Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Problem Enabling Privilege For Call to RegSaveKey()

Posted on 2004-10-08
6
Medium Priority
?
1,167 Views
Last Modified: 2008-01-09
One of the utility programs I am writing modifies a few registry entries, and to be able to roll back, I need to back up the effected (or is that affected - always hated trying to make that distinction) keys. I have been digging through MSDN, and found a few good samples, but no matter how I tweak the code, my call to RegSaveKey () returns a 1314, which is "A required privilege is not held by the client".

I'll post the relevant code, and if anyone can spot where I went wrong, I would REALLY appreciate the help as I have another long weekend ahead.

Thanks so much,
Jeff

BOOL      SetPrivilege(LPCTSTR lpszPrivilege, BOOL bEnablePrivilege)
{
      TOKEN_PRIVILEGES tp;
      LUID luid;
      HANDLE hToken;

      OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken);
      if ( !LookupPrivilegeValue(NULL, lpszPrivilege, &luid) )    
            return FALSE;
      
      tp.PrivilegeCount = 1;
      tp.Privileges[0].Luid = luid;
      
      if (bEnablePrivilege)
            tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
      else
          tp.Privileges[0].Attributes = 0;

      AdjustTokenPrivileges(hToken,
                                    FALSE,
                                    &tp,
                                    sizeof (TOKEN_PRIVILEGES),
                                    (PTOKEN_PRIVILEGES) NULL,
                                    (PDWORD) NULL);

      return ( (GetLastError()!=ERROR_SUCCESS)?FALSE:TRUE);
}




bool      SaveRegKey (HKEY &hKey, char lpszFilename[PROFILEBUF])
{
      long            lResult;

      SetPrivilege(SE_BACKUP_NAME,TRUE);
      if (IsFileExist(lpszFilename))
      {
            if (DeleteFile(lpszFilename))
                  lResult = RegSaveKey (hKey, lpszFilename, NULL);
      }
      else
            lResult = RegSaveKey (hKey, lpszFilename, NULL);


      SetPrivilege(SE_BACKUP_NAME,FALSE);
      return ( (GetLastError()!=ERROR_SUCCESS)?FALSE:TRUE);
}
0
Comment
Question by:jpetter
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 86

Accepted Solution

by:
jkr earned 2000 total points
ID: 12262121
>>"A required privilege is not held by the client".

A privilege that is not *held* cannot be *enabled*. You need to grant the SE_BACKUP_NAME privilege to the account you want to use that code with.  If you want to be able do do that by code, you need to use 'LsaAddAccountRights()'. See http://win32.mvps.org/lsa/lsa_laar.cpp for a sample. But, keep in mind that logging off and back on is needed in order for the change to take effect.
0
 
LVL 86

Expert Comment

by:jkr
ID: 12262245
Oh, BTW, SE_BACKUP_NAME is actually called 'SeBackupPrivilege' and the textual description is "Back up files and directories". You will automatically grant that privilege to any account that is added to the 'Backup Operators' group. NOTE that Administrators aren't members of that group by default.
0
 

Author Comment

by:jpetter
ID: 12262903
jkr,

Awesome! Let me check that out. I have already written a service that will launch this program using CreateProcess(), so I will already have the security context taken care of. Now if I read your comment correctly, I'll just have to read and figure out to implement granting the privilege to the account.

I'll let you know.

Thanks,
Jeff
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:jpetter
ID: 12263406
jkr,

This may be a stupid question, but it's getting late.

I've been testing and debugging these processes in an standard application executable. In the end, this will be executing in the security context of the LSA as it will be launched from a service. That brings two questions to my mind.
1). Should I test this with the service, as the LSA should have the privilege?
2). Since it would be running under the LSA, could I enable it, as I thought the LSA had complete access to anything local to the machine.

Thanks,
Jeff
0
 
LVL 86

Expert Comment

by:jkr
ID: 12264636
You need to apply the privilege to the account your service is running under. If it is LocalSystem by now, you will have to change that to an account you can safely assign this privilege to. You might havr to create a new one.
0
 

Author Comment

by:jpetter
ID: 12270080
jkr,

Thanks again,
Jeff
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Unlike C#, C++ doesn't have native support for sealing classes (so they cannot be sub-classed). At the cost of a virtual base class pointer it is possible to implement a pseudo sealing mechanism The trick is to virtually inherit from a base class…
Introduction This article is a continuation of the C/C++ Visual Studio Express debugger series. Part 1 provided a quick start guide in using the debugger. Part 2 focused on additional topics in breakpoints. As your assignments become a little more …
The viewer will learn how to pass data into a function in C++. This is one step further in using functions. Instead of only printing text onto the console, the function will be able to perform calculations with argumentents given by the user.
The viewer will be introduced to the technique of using vectors in C++. The video will cover how to define a vector, store values in the vector and retrieve data from the values stored in the vector.
Suggested Courses

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question