I'm attempting some remote registry manipulation via C#. I've written a test
app to simply grab a specified key from a specified hive on a specified
machine. The call to OpenSubKey is throwing System.SecurityException.
Also of note: Sitting at my local box, I can open regedit and connect to the
remote registry. I see three hives: _CLASSES_ROOT, _LOCAL_MACHINE, and
_USERS. I can open all but HKEY_LOCAL_MACHINE. When I try to expand that one,
I get a simple error message that tells me almost nothing.
So I'm fairly certain I'm running up against some kind of permissions issue.
This is a dev server, but I still don't want to go mucking around too much
without knowing what I'm doing. Via Terminal Services, I added LOCAL SERVICE
to HKEY_LOCAL_MACHINE and a few sub keys. That didn't help. I also found two
interesting entries in the Local Security Polcy: Remotely accessible registry
paths and Remotely accesible registry paths and sub-paths. I didn't mess
around with those much, but I did notice that there's no hive on any of the
entries, and it doesn't LOOK like all of the paths I can see connecting
remotely via regedit are in those lists (but I could be wrong).
So what's the magic formula for accessing these keys remotely? And are some
of them tied down by default? I don't think anyone here specifically decided
to make the local_machine hive inaccessible remotely...
Here's some details:
My Machine: Windows 2000 Professional
Remote Machine: Windows 2003 Server
I'm an admin on both machines...
Just for fun, here's a code sample:
public static RegistryKey GetKey(RegistryHive hive, string key, string server)
{
RegistryKey parentKey;
RegistryKey returnKey = null;
if (server == null || server.Length == 0)
{
server = string.Empty;
}
parentKey = RegistryKey.OpenRemoteBaseKey(hive, server);
if (parentKey != null)
{
try
{
// THE LINE BELOW THROWS
//
System.SecurityException
returnKey = parentKey.OpenSubKey(key, true);
}
catch(Exception exception)
{
// handle the exception!
returnKey = null;
}
}
return returnKey;
}
21  10742 
"Kevin Swanson" <ke**********@nospam.nospam> wrote in message
news:2F**********************************@microsof t.com... I'm attempting some remote registry manipulation via C#. I've written a
test
app to simply grab a specified key from a specified hive on a specified
machine. The call to OpenSubKey is throwing System.SecurityException.
Also of note: Sitting at my local box, I can open regedit and connect to
the
remote registry. I see three hives: _CLASSES_ROOT, _LOCAL_MACHINE, and
_USERS. I can open all but HKEY_LOCAL_MACHINE. When I try to expand that
one,
I get a simple error message that tells me almost nothing.
So I'm fairly certain I'm running up against some kind of permissions
issue.
This is a dev server, but I still don't want to go mucking around too much
without knowing what I'm doing. Via Terminal Services, I added LOCAL
SERVICE
to HKEY_LOCAL_MACHINE and a few sub keys. That didn't help. I also found
two
interesting entries in the Local Security Polcy: Remotely accessible
registry
paths and Remotely accesible registry paths and sub-paths. I didn't mess
around with those much, but I did notice that there's no hive on any of
the
entries, and it doesn't LOOK like all of the paths I can see connecting
remotely via regedit are in those lists (but I could be wrong).
So what's the magic formula for accessing these keys remotely? And are
some
of them tied down by default? I don't think anyone here specifically
decided
to make the local_machine hive inaccessible remotely...
Here's some details:
My Machine: Windows 2000 Professional
Remote Machine: Windows 2003 Server
I'm an admin on both machines...
Just for fun, here's a code sample:
public static RegistryKey GetKey(RegistryHive hive, string key, string
server)
{
RegistryKey parentKey;
RegistryKey returnKey = null;
if (server == null || server.Length == 0)
{
server = string.Empty;
}
parentKey = RegistryKey.OpenRemoteBaseKey(hive, server);
if (parentKey != null)
{
try
{
// THE LINE BELOW THROWS
//
System.SecurityException
returnKey = parentKey.OpenSubKey(key, true);
}
catch(Exception exception)
{
// handle the exception!
returnKey = null;
}
}
return returnKey;
}
You need to be an admininistrator on the remote machine for this to work.
