Default Regitry Permissions

Windows 2003 Server R2 SP1 with IIS, ASP .NET 1.1 and .NET 2.0,
standalone server, developer machine with Visual Studio 6.0, VS.NET
2003 and 2005 installed.

I'm registering a custom DLL and the resulting keys in
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ are assigned permissions different
than the container's permissions.

As a container,
HKEY_LOCAL_MACHINE\SOFTWARE\Classes allows "Everyone - Full Control" -
that's the only setting, in addition to "Allow inheritable permissions
to propagate to this object"


My class however, after registering my DLL using regsvr32,
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\myDLL.myClass allows only SYSTEM
and the Administrators group "Special Permissions - Full Controll"

This prevents an ASP web application to access my DLL - the
IUSR_MachineName account is denied access.

Something must have changed recently since this was working fine. I am
the only person who has access to that machine. The only changes I've
made recently are possibly Windows Update and the addition of Windows
Media Services (WMS). I suspect installing WMS tightened the security,
but I can't fins a security policy regarding the registry. Checked
local policies - nothing defined. No domain policy as this is a
standalone server.

My question is: What is the mechanism that determines permission levels
on registry keys added by running regsvr32 on a DLL?

.

Relevant Pages