registry HKEY_LOCAL_MACHINE and user rights

  • Thread starter Thread starter Dennis C. Drumm
  • Start date Start date
D

Dennis C. Drumm

Can my program access the HKEY_LOCAL_MACHINE/Software section of the
registry when being used by a user with restricted rights (not with admin
rights)?

If so, how? I have a program that functions just fine when run by an
administrator but generates an exception when run by a restricted user. The
program accesses the HKEY_LOCAL_MACHINE/Software section to set or get
application settings that are not user specific.

Thanks,

Dennis
 
Hi Dennis,

First of all, I would like to confirm my understanding of your issue. From
your description, I understand that you need to change the credential to
another user in a winform application. If there is any misunderstanding,
please feel free to let me know.

As far as I know, there isn't such method available in .net framework.
However, we can achieve that with Win32 SDK Call. LogonUser is such an API
that can do this.

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthn/se
curity/logonuser.asp

Here is a good KB article, which contains detailed information about how to
do this with implementation code. HTH

http://support.microsoft.com/?id=306158

Kevin Yu
=======
"This posting is provided "AS IS" with no warranties, and confers no
rights."
 
A regular user can only read settings from HKLM, you need to be poweruser or
admin to write values to that part of registry. This is the default,
however, if these are your own settings in your own application you could
make the installation program change the security of your key so regular
users may change values in your application's section.

Another way would be to use a configuration file instead. Although I don't
see why regular users should be allowed to change settings that would effect
all users...


Arild
 
You should never store volatile application data in HKEY_LOCAL_MACHINE - you are guaranteeing that only administrators will be able to use your program

The appropriate place to put shared data in the registry is exposed via

System.Windows.Forms.Application.CommonAppDataRegistry

and user data via

System.Windows.Forms.Application.UserAppDataRegistry

under both of these you should have keys for <companyname>\<product>

this is the standard non-admin required way of storing information in the registry

For storing files there are equivelent areas of the file system exposed by the Application class too.

Regards

Richard Blewett - DevelopMentor

http://staff.develop.com/richardb/weblog

nntp://news.microsoft.com/microsoft.public.dotnet.languages.csharp/<[email protected]>

Try using this to build impersonation into your program and then run
it.

http://www.codeproject.com/csharp/cpimpersonation1.asp

It might help to just use the source code already provided to see if
you can access the regex. That way you dont have to modify your own
code if it doesnt work, which i doubt.

:-)
Sushant



Dennis C. Drumm said:
Can my program access the HKEY_LOCAL_MACHINE/Software section of the
registry when being used by a user with restricted rights (not with admin
rights)?

If so, how? I have a program that functions just fine when run by an
administrator but generates an exception when run by a restricted user. The
program accesses the HKEY_LOCAL_MACHINE/Software section to set or get
application settings that are not user specific.

Thanks,

Dennis
Click to expand...

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.766 / Virus Database: 513 - Release Date: 17/09/2004



[microsoft.public.dotnet.languages.csharp]
 
Thanks to everyone for the responses.

Richard, since the Application.CommonAppDataRegistry puts information in a
key associated with an application version, is there a way to retrieve
common user data from keys created for previous versions of the application?

Thanks,

Dennis

Richard Blewett said:
You should never store volatile application data in HKEY_LOCAL_MACHINE -
you are guaranteeing that only administrators will be able to use your
program

The appropriate place to put shared data in the registry is exposed via

System.Windows.Forms.Application.CommonAppDataRegistry

and user data via

System.Windows.Forms.Application.UserAppDataRegistry

under both of these you should have keys for <companyname>\<product>

this is the standard non-admin required way of storing information in the
registry

For storing files there are equivelent areas of the file system exposed by
the Application class too.

Regards

Richard Blewett - DevelopMentor

http://staff.develop.com/richardb/weblog


nntp://news.microsoft.com/microsoft.public.dotnet.languages.csharp/<[email protected]>

Try using this to build impersonation into your program and then run
it.

http://www.codeproject.com/csharp/cpimpersonation1.asp

It might help to just use the source code already provided to see if
you can access the regex. That way you dont have to modify your own
code if it doesnt work, which i doubt.

:-)
Sushant



Dennis C. Drumm said:
Can my program access the HKEY_LOCAL_MACHINE/Software section of the
registry when being used by a user with restricted rights (not with
admin
rights)?

If so, how? I have a program that functions just fine when run by an
administrator but generates an exception when run by a restricted user.
The
program accesses the HKEY_LOCAL_MACHINE/Software section to set or get
application settings that are not user specific.

Thanks,

Dennis
Click to expand...

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.766 / Virus Database: 513 - Release Date: 17/09/2004



[microsoft.public.dotnet.languages.csharp]
Click to expand...
 
Actually looking at the DACL on CommonAppDataRegistry, a user won't be able to write to that. So so should write to teh file system CommonAppDataPath (which maps to documents and settings\all users) whose DACL allows users to write. You should write the CommonAppDataRegistry on application installation for installation option data. Everything else should go in the usr settings prefereable as different users will want different options potentially. To get to previous version settings just go to the registry directly and and read the settings then write them for the new version on installation

Regards

Richard Blewett - DevelopMentor

http://staff.develop.com/richardb/weblog

nntp://news.microsoft.com/microsoft.public.dotnet.languages.csharp/<[email protected]>

Thanks to everyone for the responses.

Richard, since the Application.CommonAppDataRegistry puts information in a
key associated with an application version, is there a way to retrieve
common user data from keys created for previous versions of the application?

Thanks,

Dennis

Richard Blewett said:
You should never store volatile application data in HKEY_LOCAL_MACHINE -
you are guaranteeing that only administrators will be able to use your
program

The appropriate place to put shared data in the registry is exposed via

System.Windows.Forms.Application.CommonAppDataRegistry

and user data via

System.Windows.Forms.Application.UserAppDataRegistry

under both of these you should have keys for <companyname>\<product>

this is the standard non-admin required way of storing information in the
registry

For storing files there are equivelent areas of the file system exposed by
the Application class too.

Regards

Richard Blewett - DevelopMentor

http://staff.develop.com/richardb/weblog


nntp://news.microsoft.com/microsoft.public.dotnet.languages.csharp/<[email protected]>

Try using this to build impersonation into your program and then run
it.

http://www.codeproject.com/csharp/cpimpersonation1.asp

It might help to just use the source code already provided to see if
you can access the regex. That way you dont have to modify your own
code if it doesnt work, which i doubt.

:-)
Sushant



Dennis C. Drumm said:
Can my program access the HKEY_LOCAL_MACHINE/Software section of the
registry when being used by a user with restricted rights (not with
admin
rights)?

If so, how? I have a program that functions just fine when run by an
administrator but generates an exception when run by a restricted user.
The
program accesses the HKEY_LOCAL_MACHINE/Software section to set or get
application settings that are not user specific.

Thanks,

Dennis
Click to expand...

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.766 / Virus Database: 513 - Release Date: 17/09/2004



[microsoft.public.dotnet.languages.csharp]
Click to expand...



---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.766 / Virus Database: 513 - Release Date: 17/09/2004



[microsoft.public.dotnet.languages.csharp]
 
Hi Dennis,

I'd like to know if this issue has been resolved yet. Is there anything
that I can help. I'm still monitoring on it. If you have any questions,
please feel free to post them in the community.

Kevin Yu
=======
"This posting is provided "AS IS" with no warranties, and confers no
rights."
 
Back
Top