Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Registry Permission Attributes

11 views
Skip to first unread message

this before reply> john.bowman@thermo.com John Bowman

unread,
Sep 18, 2006, 4:03:31 PM9/18/06
to
Hi All,

I've got an app I need to modifiy that's written in C# VS2005/.NET 2.0 which
is dsigned to ONLY run when the logged in user has administrator privileges.
At one point it needs to delete a HKLM\Software\... registry value if it
has, in fact, created it. So there is a method that deletes this registry
key. The method has the following RegistryPermission attribute....

[RegistryPermissionAttribute(SecurityAction.PermitOnly,
Read=@"HKEY_LOCAL_MACHINE\Software\My Company Name"]

This all works just fine on WinXP, but throws an exception under WinVista
Build: 5384

"Request for the permission of type
'System.Security.Permissions.UIPermission, mscorlib, Version=2.0.0.0,
Culture=neutral, PublicKey Token=b77a5c561934e089' failed."

Has something changed in WinVista that would be expected to cause this or is
this a bug in WinVista and what can I do to work around it? I'm NOT allowed
to move the setting to HKCU\Software\My Company Name" since other programs
rely upon it being there and they will NOT be changing to run under
WinVista.

TIA,

--
John C. Bowman
Software Engineer
Thermo Electron Scientific Instruments Div.
<Remove this before reply> john....@thermo.com


this before reply> john.bowman@thermo.com John Bowman

unread,
Sep 18, 2006, 4:08:45 PM9/18/06
to
Hi Again,

I forgot to mention the method in question also has the following attribute
as well:

[RegistryPermissionAttribute(SecurityAction.PermitOnly,
Write=@"HKEY_LOCAL_MACHINE\Software\My Company Name"]

So it expects to be able to bot h read and write to this location.


John


"John Bowman john....@thermo.com>" <<Remove this before reply> wrote in
message news:OfBXE212...@TK2MSFTNGP05.phx.gbl...

Nicole Calinoiu

unread,
Sep 24, 2006, 6:49:32 PM9/24/06
to
Could you please provide the full exception details (including call stack
listing) as returned by the exception's ToString method? Also, is the
problem occurring when your code attempts to read or write the registry
value or at some other point?

"John Bowman john....@thermo.com>" <<Remove this before reply> wrote in
message news:OfBXE212...@TK2MSFTNGP05.phx.gbl...

this before reply> john.bowman@thermo.com John Bowman

unread,
Sep 28, 2006, 12:52:02 PM9/28/06
to
Nicole,

Thanks for the response. As I said in my original post, the exception is
ONLY thrown when the reg value is deleted under WinVsita, WinXP works fine,
even though the user MUST be an administrator in order to run run the app at
all. Furthermore, this app created the reg value. Reading is fine. It turns
out I inadvertanly posted the wrong exception info. Here's the correct
exception details:

Details:
Object reference not set to an instance of an object.

StackTrace:
at System.Windows.Forms.Control.MarshaledInvoke(Control caller, Delegate
method, Object[] args, Boolean synchronous)
at System.Windows.Forms.Control.Invoke(Delegate method, Object[] args)
at
BackgroundWinNM.CBackgroundWin.CompleteSelfDiscoveryCB(ApplicationException
eApp)
at BackgroundWinNM.CBackgroundWin.PerformSelfDiscovery(Object
TargetSelfDiscovCompleteCB)
at System.Threading.ThreadHelper.ThreadStart_Context(Object state)
at System.Threading.ExecutionContext.runTryCode(Object userData)
at
System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode
code, CleanupCode backoutCode, Object userData)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext
executionContext, ContextCallback callback, Object state)
at System.Threading.ExecutionContext.Run(ExecutionContext
executionContext, ContextCallback callback, Object state)
at System.Threading.ThreadHelper.ThreadStart(Object obj)


John

"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
news:1B3F7F2C-9D8C-4AF4...@microsoft.com...

Joe Kaplan

unread,
Sep 28, 2006, 5:46:07 PM9/28/06
to
It sounds like a Windows Vista limited user (LUA) issue. Even though the
current user is an admin, you don't have all the admin SIDs and privileges
in your token by default. This is more secure by default, as it prevents
the administrator's account from getting hijacked by bad code, but it makes
using the actual privileges of the admin account harder. That's probably
why this is failing.

In order for the app to actually run with the administrator privileges, I
believe you need to create a manifest file for the app that will instruct it
to run with the full token.

There is an older article from Keith Brown here:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnlong/html/leastprivlh.asp

and you'll probably find some additional resources that are newer with a few
additional searches.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--


"John Bowman john....@thermo.com>" <<Remove this before reply> wrote in

message news:uFjNu5x4...@TK2MSFTNGP03.phx.gbl...

0 new messages