I'm really struggling with a problem that I have with my software running under NT/2k. Basically, I want to create keys under HKEY_LOCAL_MACHINE and write and retrieve data from these keys. This works fine with my code as long as the user has the appropriate rights to the Registry keys. It seems, quite frequently, that unless Users have Administrator rights their Registry access is restricted by default. My questions are:
1. Under these circumstances is it possible to create a key under (say) HKEY_LOCAL_MACHINE\Software\... where users have unlimited rights to open/query/read/write, etc. to the keys created by me and if this is possible I presume the RegCreateEx call with the appropriate Security Descriptor information must be set. If so what are the values I should be setting under SECURITY_ATTRIBUTES for:
nLength
lpSecurityDescriptor
bInheritHandle
2. If I have previously created a key without the correct security information is it possible to change it using RegSetKeySecurity and, if so, how.
I got the registry creating the keys to inherit their security. Then my code takes the security from the key and adds to it. There are still a few problems, like having that information on subkeys of the keys and stuff like that but it's working like I need it. I got part of the code from Microsoft http://support.microsoft.com/support.../Q194/7/57.asp and http://msdn.microsoft.com/library/te...sdn_ntprog.htm and a lot from my head.
If you make any new discoveries with this or whatever let me know.
Let me know your email address and I'll send you my module (complete registry manipulation is also in there including updating, retrieving and deleting keys & values)
I am also having similar problems. We have developed a couple appications that work fine when installed under the Administrator account - but when you try to run as a restricted user - the applications will not run. I use Local_Machine registry settings to hold some of the application parameters - and I'm pretty sure that is where the problem is...
I have attached the Registry module that I have been using. It includes some basic security stuff for the registry. Mostly I use this when I install a program to give everyone access to the registry keys. If you need any help with any of it let me know.
Normal Users should NOT have write access to HKLM -- you should be using HKCU after the program is installed. Changing permissions on the registry is not a good idea -- it can give Netowrk Administrators a headache and can even be considered malicious - they set their network's security, not you.
Also, normal users should not have write access to anything under %Program Files% as well.
Josh
Get these: MozillaOperaOpenBSD
I have books for sale: "MCSD in a Nutshell" and "VB Distributed Exam Cram" - PM me for details. Will also trade for a decent ATX Pentium 2 MB/CPU/RAM combo.
Reply With Quote
