Menu
I'm trying to grant Write access to my application's registry settings to everyone or all users of a machine during the install process.
My application does not have the appropriate permissions directly after install without requiring an administrator to grant them even though the keys and values exists, they cannot be updated? I've the snippet below, but the installer is failing due to Unauthorized access / access denied. I think I'm on the right track...
How can I resolve the permissions issue without requiring manual attention? Is there a better approach? I'm attempting to replace an additional installer with the Visual Studio setup by adding this functionality.
protected void GrantAllAccessPermission(String key)
{
try
{
SecurityIdentifier sid = new SecurityIdentifier(WellKnownSidType.WorldSid, null);
NTAccount account = sid.Translate(typeof(NTAccount)) as NTAccount;
// Get ACL from Windows, allow writing to the registry key
using (RegistryKey rk = Registry.LocalMachine.OpenSubKey(key, true))
{
RegistrySecurity rs = new RegistrySecurity();
// Creating registry access rule for 'Everyone' NT account
RegistryAccessRule rar = new RegistryAccessRule(
account.ToString(),
RegistryRights.FullControl,
InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
PropagationFlags.None,
AccessControlType.Allow);
rs.AddAccessRule(rar);
rk.SetAccessControl(rs);
}
}
catch (System.Security.SecurityException ex)
{
throw new InstallException(
String.Format("An exception in GrantAllAccessPermission, security exception! {0}", key),
ex);
}
catch (UnauthorizedAccessException ex)
{
throw new InstallException(
String.Format("An exception in GrantAllAccessPermission, access denied! {0}", key),
ex);
}
}
816
To change a registry value or registry permissions from a command line or from a script, use the Regini.exe utility. The Regini.exe utility is included in the Windows NT Server 4.0 Resource Kit, in the Microsoft Windows 2000 Resource Kit, and in the Microsoft Windows Server 2003 Resource Kit.
Get Full Control Permissions to a Registry keyOn the Permission Entry dialog box, click the Select a principal link. Then, type your user name in the Enter the object name to select box and click Check Names, like you did earlier. Then, click OK. Check the Full Control box under Basic permissions and click OK.
Write DAC. Lets the user read and write the Discretionary Access Control (DAC) list for the key, which lets a user change the key's permissions. Write Owner. Lets a user take ownership of the key. Read Control.
I realize this post is a bit old but I figured it was worth commenting on it for anyone that might stumble upon it like I did while trying to figure out a similar issue. You were very close, I just changed two lines of code. The key change is the first one; when opening the key you need to open it as writable. The second change is to append new permissions rather than replacing all permissions...since you are giving everyone full access, you don't really need this change, but if you were adding permissions for single user, you would want to append permissions.
Each change I made first comments out the old line with //CHANGED:
SecurityIdentifier sid = new SecurityIdentifier(WellKnownSidType.WorldSid, null);
NTAccount account = sid.Translate(typeof(NTAccount)) as NTAccount;
// Get ACL from Windows
// CHANGED to open the key as writable: using (RegistryKey rk = Registry.LocalMachine.OpenSubKey(key))
using (RegistryKey rk = Registry.LocalMachine.OpenSubKey(key, RegistryKeyPermissionCheck.ReadWriteSubTree))
{
// CHANGED to add to existing security: RegistrySecurity rs = new RegistrySecurity();
RegistrySecurity rs = rk.GetAccessControl()
// Creating registry access rule for 'Everyone' NT account
RegistryAccessRule rar = new RegistryAccessRule(
account.ToString(),
RegistryRights.FullControl,
InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
PropagationFlags.None,
AccessControlType.Allow);
rs.AddAccessRule(rar);
rk.SetAccessControl(rs);
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
