Printable View
Guys-
I am trying to write some code that will save a particular Registry Hive (using RegSaveKey.. created a binary dat file) and import a dat file (using RegRestoreKey).
I found out that the user MUST have the SeBackupPrivilege and SeRestorePrivilege. Is there another API that allows me to do the same with the registry and does not require granting permissions to the user? (using advapi32.dll at the moment).
Thanks for your help!
You need privileges so that random users don't screw up the DB. If they really need it, why not just grant them the permissions? You can only get at the registry through those functions, anyway.
What you said is true. Except that I want to avoid creating any type of security hole. For example, when a user with a mandatory profile logs-in, he is essentially loading a file (ntuser.man) to the registry (HKCU hive). How come it can be done then? Maybe Microsoft uses an API that we don't have access to?