All geek questions in one place

Access to RegistrySecurity is denied. FROM#

I am currently having a problem writing an application to set permissions on some Legacy keys. Outdated keys are completely locked and actually change them in regedit, you must take responsibility and then add yourself with full control. When I try to reproduce this in code, I can’t get the key for the record with the error "Access denied." Code example:

RegistrySecurity rs = new RegistrySecurity(); rs.AddAccessRule(new RegistryAccessRule("Administrators", RegistryRights.FullControl, AccessControlType.Allow)); rs.SetOwner(new NTAccount("Administrators")); return LocalMachine.CreateSubKey(post, RegistryKeyPermissionCheck.ReadWriteSubTree, rs);

Any ideas would be highly appreciated. I also tried OpenSubKey with a write request, and I just can't get the key.

Thanks guys.

+6
source share
5 answers

I finally found a solution. You had to open the key with "ChangePermissions" and then change the permission for yourself ... THEN re-open the key with full control to change the owner. Here is how.

 RegistryKey rk = LocalMachine.OpenSubKey(subkey, RegistryKeyPremissionsCheck.ReadWriteSubTree, RegistryRights.ChangePermissions | RegistryRights.ReadKey);//Get the registry key desired with ChangePermissions Rights. RegistrySecurity rs = new RegistrySecurity(); rs.AddAccessRule(new RegistryAccessRule("Administrator", RegistryRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow));//Create access rule giving full control to the Administrator user. rk.SetAccessControl(rs); //Apply the new access rule to this Registry Key. rk = LocalMachine.OpenSubKey(subkey, RegistryKeyPremissionsCheck.ReadWriteSubTree, RegistryRights.FullControl); // Opens the key again with full control. rs.SetOwner(new NTAccount("Administrator"));// Set the securitys owner to be Administrator rk.SetAccessControl(rs);// Set the key with the changed permission so Administrator is now owner.

This works for me. Let me know if this works for you :)

Obviously, change the Administrator to another user if you are not logged in as an administrator or if you need rights for another user.

+7
source

When you run the application with this code, do you right-click on exe and select "Run As Administrator"?

0
source 
 using System.Security; using System.Security.AccessControl; using System.Security.Principal; using Microsoft.Win32;

First you need to set the permission using the FULL-ACCESS right to the subsection

 RegistryKey rkey = LocalMachine.OpenSubKey(_subKey, RegistryKeyPermissionCheck.ReadWriteSubTree, gistryRights.ChangePermissions); if (rkey == null) throw new Exception("Not Open"); //------- RegistrySecurity _registrySecurity =new RegistrySecurity();//Or rkey.GetAccessControl(); WindowsIdentity _windowsIdentity = System.Security.Principal.WindowsIdentity.GetCurrent(); RegistryAccessRule _accessRule = new RegistryAccessRule(_windowsIdentity.Name, RegistryRights.FullControl, InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit, PropagationFlags.None, AccessControlType.Allow); _registrySecurity.AddAccessRule(_accessRule); _registrySecurity.SetAccessRuleProtection(false, true); rkey.SetAccessControl(_registrySecurity); //--------Now, Set owner _registrySecurity.SetGroup(new NTAccount("Administrators")); //This is optional var SID = new System.Security.Principal.NTAccount("XXX\\Users"); _registrySecurity.SetOwner(SID); rkey.SetAccessControl(_registrySecurity);

XXX: your account name

0
source 
  RegistryKey rkey = Registry.LocalMachine.OpenSubKey(@"SOFTWARE\Norton\SecurityStatusSDK", RegistryKeyPermissionCheck.ReadWriteSubTree, RegistryRights.ChangePermissions); if (rkey == null) throw new Exception("Not Open"); //------- RegistrySecurity _registrySecurity = new RegistrySecurity();//Or rkey.GetAccessControl(); WindowsIdentity _windowsIdentity = System.Security.Principal.WindowsIdentity.GetCurrent(); RegistryAccessRule _accessRule = new RegistryAccessRule(_windowsIdentity.Name, RegistryRights.FullControl, InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit, PropagationFlags.None, AccessControlType.Allow); _registrySecurity.AddAccessRule(_accessRule); _registrySecurity.SetAccessRuleProtection(false, true); try { rkey.SetAccessControl(_registrySecurity);// <---"Attempted to perform an unauthorized operation." } catch (UnauthorizedAccessException e) { } //--------Now, Set owner _registrySecurity.SetGroup(new NTAccount("Administrators")); //This is optional var SID = new System.Security.Principal.NTAccount("XXX\\Users"); _registrySecurity.SetOwner(SID); rkey.SetAccessControl(_registrySecurity);

I installed Norton Internet Security

-1
source

Microsoft Visual Studio 2015 (Admin)

_subKey = SOFTWARE\Wow6432Node\Norton

rkey.SetAccessControl(_registrySecurity);-> "Attempted to perform an unauthorized operation."

-2
source

Source: https://habr.com/ru/post/891216/

More articles:


All Articles