Re: HKEY_LOCAL_MACHINE Registry Access

Tech-Archive recommends: Fix windows errors by optimizing your registry

Okay, one of is is obviously not understanding something. Probably it's me.

Using Regedit: I'm sitting at my local machine, logged on under my network
account. I pull up regedit, click Registyr/Connect Network Registry, and type
in the remote server name. At this point, I can see the HKLM hive, but I get
an error when I try to open it.

Programmatically: Running an app on my local machine, I succeed when calling
RegistryKey.OpenRemoteBaseKey, but fail when calling OpenSubKey.

So... I don't understand where the local accounts come into play (unless
you're talking about the LOCAL SERVICE account).

"Willy Denoyette [MVP]" wrote:

> A local admin cannot be admin on two different machines unless it's a shadow
> account, that is the credentials (account/password) are the same. Is this
> the case?
>
>
> Willy.
>
> "Kevin Swanson" <kevinswanson@xxxxxxxxxxxxx> wrote in message
> news:DFC2B809-7D91-4970-8436-EA456A6FF3DC@xxxxxxxxxxxxxxxx
> > yeah... I'm an admin on both machines.
> >
> > "Willy Denoyette [MVP]" wrote:
> >
> >>
> >> "Kevin Swanson" <kevinswanson@xxxxxxxxxxxxx> wrote in message
> >> news:2F1B9F00-D13A-4FF5-8C0D-C21F515F1C5C@xxxxxxxxxxxxxxxx
> >> > I'm attempting some remote registry manipulation via C#. I've written a
> >> > test
> >> > app to simply grab a specified key from a specified hive on a specified
> >> > machine. The call to OpenSubKey is throwing System.SecurityException.
> >> >
> >> > Also of note: Sitting at my local box, I can open regedit and connect
> >> > to
> >> > the
> >> > remote registry. I see three hives: _CLASSES_ROOT, _LOCAL_MACHINE, and
> >> > _USERS. I can open all but HKEY_LOCAL_MACHINE. When I try to expand
> >> > that
> >> > one,
> >> > I get a simple error message that tells me almost nothing.
> >> >
> >> > So I'm fairly certain I'm running up against some kind of permissions
> >> > issue.
> >> > This is a dev server, but I still don't want to go mucking around too
> >> > much
> >> > without knowing what I'm doing. Via Terminal Services, I added LOCAL
> >> > SERVICE
> >> > to HKEY_LOCAL_MACHINE and a few sub keys. That didn't help. I also
> >> > found
> >> > two
> >> > interesting entries in the Local Security Polcy: Remotely accessible
> >> > registry
> >> > paths and Remotely accesible registry paths and sub-paths. I didn't
> >> > mess
> >> > around with those much, but I did notice that there's no hive on any of
> >> > the
> >> > entries, and it doesn't LOOK like all of the paths I can see connecting
> >> > remotely via regedit are in those lists (but I could be wrong).
> >> >
> >> > So what's the magic formula for accessing these keys remotely? And are
> >> > some
> >> > of them tied down by default? I don't think anyone here specifically
> >> > decided
> >> > to make the local_machine hive inaccessible remotely...
> >> >
> >> > Here's some details:
> >> > My Machine: Windows 2000 Professional
> >> > Remote Machine: Windows 2003 Server
> >> > I'm an admin on both machines...
> >> >
> >> > Just for fun, here's a code sample:
> >> >
> >> > public static RegistryKey GetKey(RegistryHive hive, string key, string
> >> > server)
> >> > {
> >> > RegistryKey parentKey;
> >> > RegistryKey returnKey = null;
> >> >
> >> > if (server == null || server.Length == 0)
> >> > {
> >> > server = string.Empty;
> >> > }
> >> >
> >> > parentKey = RegistryKey.OpenRemoteBaseKey(hive, server);
> >> >
> >> >
> >> > if (parentKey != null)
> >> > {
> >> > try
> >> > {
> >> > // THE LINE BELOW THROWS
> >> > //
> >> > System.SecurityException
> >> >
> >> > returnKey = parentKey.OpenSubKey(key, true);
> >> > }
> >> > catch(Exception exception)
> >> > {
> >> > // handle the exception!
> >> > returnKey = null;
> >> > }
> >> >
> >> > }
> >> >
> >> > return returnKey;
> >> > }
> >> >
> >>
> >> You need to be an admininistrator on the remote machine for this to work.
> >>
> >> Willy.
> >>
> >>
> >>
>
>
>
.

Relevant Pages

  • Re: Trusted SQL Connections & NT AUTHORITYNETWORK SERVICE
    ... SYSTEM account in terms of the credentials it uses on the network. ... hitting a SQL Server on the same machine as the web app. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Problem: No Network Connections under Guest Account
    ... The Guest Account on my other computer seems to ... Sounds like you might have more of an issue with your network than with the ... network connection settings. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: ATTN : Microsoft - Security Event 529....Second Request for help....
    ... According to the events, the logon ... failure is from the local machine account. ... disconnected from the network. ... Security Event ID 529 is a failure audit for logon/logoff. ...
    (microsoft.public.windows.server.sbs)
  • Re: Problem: No Network Connections under Guest Account
    ... The Guest Account on my other computer seems to ... Sounds like you might have more of an issue with your network than with the ... network connection settings. ...
    (microsoft.public.windowsxp.security_admin)
  • RE: Writing to a network share
    ... probably running into the "double hop" issue, where impersonation will not work across two network hops. ... An unhandled exception occurred during the execution of the current web request. ... Highlight the ASP.NET account, and check the boxes for the desired access. ... I've changed machine.config process model to the SYSTEM account. ...
    (microsoft.public.dotnet.security)