1

I wrote an application that stores several things in the registry. When I first started, I added them to HKEY_LOCAL_MACHINE, but kept getting permission errors writing to the. So, it was suggested that I use HKEY_CURRENT_USER, that worked until I realized that I am not able to access them from another account. How can I write to the registry but allow all accounts to access read and write to it?

I used the Python module _winreg.

Improve this question

4 Answers 4

Reset to default
2

HKEY_LOCAL_MACHINE/Software/YourSoftware, needs Admin permissions and is for install-time data, or HKEY_CURRENT_USER/Software/YourSoftware, which is for data pertinent to this environment only (this user, this profile etc.)

EDIT: An alternative would be storing a config file and setting the right permissions at install time.

2nd EDIT: I've read in another comment that you want to be sure only your application modified some file, so you store the modification times. Workarounds:

  • encrypt the file-not-to-be-modified, best is with a user-generated key
  • make a service, install with a special user under which it runs, and make the permissions so, that only this service can access the file

My gut feeling says your requirement to modify a file only by your app, but under any account is very wrong but the more or less correct solutions have to impose additional complexity. Your decision: review your requirements and possibly your design, or add a layer of complexity and possibly cruft.

3rd EDIT: Split your app, have an admin application, which can with admin rights write to HKLM and set the settings. Normal user rights should suffice to read HKLM

Improve this answer
Sign up to request clarification or add additional context in comments.

11 Comments

How do I get Admin permission for my program?
My installation wizard downloads the files and extracts them to the appropriate place. I need the application to have admin privileges each time it launches.
Then it can by definition only be used by admin users. Why do you need it?
Why do I need admin rights? I need them because my application has to be able to access the registry entries in HKLM from every acount on the system. Currently it can't, thus it crashes.
What are you trying to do? An "application" (not admin tool) should never need to be dependend on another account.
|
0

You'll either need admin permissions to write to HKLM, or settle for non-global reg keys. Behavior is going to vary somewhat between different versions of windows.

Improve this answer

Comments

0

If you want to write to the registry so that all users can read it, you will need to run your program with administrator privileges.

You might be happier storing your information in a file instead, which will be easier to manage.

Improve this answer

3 Comments

I would have if I thought about that, but the application is already written. 4 months of development and coding, went to test it on a second account and it couldn't read the data it needed!
You may find that changing the settings storage is not as large a change as you think. Sounds like a good opportunity for a clean abstraction, then you can change the underlying implementation with little fuss.
The data that is stored in the registry is file modification times. These are used as a security precaution to make sure files aren't modified by anything but my software. Would it be possible to create and Admin profile and run the application under that profile? This way, the app has admin privileges, but doesn't require and admin password to e entered. The application would create the profile with a password, then just ranas that profile.
0

One other possibility would be changing the security on your HKLM keys to R/W for anyone. Although the idea that this is somehow security against modification seems a bit of a stretch.

Regedt32 has the ability to set the keys, so the underlying API must have it too.

All that said, this is a screwed up way to run an application and shows a sever lack of understanding of security and security models. (In other words, typical windows development.)

How did I get so cynical.....

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.