Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

RegOpenKeyEx failure

32 views
Skip to first unread message

Polaris

unread,
Nov 22, 2009, 2:58:10 AM11/22/09
to
Hi Experts:

I'm writing a console app which accesses and changes some values under
Windows registry: HKLM\System\CurrentControlSet\Enum and I'm the admin on
the machine (XP).

I have done the following steps but failed at step #4 with access denied
error.

1. Get the process handle with PROCESS_ALL_ACCESS; success.

2. Get the token handle with TOKEN_ALL_ACCESS; success.

3. Adjust token privilege to SE_TAKE_OWNERSHIP_NAME; success.

4. open the reg key "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum" using
RegOpenKeyEx with KEY_ALL_ACCESS (tried also WRITE_ONWER); but failed with
return code 5 (Access Denied).

If I manually change the permission for "EVERYONE" with full permissions
using RegEdit.exe, it worked fine. But this is not what I want. I like the
app to be able to programmatically do that through certain steps (hopefully
similar steps to what I have tried above).

Any pointer on the possible cause is appreciated.

Thanks in Advance.

Polaris


David Wilkinson

unread,
Nov 22, 2009, 7:34:04 AM11/22/09
to

HKLM is not accessible to a non-elevated process under Vista or Windows 7.

If your application had no manifest, then writing would to HKLM would be
virtualized, so I assume that your application has the standard "AsInvoker"
manifest (as it should).

Really, your application should not be writing to HKLM. If you need occasional
access to HKLM is perform some specific task, you could instruct the user to
start the application as Administrator.

--
David Wilkinson
Visual C++ MVP

Alexander Grigoriev

unread,
Nov 22, 2009, 11:54:39 AM11/22/09
to
The OP is running XP, as Administrator. Enum key can only be written by
LOCAL_SYSTEM account. Even though in XP one can take ownership, that would
be a kludge. Even worse, in Vista SP2/Windows 7, Enum key ownership cannot
even be taken by an admin (it's already owned by Administrators). This key
has a special token (owner permissions), which sets maximum owner
permissions. Traditionally, in Windows an object owner could open it with
any access requested, even if ACL specified lower permissions. This new
token changed that.

"David Wilkinson" <no-r...@effisols.com> wrote in message
news:u%2352UA3a...@TK2MSFTNGP02.phx.gbl...


> Polaris wrote:
>> I'm writing a console app which accesses and changes some values under
>> Windows registry: HKLM\System\CurrentControlSet\Enum and I'm the admin on
>> the machine (XP).
>

Pavel A.

unread,
Nov 22, 2009, 3:30:10 PM11/22/09
to
MS has warned ever so often, not to fool with the enum key, because it holds
PnP database.
Eventually, their patience ended.

--pa


"Polaris" <etpo...@hotmail.com> wrote in message
news:e8crIm0a...@TK2MSFTNGP02.phx.gbl...

David Wilkinson

unread,
Nov 23, 2009, 9:34:20 AM11/23/09
to
Alexander Grigoriev wrote:
> The OP is running XP, as Administrator. Enum key can only be written by
> LOCAL_SYSTEM account. Even though in XP one can take ownership, that would
> be a kludge. Even worse, in Vista SP2/Windows 7, Enum key ownership cannot
> even be taken by an admin (it's already owned by Administrators). This key
> has a special token (owner permissions), which sets maximum owner
> permissions. Traditionally, in Windows an object owner could open it with
> any access requested, even if ACL specified lower permissions. This new
> token changed that.

Oops, yes. I missed the XP (and the particular reference to the Enum registry
key). In short, I did not read the question carefully...

I would still maintain, though, that an application has no business messing with
anything in HKLM. This was possible in XP because most users run as
administrator, but in Vista/Win7 it is not possible without elevation.

0 new messages