Writing to HKLM registry in Windows 7
CodeGuru Home VC++ / MFC / C++ .NET / C# Visual Basic VB Forums Developer.com
Results 1 to 9 of 9

Thread: Writing to HKLM registry in Windows 7

  1. #1
    Join Date
    Apr 2002
    Posts
    121

    Writing to HKLM registry in Windows 7

    When I write to the Windows 7 Registry at HKEY_LOCAL_MACHINE, I get a return code of 5 which is the "access denied" message when I execute RegCreateKeyEx.

    This happens even if the User has administrator rights.

    How can I tell Windows 7 to allow the program to write to the registry?

    The application is a 32-bit application and it should be allowed to run in either a Windows 7 32-bit or 64-bit machine.

    I noticed that when I run certain popular programs, a User Account Control dialog box comes asking:
    "Do if you want to allow the following program from an unknown publisher to make changes to this computer".

    Should my application call User Account Control and if so, how do I do it in C++ Visual Studio 2008?

    I also found out that 64-bit Windows machines have two registry hives. Is there a different code to handle the same task?

    Any help will be appreciated.

  2. #2
    VictorN's Avatar
    VictorN is online now Super Moderator Power Poster
    Join Date
    Jan 2003
    Location
    Wallisellen (ZH), Switzerland
    Posts
    17,606

    Re: Writing to HKLM registry in Windows 7

    Quote Originally Posted by robertpantangco View Post
    When I write to the Windows 7 Registry at HKEY_LOCAL_MACHINE, I get a return code of 5 which is the "access denied" message when I execute RegCreateKeyEx.
    Yes, it is by design. Only in Win 3.1 / Win95-98 everzone could write to HKLM.

    Quote Originally Posted by robertpantangco View Post
    This happens even if the User has administrator rights.
    ... beginning from Windows Vista.

    Quote Originally Posted by robertpantangco View Post
    How can I tell Windows 7 to allow the program to write to the registry?

    The application is a 32-bit application and it should be allowed to run in either a Windows 7 32-bit or 64-bit machine.

    I noticed that when I run certain popular programs, a User Account Control dialog box comes asking:
    "Do if you want to allow the following program from an unknown publisher to make changes to this computer".

    Should my application call User Account Control and if so, how do I do it in C++ Visual Studio 2008?
    No, you should not develop your program to work against the design of Windows. Do NOT write in HKLM. This hive is only for system + for some App settings that are not to be changed after software installation.
    So you should only write something to it while installing your software (note that installation needs to be run with admin rights!)

    Quote Originally Posted by robertpantangco View Post
    I also found out that 64-bit Windows machines have two registry hives. Is there a different code to handle the same task?
    32-bit and 64-bit Application Data in the Registry
    Victor Nijegorodov

  3. #3
    Join Date
    Apr 2000
    Location
    Belgium (Europe)
    Posts
    4,100

    Re: Writing to HKLM registry in Windows 7

    Note that normally even admins don't have write access to HKLM anymore.
    Writing to HKLM requires UAC elevation which can be achieved via the application manifest.
    Note that this means the entire application will start elevated and run elevated for the entire duration. This isn't recommended for "user" programs or programs that have mixed user mode and admin mode needs.


    If your app is mixed mode, you will either need to start a helper exe and request "on the spot elevation". Or alternatively, have your installation install a service which runs with admin priviledges, and have your user mode app 'talk to' the service to make the HKLM changes on it's behalf.

    Ideally though, you want to redesign your application so that it doesn't need to access HKLM outside of the installation.
    Last edited by OReubens; July 9th, 2013 at 08:33 AM.

  4. #4
    Join Date
    Apr 2002
    Posts
    121

    Re: Writing to HKLM registry in Windows 7

    My application needs to write a single file that can be accessed by all users but modify rights only granted to the network administrator AFTER the software has been installed.

    I can't put the info in HKLM and I can't write to Program Files either.

    Writing to Users\Username\appdata\local\... will not work either because these will create many files. One for each user.

