Permission prob writing to HKEY_LOCAL_MACHINE

  • Thread starter Thread starter Terry Holland
  • Start date Start date
T

Terry Holland

I have an app that reads & write to
[HKEY_LOCAL_MACHINE\SOFTWARE\MyCompany\MyApp] in the registry. On my
development machine this is fine as I am in the Local Administrators group,
but the users of the application get permission error when attempting to
write to this key (they are in Users group). How do I overcome this?

tia

Terry Holland

ps All user are runnning Win XP (I couldnt find a Win XP reg group)
 
Terry said:
I have an app that reads & write to
[HKEY_LOCAL_MACHINE\SOFTWARE\MyCompany\MyApp] in the registry. On my
development machine this is fine as I am in the Local Administrators group,
but the users of the application get permission error when attempting to
write to this key (they are in Users group). How do I overcome this?
Click to expand...

Hi

If you have control of the source code:

Alt 1.)
Change the app so it doesn't write to this key.

Alt 2.)
Let the setup routine for the app grant write access for all users to this key.



If you don't have control of the source code:

Grant write access for all users to this key.


--
torgeir
Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of the 1328 page
Scripting Guide:
http://www.microsoft.com/technet/community/scriptcenter/default.mspx
 
Terry said:
I have an app that reads & write to
[HKEY_LOCAL_MACHINE\SOFTWARE\MyCompany\MyApp] in the registry. On my
development machine this is fine as I am in the Local Administrators group,
but the users of the application get permission error when attempting to
write to this key (they are in Users group). How do I overcome this?
Click to expand...

Hi

If you have control of the source code:

Alt 1.)
Change the app so it doesn't write to this key.

Alt 2.)
Let the setup routine for the app grant write access for all users to this key.



If you don't have control of the source code:

Grant write access for all users to this key.


--
torgeir
Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of the 1328 page
Scripting Guide:
http://www.microsoft.com/technet/community/scriptcenter/default.mspx
 
In said:
I have an app that reads & write to
[HKEY_LOCAL_MACHINE\SOFTWARE\MyCompany\MyApp] in the registry. On
my development machine this is fine as I am in the Local
Administrators group, but the users of the application get
permission error when attempting to write to this key (they are in
Users group). How do I overcome this?

tia

Terry Holland

ps All user are runnning Win XP (I couldnt find a Win XP reg
Click to expand...

The application during installation may need to be done under an
Administrators account, but once installed it should be using HKCU to
which the User logged on has sufficient permissions for Read and
Write.

It it your app.? Can you "fix" it?

Otherwise you need either to raise the user accounts to admin. :-(
Or, change the permissions (ACLs) on the key in question. Not
desirable but it has come up before this. regedt32.exe can alter
(under and administrator account) the registry ACLs for the key and
subkeys. Win32 APIs exist to do so. Regini.exe (Resource Kit) and
SetACL.exe are other tools. SetACL is a bit complex but quite
powerful. http://sourceforge.net/projects/setacl/

You might change the ACE for the local USERS group to FULL for
example. You may need to disable Inherited permissions on the key in
question.
 
In said:
I have an app that reads & write to
[HKEY_LOCAL_MACHINE\SOFTWARE\MyCompany\MyApp] in the registry. On
my development machine this is fine as I am in the Local
Administrators group, but the users of the application get
permission error when attempting to write to this key (they are in
Users group). How do I overcome this?

tia

Terry Holland

ps All user are runnning Win XP (I couldnt find a Win XP reg
Click to expand...

The application during installation may need to be done under an
Administrators account, but once installed it should be using HKCU to
which the User logged on has sufficient permissions for Read and
Write.

It it your app.? Can you "fix" it?

Otherwise you need either to raise the user accounts to admin. :-(
Or, change the permissions (ACLs) on the key in question. Not
desirable but it has come up before this. regedt32.exe can alter
(under and administrator account) the registry ACLs for the key and
subkeys. Win32 APIs exist to do so. Regini.exe (Resource Kit) and
SetACL.exe are other tools. SetACL is a bit complex but quite
powerful. http://sourceforge.net/projects/setacl/

You might change the ACE for the local USERS group to FULL for
example. You may need to disable Inherited permissions on the key in
question.
 
Thanks

I wasn't aware of 'permissions' for Reg Keys. Is there a way of automating
the process of applying permissions for keys to users/groups?
 
