Changing registry permissions using c#

I need to programmaticall y change the permissions (ACL) on a specific
registry key in a .NET app. Is there a way to do this in .NET?

You use the same Win32 API functions you would in an unmanaged
application.

Mattias

--
Mattias Sjögren [MVP] mattias @ mvps.org
http://www.msjogren.net/dotnet/ | http://www.dotnetinterop.com
Please reply only to the newsgroup.

Three options:
1.Use System.Director yServices when running XP or higher.
As a sample, following retrieves a DACL from a registry key.

using System;
using System.Director yServices;
using System.Runtime. InteropServices ;

// Use ADsSecurityUtil ityClass available on XP and higher (activeds.dll)
// Interop Assembly created with tlbimp.exe from activeds.tlb,
// or by setting a reference to the typelib from within the IDE
using activedsnet;

class Tester {
public static void Main() {
// Local registry object
string regPath = @"HKEY_LOCAL_MA CHINE\SOFTWARE\ Microsoft";
SecurityDescrip tor sd = null;
AccessControlLi st dacl = null;
ADsSecurityUtil ityClass asu = new ADsSecurityUtil ityClass();
// Get DACL Group and OWNER info
asu.SecurityMas k = (int)(ADS_SECUR ITY_INFO_ENUM.A DS_SECURITY_INF O_DACL) |
(int)(ADS_SECUR ITY_INFO_ENUM.A DS_SECURITY_INF O_GROUP)|
(int)(ADS_SECUR ITY_INFO_ENUM.A DS_SECURITY_INF O_OWNER);
try {
sd = asu.GetSecurity Descriptor(regP ath,
(int)ADS_PATHTY PE_ENUM.ADS_PAT H_REGISTRY,
(int)ADS_SD_FOR MAT_ENUM.ADS_SD _FORMAT_IID) as SecurityDescrip tor;
}
catch(COMExcept ion ce)
{
// Be sure logon user has access to local/remote system
Console.WriteLi ne(ce.Message);
return;
}
// Get DACL from SD
dacl = sd.Discretionar yAcl as AccessControlLi st;
if (dacl != null) {
Console.WriteLi ne("Control: {0}", sd.Control);
Console.WriteLi ne("Owner: {0}", sd.Owner);
Console.WriteLi ne("Group: {0}", sd.Group);
Console.WriteLi ne("Revision: {0}", sd.Revision);
DumpDacl(dacl);
}
}
static void DumpDacl(IADsAc cessControlList dacl)
{
IADsAccessContr olEntry ace = null;
Console.WriteLi ne("------- No. of ACE's {0}-----------", dacl.AceCount);
foreach(object ac in dacl) {
ace = ac as IADsAccessContr olEntry;
Console.WriteLi ne("Access : {0}", Enum.Format(typ eof(ADS_RIGHTS_ ENUM),
ace.AccessMask, "F"));
Console.WriteLi ne(ace.Trustee) ;
Console.WriteLi ne("ACE flags {0}",
Enum.Format(typ eof(ADS_ACEFLAG _ENUM),ace.AceF lags, "x"));
Console.WriteLi ne("ACE type: {0}",
((ADS_ACETYPE_E NUM)ace.AceType ).ToString());
Console.WriteLi ne("----------------");
}
}
}
//--------------
2. Use System.Manageme nt on W2K or higher
3. Use PInvoke interop to use Win32 API's.

Willy.

"Ashok" <as******@hotma il.com> wrote in message
news:11******** **************@ f14g2000cwb.goo glegroups.com.. .

Hello

I need to programmaticall y change the permissions (ACL) on a specific
registry key in a .NET app. Is there a way to do this in .NET?
Thanks for the help,
Ashok

hi,

i have a web service that is trying to access the HKEY_LOCAL_MACH INE
part of the registry. i get the error message:

"Access to the registry key HKEY_LOCAL_MACH INE\Software\te st is denied."

i have administrative rights, and its on my machine. the code looks like:

..
..
..
using Microsoft.Win32 ;
..
..
..
try
{
string thisOne = @"Software\test ";
string thisValue = "testing";

RegistryKey regKey = Registry.LocalM achine;
regKey.CreateSu bKey ( thisOne );
regKey = Registry.LocalM achine.OpenSubK ey ( thisOne, true );
regKey.SetValue ( "", thisValue );
regKey.Flush ( );
regKey.Close ( );
regKey = null;
}
catch ( Exception e2 )
{
Console.WriteLi ne ( "Error is " + e2.Message.ToSt ring ( ) );
}
..
..
..

what have i forgotten?

regards,
topdog

....had this been a real emergency,
we would have all fled away in terror;
and you would have NOT been notified.

Michael,

what have i forgotten?

That the web service code runs under a different account (i.e. it
doesn't matter if _you_ are an admin).

Mattias

--
Mattias Sjögren [MVP] mattias @ mvps.org
http://www.msjogren.net/dotnet/ | http://www.dotnetinterop.com
Please reply only to the newsgroup.