All geek questions in one place

Programmatically allow write access to a registry key

I need to programmatically change access descriptors on a known registry key during product installation. I want it to work:

  • The installer starts in administrative mode.
  • A registry key is created.
  • The function (the one I need) requests the ACL from the key.
  • If this function detects that the Users group already has write access, nothing should be done.
  • If not, he must add a new permission to allow write access to the Users group.
  • Permissions are saved for the registry key.

This question is similar to Configuring permissions to write a registry key using .NET , however I need a C ++ / Win32 implementation.

Thanks in advance

+4
source share
2 answers

To obtain and configure the ACL of a key, you need to use RegGetKeySecurity and RegSetKeySecurity. Then you need to iterate through the ACE, having studied everything applicable to the SID of the Users group. Then you either modify / delete the existing one or add a new one. Keep in mind that working with ACLs in plain old Win32 C is a pain.

+4
source

The smallest access code consists of 3 API calls. It provides full access to this hkey all authenticated users and administrators.

This snippet does not contain proper error handling and reporting. Do not copy / paste it into production code.

  PSECURITY_DESCRIPTOR sd = nullptr; ULONG sd_size = 0; TCHAR* rights = TEXT( "D:" ) // Discretionary ACL TEXT( "(A;OICI;GA;;;AU)" ) // Allow full control to all authenticated users TEXT( "(A;OICI;GA;;;BA)" ); // Allow full control to administrators ConvertStringSecurityDescriptorToSecurityDescriptor( rights, SDDL_REVISION_1, &sd, &sd_size ); RegSetKeySecurity( hkey, DACL_SECURITY_INFORMATION, sd ); LocalFree( sd );

Determining whether "users" have write permissions to a key can be more difficult than expected. As a result, I wrote a test value to the registry and checked the result of this entry.

0
source

Source: https://habr.com/ru/post/1304016/

More articles:


All Articles