Is there a Registry key which is allowed for write access to any users and is shared among them?
I need to store some machine-specific data in my application, but this piece of data must be machine-dependent, not logged-user-depended. HKEY_LOCAL_MACHINE is only writable by Administrator. HKEY_CURRENT_USER is allowed for write, but is not shared with other users.
I think that in Windows filesystem folder C:\ProgramData (environment variable %ALLUSERSPROFILE%) is writable for anyone and is shared, but does Registry has something similar?
It is the same for the file system as well as the registry, out of the box nothing is shared between users with a limited user account. This is trivially solved by creating a directory or registry key that has write access by Everyone. By an admin or a program that runs with admin rights.
Nope. There are only two persistent hives: HKLM and HKU. As there are no shared hives under HKU you would have to store shared data somewhere under HKLM. You can create your key and give it a security descriptor allowing Everyone full access.
Related
I am somewhat new to Registry Keys in Windows. What I want to do is add a registry key ONCE that will take effect on the local SYSTEM user (for as long as my program is installed). This registry key will need to be added through a batch file while logged on as a regular user (not the SYSTEM user). What I am doing exactly is running a batch script that creates a windows service. This service is running as the local system user. The service is trying to do something that requires a registry key to be set. I tried manually setting the registry key in HKEY_LOCAL_MACHINE but I am still hitting the roadblock when my service is run. Is this the correct place to change registry keys so that the local system account will see them? Any knowledge on the subject would be greatly appreciated!
I'd come to this conclusion through experience and various things I've read on this internet, but in stating it to a co-worker, it seems illogical. Can you verify the following statement is true, or provide a counter to it?
On Vista/Win7, two standard (non-elevated users) cannot read/write the same location in the registry.
On Vista/Win7, two standard (non-elevated users) cannot read/write the same location in the registry.
This is a false statment
On Vista/Win7, two standard (non-elevated users) cannot write the same location in the registry in the default configuration.
But this is true. By default, users only have write access to their own hive (HKEY_CURRENT_USER) and read access to the machine hive (HKEY_LOCAL_MACHINE).
If you want to configure a location where any user can read and write, you can certainly do by configuring a key's ACL, as #Dark Falcon said. A good place for this is somewhere inside your application's key in HKEY_LOCAL_MACHINE, and at install time (when your installer has elevated privileges to do so).
That would be incorrect. A registry key can have an ACL specified which allows any user, elevated or not, to write to it. By default, I am not aware of any keys which have this configured, but it certainly is possible.
Is there a way to elevate privileges to the level required to write files to a network folder with our Delphi 2006 (Win32) application?
The user running the application does not have permission to write (or view) files in the network folder in question.
Any recommended techniques or alternative suggestions?
You could prompt the user to enter credentials for a user with elevated permissions and then temporarily operate under that other user's login while writing to the network share. To do this, you are looking for the LogonUser and ImpersonateLoggedOnUser functions. Please see this answer.
Use WNetAddConnection2 to connect to the UNC path, you will need to use the lpUsername and lpPassword parameters (either ask the user for them or hide them somewhere in your app).
You can choose if you want to map a local driver letter to the UNC path or not (in that case use nil for the lpLocalname parameter). After you've done that you can access the UNC path without specifying credentials.
In Vista standard user can no more create or write to keys under HKLM\Software. So to port the code according to Vista standards in to which key i should write the application configuration data. Same way like %AllUsers%/AppData for folders. My main requirement is I should avoid writting to HKLM\Software, but the key location should be common to all users under registry.
Thanks,
F
The registry is a secure-able object.
i.e. you can, during the administrative install, alter the ACL of a key you create, to create an all users read / write key in HKLM.
That said, Users\public\AppData might not work they way you think. The ACLs on that folder allow read by all users, but only creators can write. Which means you still can't have two users editing the same documents.
I would like to share a small amount of data between All Users in the Windows Registry. For shared read and write access between any user that logs into the machine or a service on the machine. Is there a location where this can be done? I have tried using "HKEY_USERS\.DEFAULT\Software\" but this seems to be blocked by the Vista UAC rules.
You can put all users data in HKEY_LOCAL_MACHINE hive, but you'll need to adjust the permissions on the key to in order to make it writable by all users, as your question states.
HKEY_LOCAL_MACHINE should be the place to store data between users. There's a good, short explanation here about which folders/hives are used for what.