Solved

Modifying Registry Security

Posted on 1997-08-07
7
280 Views
Last Modified: 2012-06-21
I am writing an app in vc 5.0 which will update a NT 4.0 registry key. The registry key has Administrator as the owner, SYSTEM has FULL CONTROL and everyone has READ access.  
I looked at RegSetSecurityKey but could not figure out how to get ownership privilege to update the key. This application will be run by Administrator. Please elaborate your answer.
0
Comment
Question by:mnyeu
  • 4
  • 3
7 Comments
 

Author Comment

by:mnyeu
ID: 1166965
Edited text of question
0
 

Author Comment

by:mnyeu
ID: 1166966
Adjusted points to 200
0
 

Expert Comment

by:craven080297
ID: 1166967
Hello,
first you have to be conscious that you need at least a "sight" on the registry key, in order to get its handle, using, as usual the RegOpenKeyEx(YOUR_ROOT, "Key Name", 0, WRITE_OWNER, &hKey) command. This will return handle in hKey.
You then have to call RegSetSecurityKey(hKey, OWNER_SECURITY_INFORMATION, &Descript). Descript is a PSECURITY_DESCRIPTOR object, initialized via InitializeSecurityDescriptor() and SetSecurityDescriptorOwner().
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 

Author Comment

by:mnyeu
ID: 1166968
Well, I have tried that before.  The problem was I could not open the key with WRITE_OWNER options although I have administrative privilege. That is core of the problem. It is a reg key to which SYSTEM has FULL CONTROL and EVERYONE have READ access. The question is how to open it with WRITE_OWNER option? If you can
anwser this question, you get the points.
0
 

Expert Comment

by:craven080297
ID: 1166969
Wel, I have a few ideas, such as SetSecurityDescriptorDacl() and ~Owner(), after having called AdjustTokenPrivileges() using SE_PRIVILEGE_ENABLED and so on, halas I do not manage to get denied access on any element of my own registry :-S
If you see what I mean just try it, it should allow you to get WRITE_OWNER even if not allowed. It seems AdjustTokenPrivileges() should do the job...
0
 

Accepted Solution

by:
craven080297 earned 200 total points
ID: 1166970
Er, let me add this: correct syntax for AdjustTokenPrivileges() sould be:
AdjustTokenPrivileges(tokHandle, FALSE, &tokPriv, sizeof( tokPriv ), NULL, NULL );
Getting topPriv value:
LookupPrivilegeValue( NULL, "SeTakeOwnershipPrivilege", &ownValue); then filling in TOKEN_PRIVILEGES struct called topPriv.
0
 

Author Comment

by:mnyeu
ID: 1166971
I have found out that even if you can open a registry with WRITE_OWNER privilege, you can not modify it.  You need to have KEY_WRITE access, and I could not find out how.  However, I have promised to give you full point for WRITE_OWNER privilege. So you have it. Thanks anyway.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Templates For Beginners Or How To Encourage The Compiler To Work For You Introduction This tutorial is targeted at the reader who is, perhaps, familiar with the basics of C++ but would prefer a little slower introduction to the more ad…
C++ Properties One feature missing from standard C++ that you will find in many other Object Oriented Programming languages is something called a Property (http://www.experts-exchange.com/Programming/Languages/CPP/A_3912-Object-Properties-in-C.ht…
The viewer will learn how to user default arguments when defining functions. This method of defining functions will be contrasted with the non-default-argument of defining functions.
The viewer will be introduced to the technique of using vectors in C++. The video will cover how to define a vector, store values in the vector and retrieve data from the values stored in the vector.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now