How to take ownership of a registry key?

[xformer]

Hello everybody

from time to time a badly written installation program messes up the
registry and creates entries that not even the admin can read.

So I wrote a little program with VB Express 2008 that finds these unreadable
registry keys, sets ownership to the built-in admin group and sets the access
rights to "full control" for the built-in admin group and "read" for the
built-in user group.

Well, almost. There is one thing that I can't get working: If I have found a
registry key that not even the admin can read I need to open that key only
with the right to take ownership of the key. I must not demand read
permission since the admin can't read that key. This is explained for the
native Win32 API in the following KB article:
http://support.microsoft.com/kb/111546/en-us.

I tried to put that in VB .NET code in the following way:

Private Sub takeOwnership(ByRef key As RegistryKey, ByRef subKeyname As
String)
Dim subkey As RegistryKey
Dim rs As RegistrySecurity

subkey = key.OpenSubKey(subKeyname,
RegistryKeyPermissionCheck.ReadSubTree, RegistryRights.TakeOwnership)
rs = subkey.GetAccessControl()
rs.SetOwner(m_sidAdminsGroup)
subkey.SetAccessControl(rs)
subkey.Close()
End Sub

Unfortunately this comes up with a SecurityException at key.OpenSubKey. It
seems as if OpenSubKey tries to open the key with read access despite the
fact that I only demanded RegistryRights.TakeOwnership.

MS documentation is woefully inadequate at this topic and I could not find
anything that would help me on the web.

Does anybody have an idea how to get this working in .NET? Any help would be
greatly appreciated.


Regards,

Frank

 

[Cor Ligthert[MVP]]

The change that you find a solution to your problem in this newsgroup is
low.

Without telling that you are, this is normally a hacker question.

As there would be an answer then probably tomorrow we have a security update

Cor

 

[xformer]

Hello, Cor,

Without telling that you are, this is normally a hacker question.

As there would be an answer then probably tomorrow we have a security update

This is absolutely certainly positively NOT a hacker question and there is
no need for a security update.

I try to make my Vista working again because some installation programs
messed up the registry rights and I want to restore them to what they should
be. Microsoft has the SetInAcl program to fix this but it needs to be told
the registry keys in question. I want to automatically look for the messed up
keys.

I'm sorry I didn' explain what I want to do in a way you could understand it.

Regards,

Frank

 

[Guest]

Xformer,

Why not go into the registry & make changes manually giving propergated
access for administrator..?

 

[xformer]

Why not go into the registry & make changes manually giving propergated
access for administrator..?

And now you tell me how to find out which registry keys are messed up, do
you? Should I click through each and every registry entry to see which one
can't be read, or what?

I have to find them *automatically*.

Does anybody here have helpful answers and can tell me what the openSubKey
method needs to just use the TakeOwnerhsip right?


Frank

 

[Armin Zingler]

And now you tell me how to find out which registry keys are messed
up, do you? Should I click through each and every registry entry to
see which one can't be read, or what?

I have to find them *automatically*.

Does anybody here have helpful answers and can tell me what the
openSubKey method needs to just use the TakeOwnerhsip right?

I'd also ask in the appropriate Framework group because you don't have a
problem with the VB language (the problem would be the same in C#).

Have you tried using RegistryKeyPermissionCheck.Default instead of
ReadSubTree?

An option can be: process the whole registry, catch all exceptions and list
the related keys in a listbox. Then you can still manually change the
ownership of those keys of which you think it has to be changed. Theory
only, so I don't know how many results you will get.


Armin

 

[Armin Zingler]

An option can be: process the whole registry, catch all exceptions
and list the related keys in a listbox. Then you can still manually
change the ownership of those keys of which you think it has to be
changed. Theory only, so I don't know how many results you will get.

....I get about 50 results: (put a button and a listbox on the Form)

Imports Microsoft.Win32
Imports System.Security.Principal
Imports System.Security.AccessControl

Public Class Form1

Private Sub Button1_Click( _
ByVal sender As System.Object, ByVal e As System.EventArgs) _
Handles Button1.Click

process(Registry.LocalMachine)
process(Registry.CurrentConfig)
process(Registry.Users)

End Sub
Private Sub process(ByVal key As RegistryKey)

Dim RegSec As RegistrySecurity
Dim owner As SecurityIdentifier
Dim subkeynames As String()

Try
RegSec = key.GetAccessControl
Catch ex As Exception
ListBox1.Items.Add(key.Name & ": failed to get access control")
End Try

If RegSec IsNot Nothing Then
Try
owner = DirectCast( _
RegSec.GetOwner(GetType(SecurityIdentifier)), _
SecurityIdentifier _
)
Catch ex As Exception
ListBox1.Items.Add(key.Name & ": failed to get owner")
Return
End Try
End If

Try
subkeynames = key.GetSubKeyNames
Catch ex As Exception
ListBox1.Items.Add(key.Name & ": failed to enumerate subkeys")
Return
End Try

For Each subkeyname In subkeynames
Dim subkey As RegistryKey
Try
subkey = key.OpenSubKey( _
subkeyname, RegistryKeyPermissionCheck.ReadSubTree, _
Security.AccessControl.RegistryRights.ReadKey _
)
Catch ex As Exception
ListBox1.Items.Add( _
key.Name & ": failed opening subkey """ & subkeyname & """" _
)
subkey = Nothing
End Try

If subkey IsNot Nothing Then
Try
process(subkey)
Finally
subkey.Close()
End Try
End If
Next

End Sub

End Class


Though, don't know if this really helps you.


Armin