Thanks

I wasn't aware of 'permissions' for Reg Keys. Is there a way of automating
the process of applying permissions for keys to users/groups?
 
Terry said:
I wasn't aware of 'permissions' for Reg Keys. Is there a way of automating
the process of applying permissions for keys to users/groups?
Click to expand...

Hi

From a script:

Regini.exe (comes builtin with WinXP) or SetACL.exe is an option:

http://groups.google.com/[email protected]

SubInACL.exe can also be used for this, a new, bug-fixed version of
SubInACL.exe is available for download here (Win2k/WinXP/Win2k3):

http://www.microsoft.com/downloads/details.aspx?FamilyID=e8ba3e56-d8fe-4a91-93cf-ed6985e3927b



From a script or an exe file:

Using the IADsSecurityUtility object is an option.

IADsSecurityUtility
http://msdn.microsoft.com/library/en-us/adsi/adsi/iadssecurityutility.asp


With API's from an exe:

Get and SetNamedSecurityInfo.

An example that uses this API's against a registry key (disregard the
files and folders talk at the top):

http://groups.google.com/[email protected]


--
torgeir
Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of the 1328 page
Scripting Guide:
http://www.microsoft.com/technet/community/scriptcenter/default.mspx
 
Terry said:
I wasn't aware of 'permissions' for Reg Keys. Is there a way of automating
the process of applying permissions for keys to users/groups?
Click to expand...

Hi

From a script:

Regini.exe (comes builtin with WinXP) or SetACL.exe is an option:

http://groups.google.com/[email protected]

SubInACL.exe can also be used for this, a new, bug-fixed version of
SubInACL.exe is available for download here (Win2k/WinXP/Win2k3):

http://www.microsoft.com/downloads/details.aspx?FamilyID=e8ba3e56-d8fe-4a91-93cf-ed6985e3927b



From a script or an exe file:

Using the IADsSecurityUtility object is an option.

IADsSecurityUtility
http://msdn.microsoft.com/library/en-us/adsi/adsi/iadssecurityutility.asp


With API's from an exe:

Get and SetNamedSecurityInfo.

An example that uses this API's against a registry key (disregard the
files and folders talk at the top):

http://groups.google.com/[email protected]


--
torgeir
Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of the 1328 page
Scripting Guide:
http://www.microsoft.com/technet/community/scriptcenter/default.mspx
 
thanks,

will look into these suggestions

Torgeir Bakken (MVP) said:
Hi

From a script:

Regini.exe (comes builtin with WinXP) or SetACL.exe is an option:

http://groups.google.com/[email protected]

SubInACL.exe can also be used for this, a new, bug-fixed version of
SubInACL.exe is available for download here (Win2k/WinXP/Win2k3):

http://www.microsoft.com/downloads/details.aspx?FamilyID=e8ba3e56-d8fe-4a91-93cf-ed6985e3927b



From a script or an exe file:

Using the IADsSecurityUtility object is an option.

IADsSecurityUtility
http://msdn.microsoft.com/library/en-us/adsi/adsi/iadssecurityutility.asp


With API's from an exe:

Get and SetNamedSecurityInfo.

An example that uses this API's against a registry key (disregard the
files and folders talk at the top):

http://groups.google.com/[email protected]


--
torgeir
Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of the 1328 page
Scripting Guide:
http://www.microsoft.com/technet/community/scriptcenter/default.mspx
Click to expand...
 
thanks,

will look into these suggestions

Torgeir Bakken (MVP) said:
Hi

From a script:

Regini.exe (comes builtin with WinXP) or SetACL.exe is an option:

http://groups.google.com/[email protected]

SubInACL.exe can also be used for this, a new, bug-fixed version of
SubInACL.exe is available for download here (Win2k/WinXP/Win2k3):

http://www.microsoft.com/downloads/details.aspx?FamilyID=e8ba3e56-d8fe-4a91-93cf-ed6985e3927b



From a script or an exe file:

Using the IADsSecurityUtility object is an option.

IADsSecurityUtility
http://msdn.microsoft.com/library/en-us/adsi/adsi/iadssecurityutility.asp


With API's from an exe:

Get and SetNamedSecurityInfo.

An example that uses this API's against a registry key (disregard the
files and folders talk at the top):

http://groups.google.com/[email protected]


--
torgeir
Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of the 1328 page
Scripting Guide:
http://www.microsoft.com/technet/community/scriptcenter/default.mspx
Click to expand...
 
Back
Top