Writing to HKLM registry in Windows 7
When I write to the Windows 7 Registry at HKEY_LOCAL_MACHINE, I get a return code of 5 which is the "access denied" message when I execute RegCreateKeyEx.
This happens even if the User has administrator rights.
How can I tell Windows 7 to allow the program to write to the registry?
The application is a 32-bit application and it should be allowed to run in either a Windows 7 32-bit or 64-bit machine.
I noticed that when I run certain popular programs, a User Account Control dialog box comes asking:
"Do if you want to allow the following program from an unknown publisher to make changes to this computer".
Should my application call User Account Control and if so, how do I do it in C++ Visual Studio 2008?
I also found out that 64-bit Windows machines have two registry hives. Is there a different code to handle the same task?
Any help will be appreciated.
Re: Writing to HKLM registry in Windows 7
Quote:
Originally Posted by
robertpantangco
When I write to the Windows 7 Registry at HKEY_LOCAL_MACHINE, I get a return code of 5 which is the "access denied" message when I execute RegCreateKeyEx.
Yes, it is by design. Only in Win 3.1 / Win95-98 everzone could write to HKLM.
Quote:
Originally Posted by
robertpantangco
This happens even if the User has administrator rights.
... beginning from Windows Vista.
Quote:
Originally Posted by
robertpantangco
How can I tell Windows 7 to allow the program to write to the registry?
The application is a 32-bit application and it should be allowed to run in either a Windows 7 32-bit or 64-bit machine.
I noticed that when I run certain popular programs, a User Account Control dialog box comes asking:
"Do if you want to allow the following program from an unknown publisher to make changes to this computer".
Should my application call User Account Control and if so, how do I do it in C++ Visual Studio 2008?
No, you should not develop your program to work against the design of Windows. Do NOT write in HKLM. This hive is only for system + for some App settings that are not to be changed after software installation.
So you should only write something to it while installing your software (note that installation needs to be run with admin rights!)
Quote:
Originally Posted by
robertpantangco
I also found out that 64-bit Windows machines have two registry hives. Is there a different code to handle the same task?
32-bit and 64-bit Application Data in the Registry
Re: Writing to HKLM registry in Windows 7
Note that normally even admins don't have write access to HKLM anymore.
Writing to HKLM requires UAC elevation which can be achieved via the application manifest.
Note that this means the entire application will start elevated and run elevated for the entire duration. This isn't recommended for "user" programs or programs that have mixed user mode and admin mode needs.
If your app is mixed mode, you will either need to start a helper exe and request "on the spot elevation". Or alternatively, have your installation install a service which runs with admin priviledges, and have your user mode app 'talk to' the service to make the HKLM changes on it's behalf.
Ideally though, you want to redesign your application so that it doesn't need to access HKLM outside of the installation.
Re: Writing to HKLM registry in Windows 7
My application needs to write a single file that can be accessed by all users but modify rights only granted to the network administrator AFTER the software has been installed.
I can't put the info in HKLM and I can't write to Program Files either.
Writing to Users\Username\appdata\local\... will not work either because these will create many files. One for each user.
I am stuck!
Re: Writing to HKLM registry in Windows 7
What about using \Documents and Settings\All Users\Application Data\{appname}?
Or with Windows 7 \Users\All Users\Application Data\{appname} or just \ProgramData\{appname}
Re: Writing to HKLM registry in Windows 7
Hello,
Thanks for the advice. Looks like this could be a simple elegant solution.
But I can't seem to get it to work. I am getting "Access Denied" messages when trying to set permissions to the \All Users folder which looks like it points to \ProgramData
Re: Writing to HKLM registry in Windows 7
Quote:
Originally Posted by
robertpantangco
But I can't seem to get it to work. I am getting "Access Denied" messages when trying to set permissions to the \All Users folder which looks like it points to \ProgramData
You what? You were suggested to write file there, but not to set permissions.
Code:
C:\Users\All Users>icacls "C:\Users\All Users\Application Data"
C:\Users\All Users\Application Data Everyone:(DENY)(S,RD)
Everyone:(RX)
NT AUTHORITY\SYSTEM:(F)
BUILTIN\Administrators:(F)
Successfully processed 1 files; Failed processing 0 files
C:\>icacls C:\ProgramData
C:\ProgramData NT AUTHORITY\SYSTEM:(OI)(CI)(F)
BUILTIN\Administrators:(OI)(CI)(F)
CREATOR OWNER:(OI)(CI)(IO)(F)
BUILTIN\Users:(OI)(CI)(RX)
BUILTIN\Users:(CI)(WD,AD,WEA,WA)
Successfully processed 1 files; Failed processing 0 files
As you can see, BUILTIN\Administrators have Full access to ProgramData, so what you need is a simple EXE file manifesting requireAdministrator execution level that will write the file there.
Re: Writing to HKLM registry in Windows 7
Quote:
Originally Posted by
Igor Vartanov
You what? And how that relates to your original writing to registry issue?
Read the full thread!
Re: Writing to HKLM registry in Windows 7
Quote:
Originally Posted by
robertpantangco
Read the full thread!
Okay, let's do that together. :)
Quote:
Originally Posted by
robertpantangco
My application needs to write a single file
Quote:
Originally Posted by
robertpantangco
But I can't seem to get it to work. I am getting "Access Denied" messages when trying to set permissions to the \All Users folder
So please explain the latter, why would you need to set permissions to a system folder when your interest is just a file?
Besides, why would you need to change/set any permission at all?
Quote:
Originally Posted by
robertpantangco
a single file that can be accessed by all users but modify rights only granted to the network administrator AFTER the software has been installed
Network administrators (domain administrators, I believe) group is automatically included into BUILTIN\Administrators group when workstation joins the domain. As I already pointed, BUILTIN\Administrators is already granted full access, so they have default rights enough to modify the file without any tweaking. Does your situation differ somehow?
And regarding your original issue. It's always good to start a new thread in case your further questions start digressing from original topic. :)