Protected Registry key access under Vista. RRS feed

  • General discussion


    Well I see the /basic./ problem. On 2k/xp the local administrator has the right to alter the permission of the registry keys in question from regedit (as well as by using the above code). On Vista the same operation in regedit itself returns an Access Denied error.

    So the default permissions HAVE changed on certain registry keys and/or the local admins ACL. It seems that write permission or the ability to change access at all is now only allowed by the SYSTEM account. Would I also be right in thinking that there is no way that a program run under an administrator account possibly impersonate a SYSTEM user?

    Has the ability to add data to this key now just been made compeltely impossible via code or account access?

    Specifically: HKLM\System\CurrentControlSet\Enum\HID\Vid_XXXX&Pid_XXXX (Our product key)

    Tuesday, February 6, 2007 12:28 PM

All replies

  • Even on downlevel from Vista, the permissions on that key only allowed SYSTEM to write.
    You only had the ability to change the ACL because administrators used to be the owner of the object, granting that group WRITE_DAC.

    On Vista, the new OWNER SID allows finer control on access granted to the owner of the object, and that capability was leveraged here specifically.

    So it looks to me that this key was never really meant to be updated by admins (and you had to get out of your way to enable it).
    The OS is now somewhat stricter.
    Note that there's a key (DeviceParameters), 2 levels below, that's readily writtable by admins.

    Tuesday, February 6, 2007 6:43 PM