views:

23

answers:

2

I have a program that was written on XP. What I've found out is that it doesn't work properly on Win7 because HLKM is no longer writable by non-admins.

Essentially, when you register the program, the licensing information is supposed to go into the registry. That information is valid for everyone on the computer, not just the one user, so I don't want to put it in HKCU. But any copy of the program needs to be able to edit that registry (even if it's a non-admin running it), because there are certain situations when it's going to go get updated license information from my web server (for example, if the registry data is lost or damaged, or if your current license is expired and it needs to see if we've applied an extension).

It's not horrible if it goes out to the web server for every unique user who starts up the program, but it causes some annoying issues, so I'd rather it continue to work the way it did in XP. Is there a way to store data in the registry and still have it shared under Win7, or am I going to have to start looking at storing an INI file on the drive?

A: 

Could you get the installer to make your particular area of the registry to be writeable by everyone? The installer will need to be run with elevated privileges anyway, I'd expect - so this would seem an ideal approach.

Will A
This should work, but I wouldn't call it an ideal approach. It leaves the licensing information under HKLM vulnerable to changes by unpriviledged users. Ideally, you'd like to protect the licensing infomation just as strongly as the installed EXE and DLLs in your app. The approach suggested by Kate Gregory will accomplish that goal.
Stephen C. Steel
Actually this would work well for one of the issues I'm dealing with. How does one tell the installer to make part of HKLM be user-writable?
Escher
+1  A: 

Here is how I would architect it: your setup runs elevated and sets up the key. Then if their licensing gets corrupted or whatnot, you enable a button or menu item that has text like "fix license" or "update license". You put a shield on that button or menu item. When they click it, you launch a separate exe using ShellExecute. That exe has a manifest that requires elevation. It can then write to the protected area of the registry. The rest of the app can have a manifest with asInvoker.

If you want it to be completely invisible, either the whole app must always run elevated (annoying) or sometimes the app will just launch another exe that asks for elevation without warning - in which case the smart users will say no. A little less invisibility is a good thing imo.

Kate Gregory
This is the best option, as it uses the UAC mechanism to keep your licensing information under HKLM as secure as the actual installed executables from changes by unpriveledged users (or rogue programs).
Stephen C. Steel

related questions