locked
Need to add DWORD value to Rgistry in Win 10 via VB.Net 2013... permissions problems.... HKCU\Software\Microsoft\Windows\CurrentVersion\Polices\system RRS feed

  • Question

  • I am working on a type of Lock Screen for Win 7 through Win 10.

    Need to know how to take FULL CONTROL of ANY an ALL registry keys NO MATTER WHAT IS CURRENTLY SET IN THE PERMISSIONS AREA.

    In this case I need to change the permission so that my app can add DWORD value to the following key. Nothing must be able to stop it.

    HKCU\Software\Microsoft\Windows\CurrentVersion\Polices\system

    I would ideally like to store the current permissions, then add in the ones I need so that the code can make the changes I need then put the permissions back to what they were. And at the appropriate time I will then via the code remove the added key. Which will involve the same permissions game as when it is created.

    I am working with a simple form and a button and  the following code snip-it I got from one of the VB.Net forums which I have been experimenting with to get the code to work.

    In general the code does work for non protected registry keys or for creating new ones, but I need to add one in to a protected area so I need to have FULL CONTROL over the registry.

    Specifically there seems to be a user called "ALL APPLICATION PACKAGES" which is set to read only that I think is causing me my problems. I need to be able to remove or change the permissions for this user and then add/remove/change as needed the permissions for any other type of user that can be found in Windows 10.

    Currently if I  leave the reg location I need to add to set to the root of HKCU it will work. It will create the key and put the administrator and current user in the permissions. The call for the "ALL APPLICATION PACKAGES" user used in the following two lines, may not be referenced using the correct name and I also need help with finding the correct way to reference and modify the permissions for that type of user.

    Dim allapps As String = "ALL APPLICATION PACKAGES" rs.AddAccessRule(New RegistryAccessRule(allapps, RegistryRights.FullControl, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Allow))

    So the bottom line is I need to be able to add and remove DWORD values in the following registry key via VB.Net 2013.

    "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system"

    Thanks to all who can help,

    Ralph

    Imports System.Runtime.InteropServices
    Imports System
    Imports System.Reflection
    Imports System.Security
    Imports System.Security.AccessControl
    Imports Microsoft.Win32
    
    
    
    
    Public Class FrmLogin
    
        Private Declare Function SetWindowPos Lib "user32" (ByVal hwnd As Integer, ByVal hWndInsertAfter As Integer, ByVal x As Integer, ByVal y As Integer, ByVal cx As Integer, ByVal cy As Integer, ByVal wFlags As Integer) As Integer
        Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Integer
    
        Const SWP_HIDEWINDOW = &H80
    
        Const SWP_SHOWWINDOW = &H40
    
        Dim taskBar As Integer
    
        Dim closeit As String = "no"
    
    Private Sub Button3_Click(sender As Object, e As EventArgs) Handles Button3.Click
    
            ' Delete the example key if it exists.
            Try
                Registry.CurrentUser.DeleteSubKey("RegistryRightsExample")
                'Console.WriteLine("Example key has been deleted.")
                MsgBox(AcceptButton, MsgBoxStyle.Information, "Example key has been deleted.")
            Catch ex As ArgumentException
                ' ArgumentException is thrown if the key does not exist. In
                ' this case, there is no reason to display a message.
            Catch ex As Exception
                'Console.WriteLine("Unable to delete the example key: {0}", ex)
                MsgBox(AcceptButton, MsgBoxStyle.Information, "Unable to delete the example key: {0}" & ex.ToString)
                Return
            End Try
    
            'MsgBox(AcceptButton, MsgBoxStyle.Information, "Key should be deleted")
    
            Dim user As String = Environment.UserDomainName & "\" & Environment.UserName
    
            'Dim userspec As String = ("The user is: " & user)
    
            MsgBox(AcceptButton, MsgBoxStyle.Information, Environment.UserDomainName & "\" & Environment.UserName)
    
            '*************************************
    
            Dim rs As New RegistrySecurity()
    
            ' Allow the current user to read and delete the key.
            '
            'rs.AddAccessRule(New RegistryAccessRule(user, RegistryRights.ReadKey Or RegistryRights.Delete, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Allow))
    
    
    
            Dim allapps As String = "ALL APPLICATION PACKAGES"
    
            rs.AddAccessRule(New RegistryAccessRule(allapps, RegistryRights.FullControl, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Allow))
    
