NT Service - Local service account and user account

  • Thread starter Thread starter marek zegarek
  • Start date Start date
M

marek zegarek

Hello!

I'm writing Windows Service, that will check few registry keys.
Is there any possibility to read registry keys from HKEY_Curren_User, when
..NET Application is running in Local System context?
 
Hi!

HKEY_CURRENT_USER, apparently, will map to the HKEY_USERS\<SID> key
corresponding to the account under which your service runs. Not so sure
though whether there's a key for the LocalSystem account.

To quote MSDN Library ("Predefined Keys" topic):

"The mapping between HKEY_CURRENT_USER and HKEY_USERS is per process and is
established the first time the process references HKEY_CURRENT_USER. The
mapping is based on the security context of the first thread to reference
HKEY_CURRENT_USER. If this security context does not have a registry hive
loaded in HKEY_USERS, the mapping is established with HKEY_USERS\.Default.
After this mapping is established it persists, even if the security context
of the thread changes.

This handle should not be used in a service or an application that
impersonates different users. Instead, call the RegOpenCurrentUser
function."

Does this answer your question?
 
Thanks for an answer!
Now is ok.


Uzytkownik "Dmytro Lapshyn said:
Hi!

HKEY_CURRENT_USER, apparently, will map to the HKEY_USERS\<SID> key
corresponding to the account under which your service runs. Not so sure
though whether there's a key for the LocalSystem account.

To quote MSDN Library ("Predefined Keys" topic):

"The mapping between HKEY_CURRENT_USER and HKEY_USERS is per process and
is established the first time the process references HKEY_CURRENT_USER.
The mapping is based on the security context of the first thread to
reference HKEY_CURRENT_USER. If this security context does not have a
registry hive loaded in HKEY_USERS, the mapping is established with
HKEY_USERS\.Default. After this mapping is established it persists, even
if the security context of the thread changes.

This handle should not be used in a service or an application that
impersonates different users. Instead, call the RegOpenCurrentUser
function."

Does this answer your question?
Click to expand...
 
Hello!

I'm writing Windows Service, that will check few registry keys.
Is there any possibility to read registry keys from HKEY_Curren_User, when
.NET Application is running in Local System context?
Click to expand...

HKEY_CURRENT_USER is separate, individual, different for each user account.
How would your service know what account's HKCU to use?

The simple answer: if your service has to access HKCU it must run under the
account of the user who's HKCU you want to access, not under local system.



You can circumvent that by loading and unloading registry hives yourself,
but that's something I definitely would NOT recommend.

It's *very* easy to lose a user's complete profile (everything in his HKCU
and in his "Documents and Settings" subtree), by having that account's HKCU
hive loaded when the system doesn't expect it.


Try it out with a test account:
WARNING: THERE IS NO WAY TO UNDO THE DAMAGE.
Start regedit (or regedt32 under w2k), position yourself on the HKEY_USERS
root, File --> Load Hive, browse to the user.dat file of a user that isn't
logged on at the moment and load it.
The file is located in his \Documents and Settings\Username directory.

Now close regedit (regedt32) without unloading that hive, log off, and log
on as the user who's hive you just loaded: the system forgets all it knew
about that user, and creates a whole new subdirectory for it under
\Documents and Settings.
 
Back
Top