Solved

RegSetKeySecurity() do not work

Posted on 1997-06-16
5
833 Views
Last Modified: 2013-12-03
I have problems with using RegSetKeySecurity().
I'm doing following:

1) constructing security decriptor.
   Everyone KEY_READ
   MyGroup KEY_READ | KEY_WRITE
   MyAdmGroup KEY_ALL_ACCESS
   SYSTEM  KEY_ALL_ACCESS
2) call RegOpenKeyEx() with KEY_ALL_ACCESS. Key is
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\+
   Services\serviceName\Parameters
3) Setting only DACL with RegSetKeySecurity()
4) Closing key with RegCloseKey()

The are no errors are returned from these API calls.
But DACL of registry of key is not changed.

I can change DACL of key with regedt32 program.

The question is how to change DACL of registry
key in the way that works.

I'm using NT 4.0 SP3. MS Visual C++ 4.2.
0
Comment
Question by:const
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 

Author Comment

by:const
ID: 1398398
Edited text of question
0
 
LVL 15

Expert Comment

by:NickRepin
ID: 1398399
Can you post your source code?
0
 
LVL 15

Accepted Solution

by:
NickRepin earned 150 total points
ID: 1398400
Make sure you do something like this:

#include <windows.h>
#include <iostream.h>

void main(void)
{
    // Open the key for WRITE_DAC access
    HKEY hKey;
    if(RegOpenKeyEx(HKEY_LOCAL_MACHINE,"SOFTWARE\\Nick",0,WRITE_DAC,&hKey)
         !=ERROR_SUCCESS) {
       cout<<"Cannot open the key"<<endl;
       return;
    }

    // Make the SIDs
    SID_IDENTIFIER_AUTHORITY sia=SECURITY_NT_AUTHORITY;
    PSID guestSid,admSid;
    if(!AllocateAndInitializeSid(&sia,2,
           SECURITY_BUILTIN_DOMAIN_RID,
           DOMAIN_ALIAS_RID_GUESTS,
           0, 0, 0, 0, 0, 0,
           &guestSid)) {
        cout<<"AllocateAndInitializeSid error"<<endl;
        return;
    }
    if(!AllocateAndInitializeSid(&sia,2,
           SECURITY_BUILTIN_DOMAIN_RID,
           DOMAIN_ALIAS_RID_ADMINS,
           0, 0, 0, 0, 0, 0,
           &admSid)) {
        cout<<"AllocateAndInitializeSid error"<<endl;
        return;
    }

    // Alloc DACL
    DWORD dwDaclSize=sizeof(ACL)+ 2*(sizeof(ACCESS_ALLOWED_ACE)-sizeof(DWORD))+
        GetLengthSid(guestSid)+GetLengthSid(admSid) ;

    PACL dacl=PACL(malloc(dwDaclSize));
    if(dacl==NULL) {
       cout<<"No memory"<<endl;
       return;
    }
    if(!InitializeAcl(dacl,dwDaclSize,ACL_REVISION)) {
        cout<<"InitializeAcl error"<<endl;
        return;
    }

    // Grant privileges
    if(!AddAccessAllowedAce(dacl,ACL_REVISION,KEY_READ,guestSid)) {
        cout<<"AddAccessAllowedAce failed"<<endl;
        return;
    }
    if(!AddAccessAllowedAce(dacl,ACL_REVISION,KEY_WRITE,admSid)) {
        cout<<"AddAccessAllowedAce failed"<<endl;
        return;
    }

    // Create security descriptor
    SECURITY_DESCRIPTOR sd;
    if(!InitializeSecurityDescriptor(&sd,SECURITY_DESCRIPTOR_REVISION)) {
        cout<<"InitializeSecurityDescriptor failed"<<endl;
        return;
    }

    if(!SetSecurityDescriptorDacl(&sd,TRUE,dacl,FALSE)) {
        cout<<"SetSecurityDescriptor failed"<<endl;
        return;
    }

    // Change key security
    if(RegSetKeySecurity(hKey,(SECURITY_INFORMATION)DACL_SECURITY_INFORMATION,&sd)
          != ERROR_SUCCESS) {
        cout<<"RegSetKeySecurity failed"<<endl;
        return;
    }

    RegCloseKey(hKey);
    RegCloseKey(HKEY_LOCAL_MACHINE);

    free(dacl);
    FreeSid(guestSid);
    FreeSid(admSid);
}


0
 

Author Comment

by:const
ID: 1398401
I found the problem. The problem was misspelling key name :-(.
And it hit key from previous experements and changed security
on it correctly :-). I've found it when comparing you sources with my, so you program helped anyway.

My program is doing exactly what do you recomend.
Except  
a) "RegCloseKey(HKEY_LOCAL_MACHINE);" was not called.
   Why do you call it?
b) I'm getting SID using LookupName().

0
 
LVL 15

Expert Comment

by:NickRepin
ID: 1398402
a) I have seen some microsoft samples, and there are RegCloseKey(<SecurityChangedKey>); RegCloseKey(HKEY_...) statements in their cleanup code.
On the other hand, SDK reference for RegSetKeySecurity says: 'If hKey is one of the predefined keys, the predefined key should be closed with RegCloseKey. That ensures that the new security information is in effect the next time the predefined key is referenced.'
So, I think, may be it's useful. May be, it's useless.
b) no matter how to get SID.
0

Featured Post

Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes a technique for converting RTF (Rich Text Format) data to HTML and provides C++ source that does it all in just a few lines of code. Although RTF is coming to be considered a "legacy" format, it is still in common use... po…
After several hours of googling I could not gather any information on this topic. There are several ways of controlling the USB port connected to any storage device. The best example of that is by changing the registry value of "HKEY_LOCAL_MACHINE\S…
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question