How do I modify a Register Key Permissions

Posted on 2009-04-20
Last Modified: 2013-12-04
I developed a windows (desktop) application using VB.NET 2003. The application has to be deployed in a network environment on windows XP or Vista. The first time that the application runs, it creates some register keys which have to be updated each the application is opened. At the installation time there is no problem with the keys because an administration account is being used. The problem comes when a regular user log in, runs the application and try to update the register keys. A popup denied modification permission appears. I need to set the permission on theses register keys to allow to normal or regular users modify and update the keys. Besides this procedure has to work for windows XP or Vista.

Thanks a lot for your response
Question by:afak
    LVL 12

    Expert Comment

    Think you can use the RegistryPermission class from .net. somthing like the following.
    Dim f As New RegistryPermission( RegistryPermissionAccess.Read, "HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0")
    f.AddPathList( RegistryPermissionAccess.Write Or RegistryPermissionAccess.Read, "HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\0")

    Open in new window


    Author Comment

    I was trying your suggestion using RegistryPermissionAccess but it did not work. Maybe I am missing something. I am attaching the small function I created to try your method. I tried the write, and AllAccess but any of then work. After, I call this function I verify the register key using register editor (regedit) but the permissions in the users account don't change.

    Thanks a lot for your help
    Public Function SetRegisterKey() As Boolean
            Dim KeyPath As String = "HKEY_LOCAL_MACHINE\SOFTWARE\CGIclient\Data"
            Dim RegPermission As RegistryPermission
                RegPermission = New RegistryPermission(RegistryPermissionAccess.AllAccess, KeyPath)
            Catch ex As Exception
                MsgBox("Exception Type: " & ex.GetType.FullName & vbCrLf & "Error: " & ex.Message, MsgBoxStyle.Critical, _
                        "Procedure: " & ex.TargetSite.GetCurrentMethod.Name)
                Return False
            End Try
            Return True
        End Function

    Open in new window

    LVL 12

    Expert Comment

    Hmm, after a bit more research it turns out since the key was created under and admin account, the normal user wont be able to access it still using the .NET classes.  I did find a shell script that can set what you need. I am thinking you can spawn it  as a post install step or the first time the app is run by the user.

    Example at:

    Definition of the integers at the end of the script

    Example of using ProcessStartInfo here

    Save this line into a text file called RegIniSettings.txt
    Then run
    regini C:\Path\To\File\RegIniSettings.txt
    This will add SYSTEM as Full Control, and EVERYONE as Full Control

    Open in new window


    Author Comment

    I have tried regini.exe before, it works in windows XP but not in VISTA. One of the reason I became member experts-exchange was hopping to get a solution for Vista ans XP.

    Thanks for your help!
    LVL 12

    Expert Comment

    Really? regini is included with vista, so i assumed it would work without problems. I'll run a test on my machine in a bit to try it out. All I can think of is regini wouldnt work maybe from the application itself because it would be running as the user who doesnt have access already.  I imagine the regini would have to be run during the install process (as the admin user) or perhaps you can combine the shell process using a runas command.  I'll try regini on my machine in a bit and let you know how it goes.
    LVL 12

    Expert Comment

    I just tried the regini test on my Vista system. As a standard user I was not able to modify the permissions. When I logged in as the Administrator account, I was able to run and set the permissions using regini.  As such is it possible to modify the installer to execute regini post install or is the existing install base to large for that to be feasible?

    Author Comment

    As I mentioned in my original question, the keys are created the 1st time the application is running using the installer account (Administrator). Then, actually I was looking for a method to set the permissions at this moment, when the application run the first time, then, there is no problem when your suggestion.
    What is rare for me is that I was doing some trials with regini using an administrator account on windows VISTA and didn't have success, I tried directly on the command line using cmd.exe. What version of VISTA do you try and what was the complete command you used?
    I tried on Windows Vista Business to modify the permissions of the account USERS to full.
    What do you did?
    LVL 12

    Accepted Solution

    I'm using Vista 64 Ultimate.  I tried on the following key and permission set to:
    executed via a cmd shell

    This set the permissions for the above key to full control for EVERYONE and SYSTEM

    Im not aware of setting just the Users. Only option I know of is for Power Users as defined by the available integers:
    Administrator Full 1
    Administrator R 2
    Administrator RW 3
    Administrator RWD 4
    Creator Full 5
    Creator RW 6
    World Full 7
    World R 8
    World RW 9
    World RWD 10
    Power Users Full 11
    Power Users RW 12
    Power Users RWD 13
    System Op Full 14
    System Op RW 15
    System Op RWD 16
    System Full 17
    System RW 18
    System R 19
    Administrator RWX 20

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Join & Write a Comment

    In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
    Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    24 Experts available now in Live!

    Get 1:1 Help Now