    
    
            rs.AddAccessRule(New RegistryAccessRule(user, RegistryRights.FullControl, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Allow))
    
            Dim adminuser As String = Environment.MachineName & "\Administrator"
    
            rs.AddAccessRule(New RegistryAccessRule(adminuser, RegistryRights.FullControl, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Allow))
    
    
            'Dim alltheusers As String = Environment.MachineName & "\users"
    
            Dim alltheusers As String = "Everyone"
    
            'Dim alltheusers As String = Environment.MachineName & "\users"
    
    
    
            rs.AddAccessRule(New RegistryAccessRule(alltheusers, RegistryRights.ReadKey, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Allow))
    
    
            ' Prevent the current user from writing or changing the
            ' permission set of the key. Note that if Delete permission
            ' were not allowed in the previous access rule, denying
            ' WriteKey permission would prevent the user from deleting the 
            ' key.
            'rs.AddAccessRule(New RegistryAccessRule(user, _
            'RegistryRights.WriteKey Or RegistryRights.ChangePermissions, _
            'InheritanceFlags.None, _
            'PropagationFlags.None, _
            'AccessControlType.Deny))
    
            ' Create the example key with registry security.
            Dim rk As RegistryKey = Nothing
            Try
                rk = Registry.CurrentUser.CreateSubKey("software\micorsoft\Windows\Currentversion\Policies\System\RegistryRightsExample", RegistryKeyPermissionCheck.Default, rs)
    
    
    
                'Console.WriteLine(vbCrLf & "Example key created.")
    
                rk.SetValue("ValueName", "StringValue")
    
                MsgBox(AcceptButton, MsgBoxStyle.Information, vbCrLf & "Example key created.")
                'End
            Catch ex As Exception
                'Console.WriteLine(vbCrLf & "Unable to create the example key: {0}", ex)
                MsgBox(AcceptButton, MsgBoxStyle.Information, "Unable to create the example key: {0}" & ex.ToString)
    
            End Try
    
            'MsgBox(AcceptButton, MsgBoxStyle.Information, "Key should be created")
    
            If rk IsNot Nothing Then rk.Close()
    
            rk = Registry.CurrentUser
    
            Dim rk2 As RegistryKey
    
            ' Open the key with read access.
            rk2 = rk.OpenSubKey("RegistryRightsExample", False)
    
    
            'Console.WriteLine(vbCrLf & "Retrieved value: {0}", rk2.GetValue("ValueName"))
    
            MsgBox(AcceptButton, MsgBoxStyle.Information, (vbCrLf & "Retrieved value: {0} " & rk2.GetValue("ValueName")))
    
    
            rk2.Close()
    
    
            ' Attempt to open the key with write access.
            Try
                rk2 = rk.OpenSubKey("RegistryRightsExample", True)
            Catch ex As SecurityException
    
                'Console.WriteLine(vbCrLf & "Unable to write to the example key." & " Caught SecurityException: {0}", ex.Message)
    
                MsgBox(AcceptButton, MsgBoxStyle.Information, vbCrLf & "Unable to write to the example key." & " Caught SecurityException: {0} " & ex.Message.ToString)
    
    
            End Try
    
    
            closeit = "yes"
            'End
            Environment.Exit(0)
    
    
            If rk2 IsNot Nothing Then rk2.Close()
    
            ' Attempt to change permissions for the key.
            Try
                rs = New RegistrySecurity()
                rs.AddAccessRule(New RegistryAccessRule(user, _
                    RegistryRights.WriteKey, _
                    InheritanceFlags.None, _
                    PropagationFlags.None, _
                    AccessControlType.Allow))
                rk2 = rk.OpenSubKey("RegistryRightsExample", False)
                rk2.SetAccessControl(rs)
    
    
                'Console.WriteLine(vbCrLf & "Example key permissions were changed.")
    
                MsgBox(AcceptButton, MsgBoxStyle.Information, vbCrLf & "Example key permissions were changed.")
    
    
            Catch ex As UnauthorizedAccessException
                'Console.WriteLine(vbCrLf & "Unable to change permissions for the example key." & " Caught UnauthorizedAccessException: {0}", ex.Message)
    
                MsgBox(AcceptButton, MsgBoxStyle.Information, vbCrLf & "Unable to change permissions for the example key." & " Caught UnauthorizedAccessException: {0}" & ex.Message.ToString)
    
    
            End Try
            If rk2 IsNot Nothing Then rk2.Close()
    
            'Console.WriteLine(vbCrLf & "Press Enter to delete the example key.")
            'Console.ReadLine()
            MsgBox(AcceptButton, MsgBoxStyle.Information, vbCrLf & "Click OK to delete the example key.")
    
