Visual Basic - Load OCX (DLL) files manually to avoid Registry actions (Administrative Rights)

Posted on 2003-11-27
Last Modified: 2007-12-19
First, let me give you an idea of what we're trying to do

PROBLEM: We're working with a client to provide a product that will users to bypass Administrative Rights and use the software.

I'm presuming that their security structure is similar to Windows XP's "Limited Access" mode for assigning users... ie:

- Copy files/Create Folders
- Run files (ie: EXE)

- Copy files to "Program Files" or to System Folders (ie: Windows, System32)
- Write to user's registry

Our software requires some OCX files (ie: RichTX32.ocx, MSCAL.ocx, etc)

QUESTION:  Is it possible to load the OCX files within VB, so the files would not need to be copied to the System32 folder, not registered.

Question by:kirkhilles
  • 3
  • 3
  • 2
  • +1
LVL 14

Expert Comment

ID: 9832948
Try keeping the OCX in the same directory as your program. Could work..

Author Comment

ID: 9832960

Good thought, but I've already tried that with no luck.  When I try to run the application with the files in anywhere but the System32 folder, I get an error "Out of Memory"

I've also tried setting the PATH via command line, but that didn't work either.
LVL 14

Expert Comment

ID: 9832977
So your app does see the OCX but throws memory errors ? Do the OCX depend on other files ?
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.


Expert Comment

ID: 9833780
The location of OCX and DLL files is not important. It's no problem if they are outside the System32-folder.

However, because you can't register them, I think it will be impossible to use them. Because, when you register them, an entry is created in the registry with the name of you OCX/DLL, location (path) the ClassID (GUID) and so on.

So, I think it's impossible to use OCX and DLL files without registring them?

But, is there a possibility on these computers to execute a .reg-file? A .reg-file stores Register-Keys and when you double click on it, they are imported into the registry.

---------------------- Example of a registry File -> Try to execute it ----------------------

Windows Registry Editor Version 5.00

"MyValue"="My Value Data"

---------------------- Example of a registry File -> Try to execute it ----------------------

If you can, you could try to find all the registry-keys written to the registry when registering a DLL/OCX. If you store all these keys in a .reg-file and you can execute it, I think it will be the same as you would register it.

We use this method to install the Authorware WebPlayer Plugin. What we do, we copy first all the files to a folder (not WinNT, not Program Files). Then, we adapt our self-made .reg-file with the new file-paths. If ready, we execute the .reg-file, so all the keys (ClassIDs, Paths, ...) are imported into the registry.

I did the job myself (looking for all the keys), but there are also programs that locates all keys connected to a given program or DLL/OCX.

Can you run these .reg-files on these computers?


Author Comment

ID: 9834223
Unfortunately, I believe that they can NOT run the .REG file (I was unable to run it in Windows XP Limited Access mode, but could as an Administrator)

The reason I mention the location of the OCX is, is that the software loads if the RichTX32.ocx file is copied to the SYSTEM32 folder (on a fresh Windows XP Pro install), but gives an error if its not.

I could, however, be wrong about them not able to install the .REG file; I just know they are using Windows XP and the "Limited" mode seemed to meet their restrictions (not being able to install to the registry)

Did your client/company have the same restrictions?  
LVL 14

Accepted Solution

aelatik earned 500 total points
ID: 9835445

Expert Comment

ID: 9839920
No.  You can't use unregistered OCX controls.  Take this CCRP controls project download for example:

This includes a zip file named ccrpftv6-10
which includes a program named   ccrpRegUtil.exe   very handy!

I've got this associated with the OCX extension so I can double click any OCX file and have it registered into the registry so that it may then be selected from tools toolbars and control reference lists as well as being inserted and used from Office or VB applications without getting the control not registered error.

The bottom line is, there is no magic wand to give people rights you have deliberately revoked with policy editor.  If you want to have a bulletproof safe user machine population protected from installing garbage like screensavers, garfield mouse cursors and other viruses and protect them from mangling their registry - for ease of support, then you will also have locked them out of installing beneficial applications as well..

Have your application added to the baseline image or at very least have the control registered in the baseline distributed user desktop image.

If you cannot get your controls registered with this CCRPREGUTIL (above) then you should either use some sort of Administrator login script with Admin rights or remote configuration management to register the control for all users OR have them log in with admin rights to the local machine just long enough to register the control or install the program or else you will need to do without the control.  There is no way around this security that I am aware of.

Expert Comment

ID: 9840877
> Did your client/company have the same restrictions?
Don't know. They used the package more to push the software to the clients ... So, I guess they were using SMS (System Management Server) or any script to push the files and the Registry-values ...

I know if the admin didn't his work like he should be, this .reg sometimes works.

But, like Informative mentions, ... If your user has really no access to the registry, there is no work-arround to get your OCX/DLL in the registry

If there was a work arround, it must be a security hole that would be quickly repaired with a new patch :-)


Author Comment

ID: 9848345
Thanks all,

The "Thinstall" software achieves the goal nearly perfectly.

Anyone know where we can find it cheaper than the $750 on their website?

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

When designing a form there are several BorderStyles to choose from, all of which can be classified as either 'Fixed' or 'Sizable' and I'd guess that 'Fixed Single' or one of the other fixed types is the most popular choice. I assume it's the most p…
You can of course define an array to hold data that is of a particular type like an array of Strings to hold customer names or an array of Doubles to hold customer sales, but what do you do if you want to coordinate that data? This article describes…
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question