might encounter situations where you need to modify environment variables for different user accounts. The standard method of using System Properties only affects the current user, which becomes problematic when you need to configure the TMP variable for service accounts or other users.

The most reliable method involves modifying the Windows Registry. Environment variables for all users are stored under HKEY_USERS, but you'll need to know the target user's Security ID (SID).

// PowerShell script to set TMP for another user
$username = "TargetUserName"
$user = Get-WmiObject Win32_UserAccount | Where-Object {$_.Name -eq $username}
$sid = (New-Object System.Security.Principal.NTAccount($username)).Translate([System.Security.Principal.SecurityIdentifier]).Value

# Modify the registry
$regPath = "Registry::HKEY_USERS\$sid\Environment"
Set-ItemProperty -Path $regPath -Name "TMP" -Value "D:\CustomTempPath" -Type String

In domain environments, Group Policy provides a centralized way to manage environment variables:

  1. Open Group Policy Management Console
  2. Navigate to: User Configuration > Preferences > Windows Settings > Environment
  3. Create a new environment variable policy

For quick changes, you can use setx with runas:

runas /user:TargetUserName "setx TMP D:\CustomTempPath /m"

Remember that IIS application pools run under specific identities. To modify environment variables for these accounts:

// C# code to verify the change took effect
string tempPath = Environment.GetEnvironmentVariable("TMP", EnvironmentVariableTarget.User);
Console.WriteLine($"Current TMP path: {tempPath}");

Always consider:

  • Registry permissions when modifying HKEY_USERS
  • Impact on other applications using TMP
  • Proper testing in non-production environments

For production systems:

  1. Document all environment variable changes
  2. Implement monitoring for critical paths
  3. Consider using application-specific configurations instead of system-wide variables