Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Registry Permissions & Win APIs

52 views
Skip to first unread message

Travis T

unread,
Dec 6, 2006, 5:51:15 PM12/6/06
to
Hello all,

First of all, I'd like to apologize if this has been asked before. I
searched the group several times and to my dis-belief my mail reader did not
come up with results. I find this to be very suspicious. Anyway, below are
my questions.

I'd like to modify registry key permissions with VBS and I would like to do
it by using the Win APIs.

I have a key under HKEY_LOCAL_MACHINE that I want to give full rights to
Administrators and System. I want to give read rights to power users and I
want to revoke all other rights for all other users.

I've done VB, but am new to VBS so please do not ostercize me for this noob
question. I have found how to do this in VB using the RegSetKeySecurity
function in advapi32.dll. However, I can't even open a key in VBS using
RegOpenKey because I receive a VBScript compilation error on the declaring
function saying "Expected Identifier"

[code]
Private Declare Function RegOpenKey Lib "advapi32.dll" Alias "RegOpenKeyA"
(ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
[/code]

Also, in setting up some constants, I get a compilation error of "Expected
Literal Constant"

[code]
Private Const KEY_SET_VALUE = &H2
Private Const KEY_WRITE = ((STANDARD_RIGHTS_WRITE Or KEY_SET_VALUE Or
KEY_CREATE_SUB_KEY) And (Not SYNCHRONIZE))
[/code]

Is it possible to directly use the Windows APIs from VB Script? If it is
possible, what do I need to do to make this work?

If it isn't possible, then what can I do that will work on Win 2k, XP Pro,
and 2003 to change the security permissions on a registry key?

Thank you,
Travis


alex

unread,
Dec 6, 2006, 6:31:34 PM12/6/06
to
See the wshAPIToolkitObject.ucATO wchich allows you to make calls to
the dlls of the win32 api. this is for setting special folder
privelages/attitrubures. However you should be able to make the same
calls to the advapi32.dll for resigistry writing


----------------------
Set oATO = WScript.CreateObject("wshAPIToolkitObject.ucATO")
Set objWMI =
GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
Set Shell = WScript.CreateObject("WScript.Shell")
Set fso = CreateObject("Scripting.FileSystemObject")
Set objShell = CreateObject("Shell.Application")

Const GENERIC_READ = &H80000000
Const FILE_FLAG_BACKUP_SEMANTICS = &H2000000
''''
''''' Also try ...Const FILE_FLAG_BACKUP_SEMANTICS = 500
Const TOKEN_ADJUST_PRIVILEGES = &H20
Const TOKEN_QUERY = &H8


Const SE_PRIVILEGE_ENABLED = &H2
Const SE_PRIVILEGE_REMOVED = &H4


Const OPEN_EXISTING = 3


Const MAX_PATH = 260
Const ERROR_NO_MORE_FILES = 18
Const FILE_ATTRIBUTE_DIRECTORY = &H10
Const FILE_ATTRIBUTE_NORMAL = &H80
Const FILE_ATTRIBUTE_HIDDEN = &H2
Const FILE_ATTRIBUTE_SYSTEM = &H4
Const FILE_ATTRIBUTE_TEMPORARY = &H100

Function setPrivelages(privelages, mybool)
htoken = oATO.CreateTypDef("htoken",4)
TPk = oATO.CreateTypDef("TPk", 16)
TPk1 = oATO.CreateTypDef("TPk1", 16)
luid = oATO.CreateTypDef("luid", 16)
longitud = oATO.CreateTypDef("longitud", 4)
Handle_proc = oATO.CallAPI("KERNEL32.DLL", "GetCurrentProcess")
wscript.echo Handle_proc
Acceso = TOKEN_ADJUST_PRIVILEGES Or TOKEN_QUERY
lResult = oATO.CallAPI("advapi32.dll",
"OpenProcessToken",Handle_proc,acceso,htoken)
wscript.echo lresult,htoken,oATO.GetLong("htoken",0)
If lresult=0 then
setPrivelages = False
end if

lResult = oATO.CallAPI("advapi32.dll", "LookupPrivilegeValueA","",
Privilegio,Luid)
wscript.echo lresult,oATO.GetLong("luid",0),oATO.GetLong("luid",4)
If lresult=0 then
setPrivelages = False
end if
oATO.PutLong("TPk",0) = 1
oATO.PutLOng("TPk",4) = oATO.GetLong("luid",0)
oATO.PutLOng("TPk",8) = oATO.GetLong("luid",4)
dim attrs
If mybool = true then
attrs = SE_PRIVILEGE_ENABLED
else
attrs= SE_PRIVILEGE_REMOVED
end if
oATO.Putlong("TPk",12) = attrs
Contenido_token = oATO.GetLong("htoken",0)
lResult = oATO.CallAPI("advapi32.dll",
"AdjustTokenPrivileges",contenido_token, false, TPk, 16 ,tpk1,
longitud)
wscript.echo lresult,oATO.GetLong("longitud",0)
If lresult=0 then
setPrivelages = False
else
setPrivelages= True
end if
oATO.CallAPI "KERNEL32.DLL", "CloseHandle",htoken
oATO.DestroyTypDef("Luid") ' returns your memory block
oATO.DestroyTypDef("htoken")
oATO.DestroyTypDef("TPk")
oATO.DestroyTypDef("tpk1")
oATO.DestroyTypDef("longitud")
End function

Travis T

unread,
Dec 7, 2006, 6:06:45 PM12/7/06
to
Thanks!

"alex" <alexhig...@hotmail.com> wrote in message
news:1165447894.8...@79g2000cws.googlegroups.com...

0 new messages