Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

running aspnet_setreg.exe on a windows 2008 server

I have a site that uses aspnet_setreg.exe to encrypt the username and password of the identity user into the registry. It has always worked fine but when I run it on a Windows 2008 i get this:

C:\aspnet_setreg>aspnet_setreg.exe -k:SOFTWARE\MYCODE\identity -u:"domain\user" -p:"password"

Please edit your configuration to contain the following:

userName="registry:HKLM\SOFTWARE\MYCODE\identity\ASPNET_SETREG,userName" password="registry:HKLM\SOFTWARE\MYCODE\identity\ASPNET_SETREG,password"

The DACL on the registry key grants Full Control to System, Administrators, and Creator Owner.

If you have encrypted credentials for the configuration section, or a connection string for the configuration section, ensure that the process identity has Read access to the registry key. Furthermore, if you have configured IIS to access content on a

UNC share, the account used to access the share will need Read access to the registry key. Regedt32.exe may be used to view/modify registry key permissions.

You may rename the registry subkey and registry value in order to prevent discovery.

Does anyone else use this and have you seen it work on 2008.

Thanks

like image 634
Larry Hipp Avatar asked May 06 '09 16:05

Larry Hipp


2 Answers

Potential issue with aspnet_setreg.exe is that it's a 32 bit process, and will write to the Wow6432Node rather than the places indicated above. If you are running a 64 bit app pool, you will need to copy the reg key to the "real" x64 location.

like image 97
Christopher G. Lewis Avatar answered Nov 15 '22 14:11

Christopher G. Lewis


1) The aspnet_setreg application was putting the registry entry into HKLM\Software\Wow6432Node\rest of path.

As mentioned above, this is the behavior for a 32bit app modifying a 64 bit registry entry.

2) To move the key to the right location, I exported the key to a .reg file and then edited the file and got rid of the Wow6432Node directory in the file.

3) Alternatively, you could just use the Wow6432Node path:

For example:

userName="registry:HKLM\Software\Wow6432Node\MYCODE\identity\ASPNET_SETREG,userName"

password="registry:HKLM\Software\Wow6432Node\MYCODE\identity\ASPNET_SETREG,password"

4) Also, note that you must have admin privileges to run this. On Windows 7, I ran it from command line with using the "run as administrator", and aspnet_setreg stored it in HKEY_USERS[USER SID]\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node.

5) Finally, remember to set the permissions to the registry entry so that your application can read from the registry key.

References: http://support.microsoft.com/kb/329290

like image 2
WWC Avatar answered Nov 15 '22 14:11

WWC