Solved

[Q] Registry Access rights...

Posted on 2002-04-18
14
326 Views
Last Modified: 2013-12-03
Hi..

I want to know how to change registry access rights in Windows XP...

I create some keys in HKEY_LOCAL_MACHINES, my account is administrator.

I Change my account which is not administrator..

So I can't modify some values in HKEY_LOCAL_MACHINES,

because I don't have access rights in HKEY_LOCAL_MACHINES..

If I want to access, I have to run REGEDIT,

and then I append writing access right..

However I don't want to use REGEDIT...

I change access right programmably..

How can I do???

0
Comment
Question by:jaeb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
14 Comments
 
LVL 32

Accepted Solution

by:
jhance earned 100 total points
ID: 6950126
REGEDIT has no capability to change the settings of registry security, so even if you wanted to use to do that you could not.  REGEDT32.EXE is needed to change security.

To do it programmatically, you use the RegSetKeySecurity() function.

0
 

Author Comment

by:jaeb
ID: 6950202
I can change security change using REGEDIT in windows XP.

What I want to know is how to do programmatically...

I already tried to test using RegSetKeySecurity().

But This don't work...

A below is my code.
-------------------
     HKEY hKey;
     SECURITY_DESCRIPTOR SecurityDescriptor;

     if(RegOpenKeyEx(HKEY_LOCAL_MACHINE,"SOFTWARE\\DnM Technology\\SV",0,WRITE_DAC ,&hKey) != ERROR_SUCCESS)
          ::MessageBox(NULL, "Error1", "as", MB_OK);
     if(RegSetKeySecurity(hKey,DACL_SECURITY_INFORMATION, &SecurityDescriptor) != ERROR_SUCCESS)
          ::MessageBox(NULL, "Error2", "as", MB_OK);
     RegCloseKey(hKey);    
-------------------------

I saw Error2 messagebox...

How can I use RegSetKeySecurity()?

0
 
LVL 86

Assisted Solution

by:jkr
jkr earned 100 total points
ID: 6950341
Well, use the following code:

   #define SD_SIZE (65536 + SECURITY_DESCRIPTOR_MIN_LENGTH)

   BOOL AddAccessRights(HKEY hKey, PSID pSID,      DWORD dwAcessMask)
   {

      //  SD variables.

      UCHAR          ucSDbuf[SD_SIZE];
      PSECURITY_DESCRIPTOR pSD=(PSECURITY_DESCRIPTOR)ucSDbuf;
      DWORD          dwSDLengthNeeded      =      SD_SIZE;

      // ACL variables.

      PACL           pACL;
      BOOL           bDaclPresent;
      BOOL           bDaclDefaulted;
      ACL_SIZE_INFORMATION AclInfo;

      // New ACL variables.

      PACL           pNewACL;
      DWORD          dwNewACLSize;

      // New SD variables.

      UCHAR                NewSD[SECURITY_DESCRIPTOR_MIN_LENGTH];
      PSECURITY_DESCRIPTOR psdNewSD=(PSECURITY_DESCRIPTOR)NewSD;

      // Temporary ACE.

      PVOID          pTempAce;
      UINT           CurrentAceIndex;

      // STEP 2: Get SID (parameter).

      // STEP 3: Get security descriptor (SD) for key.

      if(ERROR_SUCCESS!=RegGetKeySecurity(hKey,
                    (SECURITY_INFORMATION)(DACL_SECURITY_INFORMATION),
                    pSD,
                    &dwSDLengthNeeded))
      {
         printf("Error %d:RegGetKeySecurity\n",GetLastError());
         return(FALSE);
      }

      // STEP 4: Initialize new SD.

      if(!InitializeSecurityDescriptor
         (psdNewSD,SECURITY_DESCRIPTOR_REVISION))
      {
         printf("Error %d:InitializeSecurityDescriptor\n",GetLastError());
         return(FALSE);
      }

      // STEP 5: Get DACL from SD.

      if (!GetSecurityDescriptorDacl(pSD,
                       &bDaclPresent,
                       &pACL,
                       &bDaclDefaulted))
      {
         printf("Error %d:GetSecurityDescriptorDacl\n",GetLastError());
         return(FALSE);
      }

      // STEP 6: Get key ACL size information.

      if(!GetAclInformation(pACL,&AclInfo,sizeof(ACL_SIZE_INFORMATION),
         AclSizeInformation))
      {
         printf("Error %d:GetAclInformation\n",GetLastError());
         return(FALSE);
      }

      // STEP 7: Compute size needed for the new ACL.

      dwNewACLSize = AclInfo.AclBytesInUse +
                     sizeof(ACCESS_ALLOWED_ACE) +
                     GetLengthSid(pSID) - sizeof(DWORD);

      // STEP 8: Allocate memory for new ACL.

      pNewACL = (PACL)LocalAlloc(LPTR, dwNewACLSize);

      // STEP 9: Initialize the new ACL.

      if(!InitializeAcl(pNewACL, dwNewACLSize, ACL_REVISION2))
      {
         printf("Error %d:InitializeAcl\n",GetLastError());
         LocalFree((HLOCAL) pNewACL);
         return(FALSE);
      }

      // STEP 10: If DACL is present, copy it to a new DACL.

      if(bDaclPresent)  // Only copy if DACL was present.
      {
         // STEP 11: Copy the file's ACEs to our new ACL.

         if(AclInfo.AceCount)
         {

                  for(CurrentAceIndex = 0; CurrentAceIndex < AclInfo.AceCount;
               CurrentAceIndex++)
            {
               // STEP 12: Get an ACE.

               if(!GetAce(pACL,CurrentAceIndex,&pTempAce))
               {
                 printf("Error %d: GetAce\n",GetLastError());
                 LocalFree((HLOCAL) pNewACL);
                 return(FALSE);
               }

                // STEP 13: Add the ACE to the new ACL.

               if(!AddAce(pNewACL, ACL_REVISION, MAXDWORD, pTempAce,
                  ((PACE_HEADER)pTempAce)->AceSize))
               {
                  printf("Error %d:AddAce\n",GetLastError());
                  LocalFree((HLOCAL) pNewACL);
                  return(FALSE);
               }

             }
         }
      }

      // STEP 14: Add the access-allowed ACE to the new DACL.

