Solved

Problem Enabling Privilege For Call to RegSaveKey()

Posted on 2004-10-08
6
1,135 Views
Last Modified: 2008-01-09
One of the utility programs I am writing modifies a few registry entries, and to be able to roll back, I need to back up the effected (or is that affected - always hated trying to make that distinction) keys. I have been digging through MSDN, and found a few good samples, but no matter how I tweak the code, my call to RegSaveKey () returns a 1314, which is "A required privilege is not held by the client".

I'll post the relevant code, and if anyone can spot where I went wrong, I would REALLY appreciate the help as I have another long weekend ahead.

Thanks so much,
Jeff

BOOL      SetPrivilege(LPCTSTR lpszPrivilege, BOOL bEnablePrivilege)
{
      TOKEN_PRIVILEGES tp;
      LUID luid;
      HANDLE hToken;

      OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken);
      if ( !LookupPrivilegeValue(NULL, lpszPrivilege, &luid) )    
            return FALSE;
      
      tp.PrivilegeCount = 1;
      tp.Privileges[0].Luid = luid;
      
      if (bEnablePrivilege)
            tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
      else
          tp.Privileges[0].Attributes = 0;

      AdjustTokenPrivileges(hToken,
                                    FALSE,
                                    &tp,
                                    sizeof (TOKEN_PRIVILEGES),
                                    (PTOKEN_PRIVILEGES) NULL,
                                    (PDWORD) NULL);

      return ( (GetLastError()!=ERROR_SUCCESS)?FALSE:TRUE);
}




bool      SaveRegKey (HKEY &hKey, char lpszFilename[PROFILEBUF])
{
      long            lResult;

      SetPrivilege(SE_BACKUP_NAME,TRUE);
      if (IsFileExist(lpszFilename))
      {
            if (DeleteFile(lpszFilename))
                  lResult = RegSaveKey (hKey, lpszFilename, NULL);
      }
      else
            lResult = RegSaveKey (hKey, lpszFilename, NULL);


      SetPrivilege(SE_BACKUP_NAME,FALSE);
      return ( (GetLastError()!=ERROR_SUCCESS)?FALSE:TRUE);
}
0
Comment
Question by:jpetter
  • 3
  • 3
6 Comments
 
LVL 86

Accepted Solution

by:
jkr earned 500 total points
ID: 12262121
>>"A required privilege is not held by the client".

A privilege that is not *held* cannot be *enabled*. You need to grant the SE_BACKUP_NAME privilege to the account you want to use that code with.  If you want to be able do do that by code, you need to use 'LsaAddAccountRights()'. See http://win32.mvps.org/lsa/lsa_laar.cpp for a sample. But, keep in mind that logging off and back on is needed in order for the change to take effect.
0
 
LVL 86

Expert Comment

by:jkr
ID: 12262245
Oh, BTW, SE_BACKUP_NAME is actually called 'SeBackupPrivilege' and the textual description is "Back up files and directories". You will automatically grant that privilege to any account that is added to the 'Backup Operators' group. NOTE that Administrators aren't members of that group by default.
0
 

Author Comment

by:jpetter
ID: 12262903
jkr,

Awesome! Let me check that out. I have already written a service that will launch this program using CreateProcess(), so I will already have the security context taken care of. Now if I read your comment correctly, I'll just have to read and figure out to implement granting the privilege to the account.

I'll let you know.

Thanks,
Jeff
0
Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

 

Author Comment

by:jpetter
ID: 12263406
jkr,

This may be a stupid question, but it's getting late.

I've been testing and debugging these processes in an standard application executable. In the end, this will be executing in the security context of the LSA as it will be launched from a service. That brings two questions to my mind.
1). Should I test this with the service, as the LSA should have the privilege?
2). Since it would be running under the LSA, could I enable it, as I thought the LSA had complete access to anything local to the machine.

Thanks,
Jeff
0
 
LVL 86

Expert Comment

by:jkr
ID: 12264636
You need to apply the privilege to the account your service is running under. If it is LocalSystem by now, you will have to change that to an account you can safely assign this privilege to. You might havr to create a new one.
0
 

Author Comment

by:jpetter
ID: 12270080
jkr,

Thanks again,
Jeff
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Templates For Beginners Or How To Encourage The Compiler To Work For You Introduction This tutorial is targeted at the reader who is, perhaps, familiar with the basics of C++ but would prefer a little slower introduction to the more ad…
This article shows you how to optimize memory allocations in C++ using placement new. Applicable especially to usecases dealing with creation of large number of objects. A brief on problem: Lets take example problem for simplicity: - I have a G…
The viewer will learn how to pass data into a function in C++. This is one step further in using functions. Instead of only printing text onto the console, the function will be able to perform calculations with argumentents given by the user.
The viewer will be introduced to the member functions push_back and pop_back of the vector class. The video will teach the difference between the two as well as how to use each one along with its functionality.

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question