Reading Registry Errors

  • Thread starter Thread starter Mike Malter
  • Start date Start date
M

Mike Malter

On my XP Professional dev machine, I am able to read the registry by giving
permissions to the ASP.NET account on the local machine.

When I transfer the code to my staging server (Windows 2003), I am getting a
System.Security.SecurityException: Requested registry access is not allowed.

The key is there, I exported it from my XP machine. The permissions are there, and I
can see in the error message the code breaks where I try to read the key.

I am new to using the registry in web apps, and am wondering if there are additional
settings required on a Windows 2003 server to allow my web app to read the registry.

Thank you.
 
I believe regedt32 lets you change security settings but regedit does not.
I may be misremembering.

In newer versions, sections of the registry have their own permissions (just
like files) and servers are generally locked down rather tightly.
 
Hi Mike,

First of all, I would like to confirm my understanding of your issue. From
your description, I understand that when you're trying to read the registry
on an Windows 2003 machine, a SecurityException is thrown. If there is any
misunderstanding, please feel free to let me know.

As far as I know, in IIS6, the ASP.NET apps are running under a working
process named w3wp.exe. This process is under the account of Network
Service. You can open the Task manager and check in the process tab.

To make your app access registry successfully, you can change the account
that your app is running. Here are the step:

1. Open IIS manager in Administrative Tools.
2. Under the website, find your ASP.NET application. Right click on it and
select properties.
3. In the Directory tab you'll see the application pool your app is
running. On my machine, it's the DefaultAppPool.
4. On the left pane, find DefaultAppPool under Application Pool folder.
5. Right click on DefaultAppPool and select properties.
6. Under Identity tab, you can change the identity to local system.
7. Start -> Run. Type iisreset and press enter to restart IIS.

HTH.

Kevin Yu
=======
"This posting is provided "AS IS" with no warranties, and confers no
rights."
 
I would worry less about getting access to the registry from a web app and more about that design. A live server should be
configured properly for your application to run, so you shouldn't have to check anything in the registry. The application should
assume that the envirnoment is set up properly. Giving the ASPNET user account registry access is a potential security risk.
 
Back
Top