    I am stuck!

  5. #5
    Join Date
    Dec 2012
    Location
    England
    Posts
    2,848

    Re: Writing to HKLM registry in Windows 7

    What about using \Documents and Settings\All Users\Application Data\{appname}?

    Or with Windows 7 \Users\All Users\Application Data\{appname} or just \ProgramData\{appname}
    Last edited by 2kaud; July 9th, 2013 at 05:09 PM.
    All advice is offered in good faith only. You are ultimately responsible for effects of your programs and the integrity of the machines they run on.

  6. #6
    Join Date
    Apr 2002
    Posts
    121

    Re: Writing to HKLM registry in Windows 7

    Hello,
    Thanks for the advice. Looks like this could be a simple elegant solution.

    But I can't seem to get it to work. I am getting "Access Denied" messages when trying to set permissions to the \All Users folder which looks like it points to \ProgramData

  7. #7
    Join Date
    Nov 2000
    Location
    Voronezh, Russia
    Posts
    6,070

    Re: Writing to HKLM registry in Windows 7

    Quote Originally Posted by robertpantangco View Post
    But I can't seem to get it to work. I am getting "Access Denied" messages when trying to set permissions to the \All Users folder which looks like it points to \ProgramData
    You what? You were suggested to write file there, but not to set permissions.
    Code:
    C:\Users\All Users>icacls "C:\Users\All Users\Application Data"
    C:\Users\All Users\Application Data Everyone:(DENY)(S,RD)
                                        Everyone:(RX)
                                        NT AUTHORITY\SYSTEM:(F)
                                        BUILTIN\Administrators:(F)
    
    Successfully processed 1 files; Failed processing 0 files
    
    C:\>icacls C:\ProgramData
    C:\ProgramData NT AUTHORITY\SYSTEM:(OI)(CI)(F)
                   BUILTIN\Administrators:(OI)(CI)(F)
                   CREATOR OWNER:(OI)(CI)(IO)(F)
                   BUILTIN\Users:(OI)(CI)(RX)
                   BUILTIN\Users:(CI)(WD,AD,WEA,WA)
    
    Successfully processed 1 files; Failed processing 0 files
    As you can see, BUILTIN\Administrators have Full access to ProgramData, so what you need is a simple EXE file manifesting requireAdministrator execution level that will write the file there.
    Last edited by Igor Vartanov; July 10th, 2013 at 03:52 AM.
    Best regards,
    Igor

  8. #8
    Join Date
    Apr 2002
    Posts
    121

    Re: Writing to HKLM registry in Windows 7

    Quote Originally Posted by Igor Vartanov View Post
    You what? And how that relates to your original writing to registry issue?
    Read the full thread!

  9. #9
    Join Date
    Nov 2000
    Location
    Voronezh, Russia
    Posts
    6,070

    Re: Writing to HKLM registry in Windows 7

    Quote Originally Posted by robertpantangco View Post
    Read the full thread!
    Okay, let's do that together.

    Quote Originally Posted by robertpantangco View Post
    My application needs to write a single file
    Quote Originally Posted by robertpantangco View Post
    But I can't seem to get it to work. I am getting "Access Denied" messages when trying to set permissions to the \All Users folder
    So please explain the latter, why would you need to set permissions to a system folder when your interest is just a file?

    Besides, why would you need to change/set any permission at all?
    Quote Originally Posted by robertpantangco View Post
    a single file that can be accessed by all users but modify rights only granted to the network administrator AFTER the software has been installed
    Network administrators (domain administrators, I believe) group is automatically included into BUILTIN\Administrators group when workstation joins the domain. As I already pointed, BUILTIN\Administrators is already granted full access, so they have default rights enough to modify the file without any tweaking. Does your situation differ somehow?

    And regarding your original issue. It's always good to start a new thread in case your further questions start digressing from original topic.
    Best regards,
    Igor

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  


Windows Mobile Development Center


Click Here to Expand Forum to Full Width

This is a CodeGuru survey question.


Featured


HTML5 Development Center