Re: Registry ACL Modification

You need to set up the permissions in the installation program, which you
have to run with elevated privileges (e.g. MSI). Once a user does not have
permissions, then he really does not have them and security means that there
is absolutely no way he can obtain them. The KB article shows how to edit
DACLs, it doesn't "hack" around the security.

You say you "know it can be done". Assuming you really can do it, I would
suggest that you open a high priority security defect with Microsoft.

It is rather unusual for HKEY_CURRENT_USER to be locked down. Normally,
HKEY_CURRENT_USER is readily accessible, as it's where user-specific
settings are saved. You may wish to talk to your system administrators about
this.

"Capp" <Capp@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:BAAC0D4C-906D-4E2A-BAAB-778C3147B90C@xxxxxxxxxxxxxxxx
>I hope this is in the right area...if not I apologize.
>
> I wrote an app that needs to add a few small strings in the registry. The
> problem is, when run under the standard "user" rights, I do not have
> access
> to add/remove/modify anything in the registry. It needs to add a few
> values
> into HKEY_CURRENT_USER... but says I do not have access. I found a
> Microsoft
> article on modifying the ACL of the registry using the "SetPerm.bas" file
> you
> can download. I have downloaded it and tried it, but I am afraid that I'm
> an
> idiot when it comes to this. This app is only going to be used on NT based
> systems. Here is the article I mentioned:
> http://support.microsoft.com/default.aspx?scid=kb;en-us;316440.
>
> My question is this......what method should I use to safetly add values to
> the registry for the current logged on user via code, when it says I don't
> have access?
>
> I know it can be done, but I'd prefer not to do the "hack" way by blowing
> out the permissions and redoing it.
>
> Thank You for your help :)
>


.

Relevant Pages

  • [NT] Exchange 2000 System Attendant Incorrectly Sets Remote Registry Permissions
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Microsoft Management Console snap in, the System Attendant makes ... changes to the permissions on the Windows Registry to allow Exchange ... There is a flaw in how the System Attendant makes these Registry ...
    (Securiteam)
  • Re: Granting write access to HKLM
    ... hive into a registry key under HKEY_USER, ... I want to change the permissions of a registry ... >> permissions for a specific principal, rather we initialize the security ... >> principals, see the MSDN docs, starting with SetSecurityDescriptorDacl ...
    (microsoft.public.vc.mfc)
  • Re: trojan has infected my laptop my laptop
    ... Download SYSCLEAN.COM and place it in that directory. ... the process's window in my task manage is completely greyed out... ... will not pull so i can look at the registry settings... ... | Description:General Windows Security Issue. ...
    (microsoft.public.windowsupdate)
  • Re: Certificate store access permissions
    ... - configuring every clients' CAS ... e.g. this "Run Once" registry key scanner: ... With default permissions given to ... the ActiveX throws a security error exception. ...
    (microsoft.public.dotnet.security)
  • Re: Permissions
    ... >> the server machine I get an error. ... >> permissions to read the registry. ... because frankly M$ has been monkeying around with security over the last ...
    (microsoft.public.dotnet.languages.csharp)