I use the following code (found online) to establish full control for a key in the registry:
procedure TForm1.bnSetRegistryFCClick(Sender: TObject);
var
SID: PSID;
peUse, cchDomain, cchName, dwResult: DWORD;
Name, Domain: array of Char;
pDACL: PACL;
pEA: PEXPLICIT_ACCESS_W;//
sObject: String;
begin
sObject := 'HKEY_LOCAL_MACHINE\SOFTWARE\Borland';
SID := nil;
Win32Check(ConvertStringSidToSidA(PChar('S-1-5-32-545'), SID)); // S-1-5-32-545='users'; S-1-1-0='everyone'
cchName := 0;
cchDomain := 0;
if (not LookupAccountSid(nil, SID, nil, cchName, nil, cchDomain, peUse)) and (GetLastError = ERROR_INSUFFICIENT_BUFFER) then
begin
SetLength(Name, cchName);
SetLength(Domain, cchDomain);
if LookupAccountSid(nil, SID, @Name[0], cchName, @Domain[0], cchDomain, peUse) then
begin
pEA := AllocMem(SizeOf(EXPLICIT_ACCESS));
BuildExplicitAccessWithName(pEA, PChar(Name), GENERIC_ALL,GRANT_ACCESS, SUB_CONTAINERS_AND_OBJECTS_INHERIT);
dwResult := SetEntriesInAcl(1, pEA, nil, pDACL);
if dwResult = ERROR_SUCCESS then
begin
dwResult := SetNamedSecurityInfo(pChar(sObject), SE_REGISTRY_KEY, DACL_SECURITY_INFORMATION, nil, nil, pDACL, nil);
if dwResult <> ERROR_SUCCESS then
ShowMessage('SetNamedSecurityInfo failed: ' + SysErrorMessage(GetLastError));
LocalFree(Cardinal(pDACL));
end
else
ShowMessage('SetEntriesInAcl failed: ' + SysErrorMessage(dwResult));
end;
end;
end;
SetNamedSecurityInfo returns error 87 and cannot set permissions, which, I think, means that one of the parameters is incorrect. If I use the same code, but using SE_FILE_OBJECT instead of SE_REGISTRY_KEY, I can set permissions for these folders successfully. I get the same result whether I use SID S-1-5-32-545 = "users" or S-1-1-0 = "everything."
Any help is greatly appreciated.
Chris