Now i tried to set the accessrights by my programm. Since i do not have
rights to this key, i cannot open the key to get a handle for modifying the
rights.
Microsoft wrote in KB-Article 111546:
<
To take ownership of a registry key it is necessary to have a handle to the
key. A handle to the key can be obtained by opening the key with a registry
API (application programming interface) such as RegOpenKeyEx(). If the user
does not have access to the registry key, the open operation will fail and
this will in turn prevent ownership being taken (because a handle to the key
is required to change the key[ASCII 146]s security).
The solution to this problem is to first enable the TakeOwnership privilege
and then to open the registry key with WRITE_OWNER access as shown below:
RegOpenKeyEx(HKEY_CLASSES_ROOT,"Testkey",0,WRITE_OWNER,&hKey);
This function call will provide a handle to the registry, which can be used
in the following call to take ownership:
RegSetKeySecurity(hKey,OWNER_SECURITY_INFORMATION,
&SecurityDescriptor);
Please note that you will need to initialize the security descriptor being
passed to RegSetKeySecurity() and set the owner field to the new owner SID.
>
But it does not work by program !
Here is my code:
{
HKEY hKey;
SECURITY_INFORMATION si;
PSECURITY_DESCRIPTOR sd;;
DWORD size=1000;
DWORD result;
result=RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\\Testkey",0,WRITE_OWNER
,&hKey);
result=RegGetKeySecurity(hKey,si,sd,&size);
result=RegSetKeySecurity(hKey,si,sd);
}
When trying to RegOpenKeyEx, it fails with result==5 (Access denied) and of
course other subsequent calls to RegGetKeySecurity failed with 6 (Invalid
handle) since hKey is set to NULL.
So what is wrong ? Why does it not work in a way MS told me ?
My system is W2000prof/SP4, MS VC++ 5.0/SP3.
Thanks in advance !
Jost
http://www.mvps.org/win32/security/fksec.html
>.
>