Modifying Registry Security

I am writing an app in vc 5.0 which will update a NT 4.0 registry key. The registry key has Administrator as the owner, SYSTEM has FULL CONTROL and everyone has READ access.  
I looked at RegSetSecurityKey but could not figure out how to get ownership privilege to update the key. This application will be run by Administrator. Please elaborate your answer.
mnyeuAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

mnyeuAuthor Commented:
Edited text of question
0
mnyeuAuthor Commented:
Adjusted points to 200
0
craven080297Commented:
Hello,
first you have to be conscious that you need at least a "sight" on the registry key, in order to get its handle, using, as usual the RegOpenKeyEx(YOUR_ROOT, "Key Name", 0, WRITE_OWNER, &hKey) command. This will return handle in hKey.
You then have to call RegSetSecurityKey(hKey, OWNER_SECURITY_INFORMATION, &Descript). Descript is a PSECURITY_DESCRIPTOR object, initialized via InitializeSecurityDescriptor() and SetSecurityDescriptorOwner().
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

mnyeuAuthor Commented:
Well, I have tried that before.  The problem was I could not open the key with WRITE_OWNER options although I have administrative privilege. That is core of the problem. It is a reg key to which SYSTEM has FULL CONTROL and EVERYONE have READ access. The question is how to open it with WRITE_OWNER option? If you can
anwser this question, you get the points.
0
craven080297Commented:
Wel, I have a few ideas, such as SetSecurityDescriptorDacl() and ~Owner(), after having called AdjustTokenPrivileges() using SE_PRIVILEGE_ENABLED and so on, halas I do not manage to get denied access on any element of my own registry :-S
If you see what I mean just try it, it should allow you to get WRITE_OWNER even if not allowed. It seems AdjustTokenPrivileges() should do the job...
0
craven080297Commented:
Er, let me add this: correct syntax for AdjustTokenPrivileges() sould be:
AdjustTokenPrivileges(tokHandle, FALSE, &tokPriv, sizeof( tokPriv ), NULL, NULL );
Getting topPriv value:
LookupPrivilegeValue( NULL, "SeTakeOwnershipPrivilege", &ownValue); then filling in TOKEN_PRIVILEGES struct called topPriv.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mnyeuAuthor Commented:
I have found out that even if you can open a registry with WRITE_OWNER privilege, you can not modify it.  You need to have KEY_WRITE access, and I could not find out how.  However, I have promised to give you full point for WRITE_OWNER privilege. So you have it. Thanks anyway.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
C++

From novice to tech pro — start learning today.