What can a normal user (e.g. administrator) can read and modify inthe Registry?

  • Thread starter Thread starter MueMeister
  • Start date Start date
M

MueMeister

Hi All,

does anybody know, has a link or whitepaper containing information
about the rights to read and modify the registry in windows vista?

I want to know the rules in case of my application running in normal and
administrative mode.

thanks a lot.
Mue
 
And why is that Jimmy?
Why;even if I screw it up; is an area "off limits"?
Jeff

I'm assuming you're talking about the keys denied to administrators? It's
not to stop administrators from accessing them, it is to stop programs from
accessing them (even programs running with admin privileges). The programs
need to use the approprate programming interfaces to access the data, not
access it directly. This was done because many programs were breaking the
rules by accessing the data directly.
 
Hello,

Basically, a normal user has access rights to HKEY_CURRENT_USER. Everything
else is read-only.

Administrators have access to most other registry keys. The ones that
Administrators cannot access are usually controlled by other API's.
 
Jimmy said:
I'm assuming you're talking about the keys denied to administrators?
It's not to stop administrators from accessing them, it is to stop
programs from accessing them (even programs running with admin
privileges). The programs need to use the approprate programming
interfaces to access the data, not access it directly. This was done
because many programs were breaking the rules by accessing the data
directly.

A good example is malware (and other programs in the name of copy
protection) creating keys with bad data in them. Once the key exists they
can't be read or altered through the API's and often cause problems with
other programs that try to modify the registry legally.
 
Jeff said:
Ok,
But basically; reg keys still off limit?

Only a very few locations are secured from administrators; this includes
sensitive system configuration and performance-related data that can be
accessed by administrators through other means (user accounts control panel,
performance monitor, etc).

Any program running with admin privileges can access all but those
super-secure locations.

A normal program can only write settings that don't affect the state of the
entire computer and only affect the currently logged in user
(HKEY_CURRENT_USER).
 
Back
Top