From: huangbo888 on 16 Apr 2007 01:11 I am using the following code to modify a registry key's everyone permission from read to write #define REG1 "SYSTEM\\CurrentControlSet\\Enum\\Root\\IRCOMM2K\\0000\\" int _tmain() { SID_IDENTIFIER_AUTHORITY arg1 = SECURITY_WORLD_SID_AUTHORITY; SECURITY_DESCRIPTOR sd; PSID everyone; PACL pacl; HKEY hKEY; DWORD aclSize; long ret; ret=(RegOpenKeyEx(HKEY_LOCAL_MACHINE, REG1, 0, KEY_READ, &hKEY)); ret = AllocateAndInitializeSid(&arg1,1,SECURITY_WORLD_RID,0, 0, 0, 0, 0, 0, 0, &everyone); aclSize = 2 * (sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) + GetLengthSid(everyone)); pacl = (PACL)LocalAlloc(GPTR, aclSize); ret = InitializeAcl(pacl, aclSize, ACL_REVISION); ret = AddAccessAllowedAce(pacl, ACL_REVISION, KEY_WRITE,everyone); ret = InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION); ret = SetSecurityDescriptorDacl(&sd, TRUE, pacl, FALSE); ret = RegSetKeySecurity(hKEY, DACL_SECURITY_INFORMATION, &sd); LocalFree(pacl); return 0; } however it doen't work, the error occured in RegSetKeySecurity function, it returns the error code ERROR_ACCESS_DENIED, The code runs under administrators role, and I can use regedit to change a registry key permission.
From: Doron Holan [MS] on 16 Apr 2007 01:41 you should never *EVER* change a registry key under the Enum branch that you did not create. you can change permissions on keys you create under your device's "Device Parameters" key, but for any key before that you should not touch. For instance, even if you get this to work, Vista will change the permissions back to the correct permissions. What is your end goal by changing the permissions? Why do you want to give everyone the ability to write to the key? d -- Please do not send e-mail directly to this alias. this alias is for newsgroup purposes only. This posting is provided "AS IS" with no warranties, and confers no rights. <huangbo888(a)gmail.com> wrote in message news:1176700299.254277.320070(a)y5g2000hsa.googlegroups.com... >I am using the following code to modify a registry key's everyone > permission from read to write > > #define REG1 "SYSTEM\\CurrentControlSet\\Enum\\Root\\IRCOMM2K\\0000\\" > > int _tmain() > { > SID_IDENTIFIER_AUTHORITY arg1 = SECURITY_WORLD_SID_AUTHORITY; > SECURITY_DESCRIPTOR sd; > PSID everyone; > PACL pacl; > HKEY hKEY; > DWORD aclSize; > long ret; > > ret=(RegOpenKeyEx(HKEY_LOCAL_MACHINE, REG1, 0, KEY_READ, &hKEY)); > > > > ret = AllocateAndInitializeSid(&arg1,1,SECURITY_WORLD_RID,0, 0, 0, 0, > 0, 0, 0, &everyone); > aclSize = 2 * (sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) + > GetLengthSid(everyone)); > > pacl = (PACL)LocalAlloc(GPTR, aclSize); > ret = InitializeAcl(pacl, aclSize, ACL_REVISION); > ret = AddAccessAllowedAce(pacl, ACL_REVISION, KEY_WRITE,everyone); > ret = InitializeSecurityDescriptor(&sd, > SECURITY_DESCRIPTOR_REVISION); > > ret = SetSecurityDescriptorDacl(&sd, TRUE, pacl, FALSE); > ret = RegSetKeySecurity(hKEY, DACL_SECURITY_INFORMATION, &sd); > LocalFree(pacl); > > return 0; > } > > however it doen't work, the error occured in RegSetKeySecurity > function, it returns the error code ERROR_ACCESS_DENIED, > > The code runs under administrators role, and I can use regedit to > change a registry key permission. >
|
Pages: 1 Prev: Find all open handles (Mutex, File, Key etc) Next: PagedPoolMemory - filter drivers |