Programmatically allow write access for a Registry key

Question

Hi everybody,

I need to programmatically modify the Access Descriptors on a known Registry key during product installation. The way I want it to work is:

1. The installer is run in Administrative mode.
2. A Registry key is created.
3. A function (the one I need) queries the ACL from the key.
4. If this function finds that the group 'Users' already has write access, nothing should be done.
5. If not, it should add a new permission allowing write access to the 'Users' group.
6. The permissions are saved for the Registry key.

This question is similar to Setting Registry key write permissions using .NET, however, I need a C++/Win32 implementation.

Thanks in advance

Answer 1

1. download this.

2. read source code.

3. Note that 90% of the code you need is generic to ACLs, not specific to registry keys.

Answer 2

For getting and setting the ACL of the key you need to use RegGetKeySecurity and RegSetKeySecurity. Then you need to iterate through the ACEs, examining any that apply to the "Users" group SID. Then you'll either modify/remove the existing one and/or add a new one. Be advised that working with ACLs in plain old Win32 C is a pain.