Re: RegSetKeySecurity - how to change a registry key to read access only
- From: "Martin Ortiz" <martinortiz@xxxxxxxxxxxxx>
- Date: Fri, 8 Apr 2005 12:12:02 -0700
Let's backtrack a sec...
Right now, I have code that uses the functions....
AllocateAndInitializeSid, InitializeAcl, AddAccessAllowedAce,
InitializeSecurityDescriptor, SetSecurityDescriptorDacl (the whole hideous
confusing bunch)
and of course ::RegSetKeySecurity(hKey, (SECURITY_INFORMATION)
DACL_SECURITY_INFORMATION, &SecDesc);
So, right now I have working code that changes the particular registry entry
to be read only, it works, that's fine...
So now if me or anybody else tries to open up the registry hkey for reading,
that will be fine, but if they try to do so for writing it will
fail....well, so far, so good...
The problem is, there is no way to prevent the changing back of the security
of the registry hkey back to write access again, so what is the point of the
security?
These are for all intents, "public" keys, I want them to be readable but not
changeable, if they were my own private keys, they of course the simplest
and easiest solution would just be to encrypt them.
Logging on and/or off with admin privileges is not the answer (since
everybody has admin rights)....
Basically, I'm asking, can I lock the access rights with let's call it a
"key" (again, I'm not talking about encryption, but access rights), where
only people with the "key" can unlock, and change the access rights of said
registry entry back to write access again. Is this even doable?
"Tom Alter" <Lord2702@xxxxxxx> wrote in message
news:OrvuVp$OFHA.1932@xxxxxxxxxxxxxxxxxxxxxxx
> Use this function when you have Administrator rights, once changed and put
> your security
> bits in the key, logout and then log-in with different user, and try
> changing it. :-;)
> I am just giving you a hint.
>
>
> "Martin Ortiz" <martinortiz@xxxxxxxxxxxxx> wrote in message
> news:%23yKw6K6OFHA.688@xxxxxxxxxxxxxxxxxxxxxxx
>> I know how to use RegSetKeySecurity, to change a registry keys access to
>> read only but is there a way to change to read only, where only I can
>> change
>> it back to read/write?
>>
>> Kinda like a password, you can read, but you can only write if you have
>> correct "password" (note: I can't encryt the key, which it sounds like
>> what
>> I'm asking, it's not)
>>
>>
>> Is there a way to use AllocateAndInitializeSid to do this? It has 8 slots
>> for sub authorities....is there a way to just authorize access with sub
>> authorities so that only if you
>> use same ones again to change access right, can you have write access
>> rights
>> again...?
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
>
.
- References:
- RegSetKeySecurity - how to change a registry key to read access only
- From: Martin Ortiz
- Re: RegSetKeySecurity - how to change a registry key to read access only
- From: Tom Alter
- RegSetKeySecurity - how to change a registry key to read access only
- Prev by Date: RE: How to write a COM object which can be refered in C# .NET prj?
- Next by Date: Re: CSocket, best way to wait for a reply?
- Previous by thread: Re: RegSetKeySecurity - how to change a registry key to read access only
- Next by thread: Font size
- Index(es):
Relevant Pages
|
