Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.
Here is my code at its simplest (for some "RemoteMachine"):
RemoteRegistry = RegConnect( RemoteMachine, @REGMACHINE ) CriticalKey = RegOpenKey( RemoteRegistry, "SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx" ) OldSetting = wntSecurityGet( RemoteMachine, CriticalKey, 400, 1, 0 ) SetOkay = wntAccessMod( RemoteMachine, CriticalKey, 400, 2, 2 )The remote references work in the SecurityGet function but not in the AccessMod function. Is there another way of manipulating the inheritance flag on registry permissions?
Another possibility is that you have the permissions necessary to read the security settings but lack the permissions necessary to alter the inheritance flag. It may result in a failure to open a registry handle internally for use in modifying the security settings, and that might be where the error comes from.
What's the version of Windows the code runs on ?
What's the version of Windows on the remote system where the key is located?
What's in the WWWBATCH.INI file after the failure occurs?
What do the permissions look like on the remote registry key when viewed in REGEDIT on that remote system?
What user are you logged on as?
Are both systems in the same domain together?
Remote machine is Windows 2000.
WWWBatch.INI contains:
[Error Reporting] 3052=param2 [WWWNT34I] LastError=0 (DoRegACLInheritanceModify() {remote server cannot be specified}) [WBDDC34I] LastError=2 (RegOpenKey)
Currently the permissions are all being inherited from the parent key and are the default Windows permissions (admins, power users, and SYSTEM with Full Control, OWNER with subkey FullControl, and users with Read).
I am logged on as a domain admin (and can perform the change manually via regedt32, I checked that).
The systems are in the same domain.
Also, I tried playing around with how I specified the remote machine name (with and without the "\\" in the front). After reading the WINBATCH.INI file, I also tried specifying no name (as if the key handle was referenced from my machine) but with no luck.
Thanks for your assistance.
OK, it looks like there's an error of omission associated with the wntAccessMod() mod docs regarding the modification of the ACL inheritance flags.
In a nutshell.... You can't get there from here. Remote registry keys cannot be manipulated in this manner. I refreshed myself by looking at the source code that generates the exact error message you encountered in the WWWBATCH.INI file, and there's a valid reason for it. In order to properly calculate what the permissions need to be, it is necessary to find the parent of the registry key passed in to wntAccessMod(). Since a registry handle can be passed in via handle, that code I mentioned that converts registry handles back into registry keys gets invoked and it won't work with remote registry keys.
You're going to have to modify the security settings for inheritance via a script running locally on that remote server; you can't make the change through remote access to the registry.
The same limitation applies if you try to modify the inheritance settings for the root of a remote file share, in that the parent folder of the remote share may not be accessible via the network.
Right now, doing it only with a single registry key handle, it's impossible to make it work for remote systems.
Let me hack around at the code and see what I can whip up. I'll have to add support for an optional parameter after the "flags" parameter, and that optional parameter will be the subkey name that is to be modified, with the registry key handle in the "resource-name" parameter being the parent of that subkey.
Article ID: W17062
File Created: 2007:07:03:14:28:02
Last Updated: 2007:07:03:14:28:02