Re: Registry Permission Attributes

It sounds like a Windows Vista limited user (LUA) issue. Even though the
current user is an admin, you don't have all the admin SIDs and privileges
in your token by default. This is more secure by default, as it prevents
the administrator's account from getting hijacked by bad code, but it makes
using the actual privileges of the admin account harder. That's probably
why this is failing.

In order for the app to actually run with the administrator privileges, I
believe you need to create a manifest file for the app that will instruct it
to run with the full token.

There is an older article from Keith Brown here:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnlong/html/leastprivlh.asp

and you'll probably find some additional resources that are newer with a few
additional searches.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"John Bowman john.bowman@xxxxxxxxxx>" <<Remove this before reply> wrote in
message news:uFjNu5x4GHA.5012@xxxxxxxxxxxxxxxxxxxxxxx
Nicole,

Thanks for the response. As I said in my original post, the exception is
ONLY thrown when the reg value is deleted under WinVsita, WinXP works
fine, even though the user MUST be an administrator in order to run run
the app at all. Furthermore, this app created the reg value. Reading is
fine. It turns out I inadvertanly posted the wrong exception info. Here's
the correct exception details:

Details:
Object reference not set to an instance of an object.

StackTrace:
at System.Windows.Forms.Control.MarshaledInvoke(Control caller, Delegate
method, Object[] args, Boolean synchronous)
at System.Windows.Forms.Control.Invoke(Delegate method, Object[] args)
at
BackgroundWinNM.CBackgroundWin.CompleteSelfDiscoveryCB(ApplicationException
eApp)
at BackgroundWinNM.CBackgroundWin.PerformSelfDiscovery(Object
TargetSelfDiscovCompleteCB)
at System.Threading.ThreadHelper.ThreadStart_Context(Object state)
at System.Threading.ExecutionContext.runTryCode(Object userData)
at
System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode
code, CleanupCode backoutCode, Object userData)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext
executionContext, ContextCallback callback, Object state)
at System.Threading.ExecutionContext.Run(ExecutionContext
executionContext, ContextCallback callback, Object state)
at System.Threading.ThreadHelper.ThreadStart(Object obj)


John

"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
news:1B3F7F2C-9D8C-4AF4-89EB-8C38FB38C486@xxxxxxxxxxxxxxxx
Could you please provide the full exception details (including call stack
listing) as returned by the exception's ToString method? Also, is the
problem occurring when your code attempts to read or write the registry
value or at some other point?



"John Bowman john.bowman@xxxxxxxxxx>" <<Remove this before reply> wrote
in message news:OfBXE212GHA.1300@xxxxxxxxxxxxxxxxxxxxxxx
Hi All,

I've got an app I need to modifiy that's written in C# VS2005/.NET 2.0
which is dsigned to ONLY run when the logged in user has administrator
privileges. At one point it needs to delete a HKLM\Software\... registry
value if it has, in fact, created it. So there is a method that deletes
this registry key. The method has the following RegistryPermission
attribute....

[RegistryPermissionAttribute(SecurityAction.PermitOnly,
Read=@"HKEY_LOCAL_MACHINE\Software\My Company Name"]

This all works just fine on WinXP, but throws an exception under
WinVista Build: 5384

"Request for the permission of type
'System.Security.Permissions.UIPermission, mscorlib, Version=2.0.0.0,
Culture=neutral, PublicKey Token=b77a5c561934e089' failed."

Has something changed in WinVista that would be expected to cause this
or is this a bug in WinVista and what can I do to work around it? I'm
NOT allowed to move the setting to HKCU\Software\My Company Name" since
other programs rely upon it being there and they will NOT be changing to
run under WinVista.

TIA,

--
John C. Bowman
Software Engineer
Thermo Electron Scientific Instruments Div.
<Remove this before reply> john.bowman@xxxxxxxxxx






.

Relevant Pages

  • Re: Give an app admin privaledges - How?
    ... Since this app is not certified for Windows (meaning it needs admin ... you will need to identify what registry hives and ... different special domain user account that has local admin privileges. ...
    (microsoft.public.win2000.group_policy)
  • Re: howto check for Registry write permission without UAE dialogue?
    ... You can do this, but you will either have to split your functionality into 2 apps, or re-run your app dynamically when you decide you need them with CreateProcess, specifying that it needs admin rights. ... Basically, the answer to your question is "non-elevated apps can't write to HKLM in Vista", no matter what privileges the user has. ...
    (microsoft.public.development.device.drivers)
  • RE: Executing app with admin privileges
    ... just a particular application with admin credentials while the rest run ... Use any one of the "elevate my privileges during this software run ... Norwich University ... EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has ...
    (Security-Basics)
  • RE: Executing app with admin privileges
    ... security isses - the elevated privilages are available from throughout the ... Executing app with admin privileges ... EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has ...
    (Security-Basics)
  • Re: Mac OS X Security - Not Quite as Strong as you Thought
    ... to secure the admin account. ... OS X actually makes some actual changes to the privileges. ... But the difference this makes is trivial; admin accounts ... It can be configured to demand a 'secure attention key', ...
    (comp.sys.mac.advocacy)