    
            Try
                rk.DeleteSubKey("RegistryRightsExample")
    
    
    
                'Console.WriteLine("Example key was deleted.")
                MsgBox(AcceptButton, MsgBoxStyle.Information, "Example key was deleted.")
    
    
            Catch ex As Exception
                'Console.WriteLine("Unable to delete the example key: {0}", ex)
    
                MsgBox(AcceptButton, MsgBoxStyle.Information, "Unable to delete the example key: {0}" & ex.ToString)
    
    
            End Try
    
            rk.Close()
    
    
    
            'My.Computer.Registry.CurrentUser.CreateSubKey("software\micorsoft\Windows\Currentversion\Policies.System\TestKey")
    
            'My.Computer.Registry.SetValue("HKEY_CURRENT_USER\TestKey", "TestValue", "This is a testing value.", RegistryValueKind.String)
    
    
            'Dim regKey As RegistryKey
    
    
    End Sub
    End Class
    
    
    

    Friday, September 30, 2016 10:46 PM

Answers

  • I am still working on the Registry Permissions issue.

    The app will be run with admin privileges.

    I am an Admin.

     If you are logged in as an administrator,  that does not mean that your app is running with admin privileges.  Try right clicking on the Visual Studio shortcut and select "Run as administrator",  then open/run your Project OR right click your application`s exe file in the debug folder and select "Run as administrator".

    If you say it can`t be done then i`ll try it

    Wednesday, October 5, 2016 8:46 AM

All replies

  • Well your app should be running with admin privileges. If your app is not running with admin privileges then it is impossible. Otherwise viruses could do that with no problem.

    Then in the key chain the first key that is not owned by admin users needs to be altered for its ownership. Then after altering all keys in the chain after that first key so their ownership is altered to admin users so that you can provide admin users with appropriate permissions for the key(s) you can probably do what you need.

    However if you are going to alter keys ownerships if admin users are not allowed to alter things then you need to note all that somewhere so you can alter them all back in reverse order back to what they were after you are finished altering something otherwise you are writing viral app for altering registry. The registry isn't on a system for hacking by unauthorized non-administrative apps. And your app can not have administrative privileges unless an admin user for the system in question allows that.

    Regardless if you do not know what you are doing then you can destroy the registry basically.

    Update: And then there's the SysWOW64 view issue too.


    La vida loca

    Friday, September 30, 2016 11:47 PM
  • Thanks for replying.

    I am still working on the Registry Permissions issue.

    The app will be run with admin privileges.

    I am an Admin.

    I am also familiar with the registry as I have been working in IT for over 30 years. There was no registry when I started, but ever since it showed up I have been playing with. I keep it backed up and a WinPE emergency boot disk handy just in case.

    I took a short break from the reg perms problems to fine tune my authentication routines and now I am back to the permissions problems.

    I will need an example on how to take "ownership". (I will try to Google one, but if you have one handy please post it.)

    I will update with more info as I work it out and appreciate all the help I can get and your reply.

    Thanks again,

    Ralph
    Tuesday, October 4, 2016 10:32 PM
  • I am still working on the Registry Permissions issue.

    The app will be run with admin privileges.

    I am an Admin.

     If you are logged in as an administrator,  that does not mean that your app is running with admin privileges.  Try right clicking on the Visual Studio shortcut and select "Run as administrator",  then open/run your Project OR right click your application`s exe file in the debug folder and select "Run as administrator".

    If you say it can`t be done then i`ll try it

    Wednesday, October 5, 2016 8:46 AM
  • Thanks for the help IronRazerz,

    By Admin I mean I have full access as a system administrator. I know the local administrator password etc. I am running the VS as an administrator so my code should be executing as one.

    Thanks again for the help though,

    Ralph

    Wednesday, October 5, 2016 1:22 PM
  • Thanks for the help IronRazerz,

    By Admin I mean I have full access as a system administrator. I know the local administrator password etc. I am running the VS as an administrator so my code should be executing as one.

    Thanks again for the help though,

    Ralph

    Sounds malicious to me. The screen can already be locked using  + "L"

    Friday, October 7, 2016 9:40 PM