Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


HKEY_CURRENT_USER when under a service...

Posted on 2005-04-27
Medium Priority
Last Modified: 2012-06-21

I am trying to figure out how to access the registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders

because I want to figure out where the current user's Favorites directory is located. The problem is, I am running as a service under LocalSystemAccount and HKEY_CURRENT_USER doesn't work.  Is there a way to figure out who the current logged-in user is? I tried GetUserName but it returns 'SYSTEM'.

Any ideas??

Question by:cmsdiginet
1 Comment

Accepted Solution

rcarlan earned 900 total points
ID: 13881662
Each process on a Windows NT-based kernel (NT, 2000, XP, 2003) runs under the security context associated with the user account that started the process. This security context controls many things - obviously the permissions - but also the mapping of the user's registry hive.

Each user account on an NT system has its own registry hive. These hives are loaded and stored under the HKEY_USERS registry key (as sub-keys having as a name the corresponding user's SID). For each process, Windows NT will map the hive corresponding to the user that launched the process to HKEY_CURRENT_USER. In other words, HKCR is just a shortcut to the actual registry hive corresponding to the user running the process.

At any one time there are many processes running on the system. Depending on what user account was used to start each of these processes, there are many HKCR (so to speak). See, HKCR doesn't really exist; it's a process specific alias.

Your service is configured to run under the SYSTEM account, thus HKCR for your process corresponds to the local system account. Other processes will have/use different HKCRs. There isn't even a concept of the HKCR corresponding to the interactive user because there may be several interactive users at any one time. For example, if you right-click on a shortcut you can choose "Run As" and launch the corresponding program under a different security context than the one corresponding to the user that has logged on to the windows station. Also, under Windows XP, you can switch between users (i.e. have multiple simultaneous windows stations). The same applies to Terminal Services and Citrix.

What you have to do from your service is the following: enumerate all processes, find one that runs under the security context of the targeted user account, obtain a token to the user (by calling OpenProcessToken), get the corresponding user’s SID (calling GetTokenInformation), convert it to textual form, and then access the user's registry hive.

If you're still interested in doing it, this article will provide you with more information:


Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The following diagram presents a diamond class hierarchy: As depicted, diamond inheritance denotes when two classes (e.g., CDerived1 and CDerived2), separately extending a common base class (e.g., CBase), are sub classed simultaneously by a fourt…
In Easy String Encryption Using CryptoAPI in C++ (http://www.experts-exchange.com/viewArticle.jsp?aid=1193) I described how to encrypt text and recommended that the encrypted text be stored as a series of hexadecimal digits -- because cyphertext may…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question