tags:

views:

320

answers:

5
Q: 

Impersonation and Registry Manipulation in Vista\Win7

I need to create a program that has access to HKLM when running in a non-admin session. I have access to the admin credentials so impersonation seems to be an option.The sequence of Win32 calls is:

  1. LogonUser
  2. ImpersonateLoggedOnUser
  3. RegOpenKeyEx
  4. RegCreateKeyEx

The key is successfully created on XP/2003 and fails with 'Access Denied' on Vista/Win7. I am running as the same default domain user and impersonating the same domain admin in each of the scenarios. The 'Access Denied' is being generated by RegCreateKeyEx and obviously the key isn't being created.

Anyone have a clue to why this is happening?

A: 

In Vista/Win7 the security has changed. See this article on registry virtualization.

JRL  2009-10-04 16:02:14
Good article about registry virtualization and I realize that Microsoft is advocating the LUA scenario for new development of applications but shouldn't Administrators still have access to HKLM?
Adam Driscoll  2009-10-04 16:19:39
A: 

AFAIK to access to HKLM in Vista/Windows7 you must have administrator privilages. Try to compile program with option - require administrator privilage, or just run program as administrator.

Jasmin25  2009-10-04 16:27:58
+1  A: 

If you have the username/password for a admin user, you could start a helper process with CreateProcessWithLogonW() and communicate with it using some kind of IPC (Pipes,shared memory+events etc)

As to why it fails on NT6, maybe your impersonation is not giving you a high IL

Anders  2009-10-05 01:14:25
+1  A: 

An administrator on Windows Vista/7 doesn't have write access to HKLM by default either, they must elevate first. See Vista UAC: The Definitive Guide for details on launching a new process elevated since you cannot elevate an existing process.

Murray  2009-10-12 19:34:34
A: 

The way to accomplish this is through multiple processes as Murray and Anders suggested. First you launch a process to launches another process with the CreateProcessAsLoggedOnUser with Admin credentials. Then you have to launch ANOTHER process using the ShellExecute function with "runas" specified as the verb. This allows for impersonation and elevation without a UAC dialog.

Adam Driscoll  2009-10-12 22:00:55

related questions

Of Memory Management, Heap Corruption, and C++
How do I make a GUI?
Alpha blending sprites in Nintendo DS Homebrew
Thread safe lazy contruction of a singleton in C++
Interview Programming Questions - In house Exam
Link issues (VC6)
What are the barriers to understanding pointers and what can be done to overcome them?
Why are professors or schools picking Java over C++ to teach to students?
What is the best way to create a sparse array in C++
C/C++ library for reading MIDI signals from a USB MIDI device
How do you pack a visual studio c++ project for release?
How to set up unit testing for Visual Studio C++
How do I configure and communicate with a serial port?
Lightweight IDE for Linux
Mapping Stream data to data structures in C#
CPU throttling in C++
Asynchronous multi-direction server-client communication over the same open socket?
Exceptions in C++
Heap corruption under Win32; how to locate?
Build for Windows NT 4.0 using Visual Studio 2005?
C++: Should I use nested classes in this case?
BerkeleyDB Concurrency
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
How to use the C socket API in C++ on z/OS