Changing registry permissions using c#

[Ashok]

Hello

I need to programmatically change the permissions (ACL) on a specific
registry key in a .NET app. Is there a way to do this in .NET?
Thanks for the help,
Ashok

 

[Mattias Sjögren]

I need to programmatically change the permissions (ACL) on a specific
registry key in a .NET app. Is there a way to do this in .NET?

You use the same Win32 API functions you would in an unmanaged
application.



Mattias

 

[Willy Denoyette [MVP]]

Three options:
1.Use System.DirectoryServices when running XP or higher.
As a sample, following retrieves a DACL from a registry key.

using System;
using System.DirectoryServices;
using System.Runtime.InteropServices;

// Use ADsSecurityUtilityClass available on XP and higher (activeds.dll)
// Interop Assembly created with tlbimp.exe from activeds.tlb,
// or by setting a reference to the typelib from within the IDE
using activedsnet;

class Tester {
public static void Main() {
// Local registry object
string regPath = @"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft";
SecurityDescriptor sd = null;
AccessControlList dacl = null;
ADsSecurityUtilityClass asu = new ADsSecurityUtilityClass();
// Get DACL Group and OWNER info
asu.SecurityMask = (int)(ADS_SECURITY_INFO_ENUM.ADS_SECURITY_INFO_DACL) |
(int)(ADS_SECURITY_INFO_ENUM.ADS_SECURITY_INFO_GROUP)|
(int)(ADS_SECURITY_INFO_ENUM.ADS_SECURITY_INFO_OWNER);
try {
sd = asu.GetSecurityDescriptor(regPath,
(int)ADS_PATHTYPE_ENUM.ADS_PATH_REGISTRY,
(int)ADS_SD_FORMAT_ENUM.ADS_SD_FORMAT_IID) as SecurityDescriptor;
}
catch(COMException ce)
{
// Be sure logon user has access to local/remote system
Console.WriteLine(ce.Message);
return;
}
// Get DACL from SD
dacl = sd.DiscretionaryAcl as AccessControlList;
if (dacl != null) {
Console.WriteLine("Control: {0}", sd.Control);
Console.WriteLine("Owner: {0}", sd.Owner);
Console.WriteLine("Group: {0}", sd.Group);
Console.WriteLine("Revision: {0}", sd.Revision);
DumpDacl(dacl);
}
}
static void DumpDacl(IADsAccessControlList dacl)
{
IADsAccessControlEntry ace = null;
Console.WriteLine("------- No. of ACE's {0}-----------", dacl.AceCount);
foreach(object ac in dacl) {
ace = ac as IADsAccessControlEntry;
Console.WriteLine("Access : {0}", Enum.Format(typeof(ADS_RIGHTS_ENUM),
ace.AccessMask, "F"));
Console.WriteLine(ace.Trustee);
Console.WriteLine("ACE flags {0}",
Enum.Format(typeof(ADS_ACEFLAG_ENUM),ace.AceFlags, "x"));
Console.WriteLine("ACE type: {0}",
((ADS_ACETYPE_ENUM)ace.AceType).ToString());
Console.WriteLine("----------------");
}
}
}
//--------------
2. Use System.Management on W2K or higher
3. Use PInvoke interop to use Win32 API's.

Willy.

 

[Michael Thompson]

hi,

i have a web service that is trying to access the HKEY_LOCAL_MACHINE
part of the registry. i get the error message:

"Access to the registry key HKEY_LOCAL_MACHINE\Software\test is denied."

i have administrative rights, and its on my machine. the code looks like:

..
..
..
using Microsoft.Win32;
..
..
..
try
{
string thisOne = @"Software\test";
string thisValue = "testing";

RegistryKey regKey = Registry.LocalMachine;
regKey.CreateSubKey ( thisOne );
regKey = Registry.LocalMachine.OpenSubKey ( thisOne, true );
regKey.SetValue ( "", thisValue );
regKey.Flush ( );
regKey.Close ( );
regKey = null;
}
catch ( Exception e2 )
{
Console.WriteLine ( "Error is " + e2.Message.ToString ( ) );
}
..
..
..

what have i forgotten?

regards,
topdog

....had this been a real emergency,
we would have all fled away in terror;
and you would have NOT been notified.

 

[Mattias Sjögren]

Michael,

what have i forgotten?

That the web service code runs under a different account (i.e. it
doesn't matter if _you_ are an admin).



Mattias