Re: Registry Permissions on Win2K and XP Servers
From: Bob Butler (tiredofit_at_nospam.com)
Date: 06/21/04
- Next message: MikeD: "Re: Registry Permissions on Win2K and XP Servers"
- Previous message: MikeD: "Re: Read HD serial Number"
- In reply to: wxforecaster: "Registry Permissions on Win2K and XP Servers"
- Next in thread: MikeD: "Re: Registry Permissions on Win2K and XP Servers"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 21 Jun 2004 07:52:01 -0700
"wxforecaster" <Evan.Bookbinder@noaa.gov> wrote in message
news:ujGHXv5VEHA.1888@TK2MSFTNGP11.phx.gbl
> BACKGROUND:
>
> I think I'm fighting a losing battle here, but I'm having a problem
> that seems to be specific to Win2K and XP servers and I'm not sure if
> this a programmatic issue or an administrative one.
>
> For years, I've been using the HKEY_LOCAL_MACHINE/Software registry to
> store program related settings. Everything I've read says this is the
> correct place for such settings and it seems that most programs
> installed on various machines of all Windows operating systems concur.
That's the correct place for system-wide settings that are not
user-configurable except by system administrators.
HKEY_CURRENT_USER\Software normally has permissions set for any user.
> To handle my registry tasks, I've been using the cRegistry class on
> vbaccelator.com for several years, with great success on standard
> single machine systems.
>
> PROBLEM:
>
> Despite setting READ & WRITE permission flags in the RegCreateKeyEx
> API call, I get write access denied error when initially generating
> the keys used in my software on Win2K and WinXP servers.
The flags you are setting are the access rights you are requesting when you
open the key. They are not the permissions to set on the keys. Permissions
are usually inherited from the parent key and if you have rights you can use
other API calls to change those permissions. When you call RegCreateKeyEx
and pass in the READ/WRITE flags all you are saying is that if you have the
rights to create/open the specified key you want to get back a handle to it
which will let you issue both read and write requests. The actual
permissions on the key created are inherited from the next level up.
> On every
> single machine and setup I've seen, I can go into regedit and see
> that the Power Users or whoever do not have the correct permissions,
> while the software only functions correctly for the administrator
> that installed it. Giving these users full control over that folder
> fixes the problem, but I've had a number of administrators
> (rightfully so) say "why should I have to edit the registry to allow
> your program to work? I don't have problems with other programs".
Because those other programs may set specific permissions on keys they
create.
> What am I doing wrong here? Why do these servers by default prevent
> access to the registry folders where I've been told is the place to
> put program related settings? the cRegistry class assigns a
> KEY_ALL_ACCESS flag as a default. I tried changing this to KEY_READ
> or KEY_WRITE with no change.
You can either add code to set permissions or change your app to use
HKEY_CURRENT_USER instead (perhaps write defaults to HKEY_LOCAL_MACHINE and
copy them to the user-specific entries when the user first runs the app)
You can also dump the idea of the registry and use an INI file, an XML file,
a database table or whatever. IMO the registry is the *worst* place for
application-specific settings and almost any other solution is better. The
registry is a public database (which means it is no place for private data)
and is a single point of failure in the system.
-- Reply to the group so all can participate VB.Net... just say "No"
- Next message: MikeD: "Re: Registry Permissions on Win2K and XP Servers"
- Previous message: MikeD: "Re: Read HD serial Number"
- In reply to: wxforecaster: "Registry Permissions on Win2K and XP Servers"
- Next in thread: MikeD: "Re: Registry Permissions on Win2K and XP Servers"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
