Windows 7 UAC and registry access

Gregor Kovač

unread,

Oct 10, 2012, 10:41:01 AM10/10/12

to jna-...@googlegroups.com

Hi!

I'm running a command line program on java 1.7.0 on Windows 7 32-bit.

In my program I try to create a registry key:

Advapi32Util.registrySetStringValue(WinReg.HKEY_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Environment", "MY_VARIABLE", "DEFAULT_VALUE);

I get back:

com.sun.jna.platform.win32.Win32Exception: Access is denied.

at com.sun.jna.platform.win32.Advapi32Util.registrySetStringValue(Advapi32Util.java:934)

If I run the same program in elevated rights cmd (start - cmd - right click - Run As Administrator) everything is OK.

Is there a way to be able to write to a registry also in "plain" cmd?

Best regards,

Kovi

Daniel Doubrovkine

unread,

Oct 10, 2012, 2:37:35 PM10/10/12

to jna-...@googlegroups.com

You need admin privileges (elevated) to write to HKLM. There're three ways to run elevated in Windows:

1) Be launched by an elevated process.

2) Be an executable with a manifest that says that it must run elevated, in which case Windows will prompt for elevation first before launching the process.

3) Run a command requesting elevation, which is what happens when you do Run as Administrator on something.

You can see that you cannot elevate a process in the middle of execution.

There're other registry locations, such as HKEY_CURRENT_USER that don't require elevation, they are per-user.

If this doesn't answer your question, give us some more detail on what you're trying to accomplish.

--

dB. | Moscow - Geneva - Seattle - New York
dblock.org - @dblockdotorg

Gregor Kovač

unread,

Oct 11, 2012, 4:37:02 AM10/11/12

to jna-...@googlegroups.com

This does in fact answer my question.

Thank you.

Warley Rocha

unread,

Jan 7, 2013, 7:54:13 AM1/7/13

to jna-...@googlegroups.com

Hello,

I got the same problem, but in my case the user can't be an administrator. There is another way?

Best regards,

Warley

Scott Palmer

unread,

Jan 7, 2013, 9:11:41 AM1/7/13

to jna-...@googlegroups.com

Can the same user change the value with regedit? If not, then I doubt there is any simple way. The only thng I suggest is looking into how you might elevate the privileges of a "normal" user to allow it.

Scott

Daniel Doubrovkine

unread,

Jan 7, 2013, 10:17:25 AM1/7/13

to jna-...@googlegroups.com

I am not sure I understand the requirement. If the user doesn't have permissions to write to registry, he can't. Would you like other users to have a backdoor to delete your files?

Reply all

Reply to author

Forward