Re: Set Registry Remotely as non-administrator

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance


"alan" <alan@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:03277CBC-7918-47AB-B864-FEEE8EFBF256@xxxxxxxxxxxxxxxx

"Al Mulnick" wrote:
Help me understand the problem you need to solve (that you have an answer
for already, I know) and maybe there are some other ways that people can
steer you. But allowing a non-administrator to write to the registry
seems a
strange way to blow your toes off. Potentially anyway.

What a horrible response to a question.

No, it is in many cases one of the very best things some one can offer
and ask.

Many people ask the "wrong question" through inexperience or
misunderstanding when they think they have a way to solve their
real problem they ask about the METHOD rather than solving
the "real problem."

Frequently the "method" is either insoluable or just a terrible idea
but the real problem is relatively easy.

Usually the "real problem" has been asked and answered many
times as well -- so many people may know various ways to
approach or even solve it.

I have the same problem. We have software that used to work fine before
all
the windows security started breaking our programs.

At what point did it start giving trouble? Be very specific about that and
about what you mean when you say "windows security started breaking
our programs".

We have the same situation withour program. We are not specfically
allowing
a user to write to the registry but the program needs to because the
program
has its own security measures that need to be written and read there.

Programs run under the credentials of SOME user so does the program
run as a regular user or a special one such as an admin or service account?

IF it runs as a regularly user then that user or any virus inhabiting that
users processes could do the same....

Is there a way to allow this for non-administrator users? or do we need to
expose our security by simply writing to files instead of the registry?

Yes. The registry is secure with ACLs (access controlled lists), commonly
called 'permissions', which are almost exactly analogous to NTFS file and
directory permissions.

BUT Registry ACL (permissions) are MUCH more difficult to modify without
making a system unusable on one extreme and very insecure on the other.


--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)


.

Relevant Pages

  • Re: Misspelled Registration Name
    ... "Avery" wrote in message ... The name in User accounts ... | irritating but not a real problem. ... I am guessing it is a Registry problem/fix. ...
    (microsoft.public.windowsxp.general)
  • Re: Active Directory domain policy not available - Windows cannot access the registry information (5
    ... shuffling the registry around as a result. ... >What share permissions did you change? ... >SYSVOL and NETLOGON shares aren't accessible. ... >the domain controller is changed but the DNS still points to the old IP ...
    (microsoft.public.backoffice.smallbiz2000)
  • Re: OT: Win 7 comments
    ... I had to edit the Registry. ... This is right up there with repairing permissions, ... That's odd, consider how some of you guys bring the same habits to Windows, ... I will wait for some apps to crash. ...
    (comp.sys.mac.advocacy)
  • Re: ISA 2004 - Disk activity after SP1 or 2 installation
    ... configurations into the registry. ... permissions to the key and the sub keys: ... This newsgroup only focuses on SBS technical issues. ... you may want to contact Microsoft CSS directly. ...
    (microsoft.public.windows.server.sbs)
  • Re: How do I make registry changes stick?
    ... MS-MVP Windows Shell/User ... I found that the permissions for the key were and on the ... In the Registry Editor, right click.. ... To assign permissions to a registry key ...
    (microsoft.public.windowsxp.perform_maintain)