//      if(!AddAccessAllowedAce(pNewACL,ACL_REVISION2,dwAcessMask, pSID))
      if(!AddAccessAllowedAce(pNewACL,ACL_REVISION,dwAcessMask, pSID))
      {
         printf("Error %d:AddAccessAllowedAce",GetLastError());
         LocalFree((HLOCAL) pNewACL);
         return(FALSE);
      }

      // STEP 15: Set our new DACL to the file SD.

      if (!SetSecurityDescriptorDacl(psdNewSD,
                        TRUE,
                        pNewACL,
                        FALSE))
      {
         printf("Error %d:SetSecurityDescriptorDacl",GetLastError());
         LocalFree((HLOCAL) pNewACL);
         return(FALSE);
      }

      // STEP 16: Set the SD to the File.

      if (ERROR_SUCCESS!=RegSetKeySecurity(hKey, DACL_SECURITY_INFORMATION,psdNewSD))
      {
         printf("Error %d:RegSetKeySecurity\n",GetLastError());
         LocalFree((HLOCAL) pNewACL);
         return(FALSE);
      }

      // STEP 17: Free the memory allocated for the new ACL.

      LocalFree((HLOCAL) pNewACL);
      return(TRUE);
   }

and call it like

    SECURITY_DESCRIPTOR         sd;
    PSID                        psidWorldSid;
    SID_IDENTIFIER_AUTHORITY    siaWorldSidAuthority    =   SECURITY_WORLD_SID_AUTHORITY;

    psidWorldSid    =   ( PSID) LocalAlloc  (   LPTR,
                                                GetSidLengthRequired    (   1)
                                            );

    InitializeSid   (   psidWorldSid,   &siaWorldSidAuthority,  1);

    *(  GetSidSubAuthority  (   psidWorldSid,   0)) =   SECURITY_WORLD_RID;

    AddAccessRights ( hRegKey, psidWorldSid, &sd);
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:jaeb
ID: 6952289
jkr, Do above code work well in Windows XP????

I tested your code, but it doesn't work...

Administrator account executes the code,

and then I switch user to limited user account.

And I modified the registry value,

But a error message appears,

the message is I can't change registry value...

I'm using Windows XP professional, VC++ 6.0.
0
 
LVL 86

Expert Comment

by:jkr
ID: 6952294
Don't know about XP, but it should work on W2k/NT...
0
 
LVL 32

Expert Comment

by:jhance
ID: 6953174
In this case, Win2000 == WinXP == WinNT.  They all share the same thing w.r.t. registry security.

I think your problem is that you are missing the point that in order to CHANGE SECURITY you must be AUTHORIZED to change it, regardless of whether or not it is from REGEDT32 or from a program.

If your user account lacks rights on a registry object to change that object's security, no amount of trying or programming will change that.

Either give your user account the privilege it needs or change the security on the object (from a privileged account) to permit your user account to modify the object's security.
0
 

Author Comment

by:jaeb
ID: 6955802
I use 2 accounts.

One is miru.

Two is jaeb.

miru and administrator have same privilege...

jae is limited user.

I want to change registry value using two accounts..

firstly using miru, everything is OK.

However using jaeb, I can't change registry value...

so I log on miru then I execute above execute program.

and I switch user from miru to jaeb.

Now My account is jaeb.

If jaeb try to change registry, a error message appears.

If I use REGEDT32 or REGEDIT to change access permission,

miru and jaeb can change registry values..

But using my program(it is execute file of aboce code),

jaeb can't change...

In my opinion, miru is enough privileged account.

So miru may change access rights about registry...

0
 

Author Comment

by:jaeb
ID: 6958636
If I execute REGEDT32 after executin my program,

jaeb can change registry value..

But If I don't execute REGEDT32,

jaeb can't change value....

I don't want to execute REGEDT32.

How can I do that?
0
 
LVL 86

Expert Comment

by:jkr
ID: 6958640
I use the above snippet to adjust the registry rights on NT/W2k during an InstallShield setup, and it works for me...
0
 

Author Comment

by:jaeb
ID: 6958684
Can I adjust registry right in InstallShield???

How Can I??

If it is possible, every problem will solve..

0
 
LVL 86

Expert Comment

by:jkr
ID: 10668372
This Q is answered
0

Featured Post

[Webinar] Learn How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes a technique for converting RTF (Rich Text Format) data to HTML and provides C++ source that does it all in just a few lines of code. Although RTF is coming to be considered a "legacy" format, it is still in common use... po…
For most people, the WrapPanel seems like a magic when they switch from WinForms to WPF. Most of us will think that the code that is used to write a control like that would be difficult. However, most of the work is done by the WPF engine, and the W…
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question