Database Search

match allmatch any Look in all areasLook in current areas Check all datesPrevious dayPrevious 3 daysPrevious weekPrevious fortnightPrevious monthPrevious 2 monthsPrevious 3 monthsPrevious half-yearPrevious year

TechHome

Sample Code from Users

• A definitve source of Registry info
• Accessing Alternate Registry View
• Additional Key Handles
• Backing up the Registry
• Basic Registry Info and Utilities
• Change Registry Permissions and Modify Read-Only Subkeys
• Changing Registry as Administrator in NT4
• Compare Registry - Before and After
• Connecting to a Registry on a Remote Computer
• Convert Qword
• Converting a Hex DWord Value into Four Octets
• DataItem or Subkey - Does Key Exist and RegQueryValue
• Determine All Extensions Associated with an Application
• Edit a REG File
• Error 5 Opening Registry Key
• Export Color Scheme from Registry
• How to Find a Particular Hive
• How to Make Registry Key Dump to a Text File
• How to Restore Registry in Win95
• How to Save Hive Files in Windows 95
• Importing 64 bit Registry Settings
• Modify Users Registry with Elevated Privileges
• PATH Information and RegApp
• Problem Closing RegConnect Connections Using WntCancelCon
• RegCreateKey Creating Key in Wrong Reg Hive
• RegDeleteKey failing from 64bit to 32-bit server
• RegEdit and Merging Databases
• RegEdit Command Line Options Syntax
• RegEdit Merge Into 64-bit Registry
• Registry Compare
• Registry Editing Permissions and Winbatch
• Registry Entry for WBTs
• Registry Keys additional for NT and 95
• Registry Run Keys - Run and Runonce
• RegLoadHive - RegUnloadHive - and Running REG Files
• RegOpenKeyEx Notes
• RegQueryEx for REG_EXPAND_SZ
• RegQueryKeys and Counting Subkeys
• RegQueryMulSz Problem
• RegSetBin and Hex7 Value
• RegSetDword and Hex
• RegSetDword and Setting Last Bit to 0
• Renaming Registry Keys
• Replace all Occurrences of a String
• Retain Percent Signs in SystemRoot
• Setting Binary Values Greater than 255 Chars
• Setting Unknown Registry Type
• SYSDIFF and other Registry Utilities
• Updating the Registry and Broadcast Message
• Utility to Monitor Registry

Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.

Modify Users Registry with Elevated Privileges

---

Question:

I use RunWithLogon regularly during logon scripts. However, I have an instance now, where I need to temporarily elevate a user's permissions, so that registry keys under local user are properly updated.

What is the best way to accomplish this without having the user relogon (if possible).

I believe RunWithLogon will use the credentials of the elevated "user" and not the actual logged on user.

Answer:

RunWithLogon() creates a new process running under the credentials you specified. If those credentials are for a user account that has elevated privs, then the process will execute using those privs.

The wntRunAsUser() function can be used to cause your current process [and the script it is executing] to impersonate another user with higher privs, but you have to grant some god-like privs to the user that calls wntRunAsUser() in order for the function to be useful to begin with.

What exactly are you trying to do that requires elevated privs to modify the HKCU portion of the registry?

Please note that even if you do use RunWithLogon() to create a process that runs with higher privs, that process can still access the HKCU registry hive belonging to its parent process. However, it gets accessed via the HKU portion of the registry, and you need to pass the parent process' SID value to the child process as a command line parameter so that the child process will be able to identify the parent process' registry hive under HKU.

User Reply:

We do not allow Power Users to install software on their PC's. Generally, we have field engineers that go out to do the installations and this usually works fine as most applications can accomidate the HKUser method. However, we are attempting to script an installation for Palm Desktop software, which is extremely user specific. I havent tried it yet, but I was concerned that the wrong hive would be updated since the actual Palm software install would take place under a RunWithLogon script.

Answer:

Yes, the wrong HKCU would be used if you are logged on as UserA and then use RunWithLogon() to launch the Palm installation as UserB.

User Reply:

I'm confused. Your comment at the beginning of this post gave me the impression that if you were to pass the parent's SID to the elevated child process it would then access the HKCU of the parent process, the one that needs to be change. Is that right?

Answer:

There's an unstated assumption being made regarding which registry hives are currently loaded on the system. Assuming you have multiple users logged on to the system, such as with TS sessions, services, the interactive user on the console, etc..., you'll find that as long as those processes were created in such a way that their registry hives were loaded, their hives are all visible under the HKU portion of the registry. Now, given that the parent process running as UserA is staying logged on while the child process running as UserB is still executing, then it is safe to assume that UserB can find UserA's hive under HKU and access it. Of course, UserB must have sufficient privs w/respect to the permissions on UserA's registry hive. What the assumption allows us to do is to bypass the step where we locate the ntuser.dat file for UserA and load it via RegLoadHive(). If the SID for UserA is passed as a command line parameter to the process running as UserB [created by RunWithLogon()], then UserB can go directly to the registry and do whatever it needs to do for manipulating UserA's registry settings within the limits of the permissions that exist in the registry.

---

Article ID:   W17207

File Created: 2007:07:03:14:28:46

Last Updated: 2007:07:03:14:28:46