Re: HKEY_LOCAL_MACHINE Registry Access

Mind to explain how you authenticate as a W2K 'local' administrator when
accessing the remote registry while impersonating a W2K3 "local"
administrator?
Did you turn on Logon auditing on W2K and check who is failed to
authenticate and what privileges are requested during logon.

Willy.



"Neil Do" <NeilDo@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:69B6F413-B9A0-4DA5-A038-FC3AD5EB1365@xxxxxxxxxxxxxxxx
>I have a similar problem with accessing the remote registry on W2K SP4 from
> W2K3 SP1. My problem strictly exist only with W2K3 SP1. I don't get this
> problem with no service pack or when I access WXP. I always get "Access
> Denied" when I try to open a registry key on W2K from W2K3 SP1. I run as
> a
> web service on IIS under the IWAM account. I impersonate the local
> administrator on the W2K3 box and authenticate as the local administrator
> on
> the W2K box. I connect to the remote registry with no problems. I just
> can't open any keys as the local administrator on the W2K box. I have
> full
> permissions to the registry. I'm not sure why this only happens with W2K3
> SP1. I haven't solved my problem, yet. I found this knowledgebase pretty
> helpful. Appearly, Exchange Server 2003 also has a similar problem with a
> fix: http://support.microsoft.com/?id=841561. Unfortunately, the fix is
> application specific for Exchange Server 2003. I wish I can find more
> details on what they did to fix this problem.
>
>
>
> "Kevin Swanson" wrote:
>
>> I'm attempting some remote registry manipulation via C#. I've written a
>> test
>> app to simply grab a specified key from a specified hive on a specified
>> machine. The call to OpenSubKey is throwing System.SecurityException.
>>
>> Also of note: Sitting at my local box, I can open regedit and connect to
>> the
>> remote registry. I see three hives: _CLASSES_ROOT, _LOCAL_MACHINE, and
>> _USERS. I can open all but HKEY_LOCAL_MACHINE. When I try to expand that
>> one,
>> I get a simple error message that tells me almost nothing.
>>
>> So I'm fairly certain I'm running up against some kind of permissions
>> issue.
>> This is a dev server, but I still don't want to go mucking around too
>> much
>> without knowing what I'm doing. Via Terminal Services, I added LOCAL
>> SERVICE
>> to HKEY_LOCAL_MACHINE and a few sub keys. That didn't help. I also found
>> two
>> interesting entries in the Local Security Polcy: Remotely accessible
>> registry
>> paths and Remotely accesible registry paths and sub-paths. I didn't mess
>> around with those much, but I did notice that there's no hive on any of
>> the
>> entries, and it doesn't LOOK like all of the paths I can see connecting
>> remotely via regedit are in those lists (but I could be wrong).
>>
>> So what's the magic formula for accessing these keys remotely? And are
>> some
>> of them tied down by default? I don't think anyone here specifically
>> decided
>> to make the local_machine hive inaccessible remotely...
>>
>> Here's some details:
>> My Machine: Windows 2000 Professional
>> Remote Machine: Windows 2003 Server
>> I'm an admin on both machines...
>>
>> Just for fun, here's a code sample:
>>
>> public static RegistryKey GetKey(RegistryHive hive, string key, string
>> server)
>> {
>> RegistryKey parentKey;
>> RegistryKey returnKey = null;
>>
>> if (server == null || server.Length == 0)
>> {
>> server = string.Empty;
>> }
>>
>> parentKey = RegistryKey.OpenRemoteBaseKey(hive, server);
>>
>>
>> if (parentKey != null)
>> {
>> try
>> {
>> // THE LINE BELOW THROWS
>> //
>> System.SecurityException
>>
>> returnKey = parentKey.OpenSubKey(key, true);
>> }
>> catch(Exception exception)
>> {
>> // handle the exception!
>> returnKey = null;
>> }
>>
>> }
>>
>> return returnKey;
>> }
>>


.

Relevant Pages

  • Re: rebooting OK when locked out of computer?
    ... have remote access. ... I'm locked out of my server. ... >> which were administrator accounts, for the old IT guy, ... >> administrative password works to access folders on the ...
    (microsoft.public.win2000.security)
  • Re: Remote Server Administration (repost)
    ... regards to access rights, wouldn't Administrator account ... >Remote desktop users ... >Check Allow logon to terminal server ... (even if I log in as Administrator). ...
    (microsoft.public.windows.server.sbs)
  • Re: ActiveX is installed but runs only for Administrator
    ... My application runs only for the Administrator who installed the ... Some applications create HKEY_CURRENT_USER registry settings the ... installation, and WHILE THE SERVER IS STILL IN INSTALL MODE. ...
    (microsoft.public.windows.terminal_services)
  • Re: Remote access to SBS2003
    ... You mean for remotely administering the server, ... if you log onto RWW as an Administrator - you will have access to server ... > desktop to the server I suppose using the remote server management icon on ... So how do I create a secure connection from ...
    (microsoft.public.windows.server.sbs)
  • Re: Administrator rights for legacy appliations
    ... I am not sure why these applications have to be run under administrator ... have the permission to access the registry key or system files. ... I would try to purchase a second server as soon as ...
    (microsoft.public.windows.terminal_services)
Quantcast