Willy.
yeah... I'm an admin on both machines.
"Willy Denoyette [MVP]" wrote:
"Kevin Swanson" <ke**********@nospam.nospam> wrote in message
news:2F**********************************@microsof t.com... I'm attempting some remote registry manipulation via C#. I've written a
test
app to simply grab a specified key from a specified hive on a specified
machine. The call to OpenSubKey is throwing System.SecurityException.
Also of note: Sitting at my local box, I can open regedit and connect to
the
remote registry. I see three hives: _CLASSES_ROOT, _LOCAL_MACHINE, and
_USERS. I can open all but HKEY_LOCAL_MACHINE. When I try to expand that
one,
I get a simple error message that tells me almost nothing.
So I'm fairly certain I'm running up against some kind of permissions
issue.
This is a dev server, but I still don't want to go mucking around too much
without knowing what I'm doing. Via Terminal Services, I added LOCAL
SERVICE
to HKEY_LOCAL_MACHINE and a few sub keys. That didn't help. I also found
two
interesting entries in the Local Security Polcy: Remotely accessible
registry
paths and Remotely accesible registry paths and sub-paths. I didn't mess
around with those much, but I did notice that there's no hive on any of
the
entries, and it doesn't LOOK like all of the paths I can see connecting
remotely via regedit are in those lists (but I could be wrong).
So what's the magic formula for accessing these keys remotely? And are
some
of them tied down by default? I don't think anyone here specifically
decided
to make the local_machine hive inaccessible remotely...
Here's some details:
My Machine: Windows 2000 Professional
Remote Machine: Windows 2003 Server
I'm an admin on both machines...
Just for fun, here's a code sample:
public static RegistryKey GetKey(RegistryHive hive, string key, string
server)
{
RegistryKey parentKey;
RegistryKey returnKey = null;
if (server == null || server.Length == 0)
{
server = string.Empty;
}
parentKey = RegistryKey.OpenRemoteBaseKey(hive, server);
if (parentKey != null)
{
try
{
// THE LINE BELOW THROWS
//
System.SecurityException
returnKey = parentKey.OpenSubKey(key, true);
}
catch(Exception exception)
{
// handle the exception!
returnKey = null;
}
}
return returnKey;
}
You need to be an admininistrator on the remote machine for this to work.
Willy.
A local admin cannot be admin on two different machines unless it's a shadow
account, that is the credentials (account/password) are the same. Is this
the case?
Willy.
"Kevin Swanson" <ke**********@nospam.nospam> wrote in message
news:DF**********************************@microsof t.com... yeah... I'm an admin on both machines.
"Willy Denoyette [MVP]" wrote:
"Kevin Swanson" <ke**********@nospam.nospam> wrote in message
news:2F**********************************@microsof t.com... > I'm attempting some remote registry manipulation via C#. I've written a
> test
> app to simply grab a specified key from a specified hive on a specified
> machine. The call to OpenSubKey is throwing System.SecurityException.
>
> Also of note: Sitting at my local box, I can open regedit and connect
> to
> the
> remote registry. I see three hives: _CLASSES_ROOT, _LOCAL_MACHINE, and
> _USERS. I can open all but HKEY_LOCAL_MACHINE. When I try to expand
> that
> one,
> I get a simple error message that tells me almost nothing.
>
> So I'm fairly certain I'm running up against some kind of permissions
> issue.
> This is a dev server, but I still don't want to go mucking around too
> much
> without knowing what I'm doing. Via Terminal Services, I added LOCAL
> SERVICE
> to HKEY_LOCAL_MACHINE and a few sub keys. That didn't help. I also
> found
> two
> interesting entries in the Local Security Polcy: Remotely accessible
> registry
> paths and Remotely accesible registry paths and sub-paths. I didn't
> mess
> around with those much, but I did notice that there's no hive on any of
> the
> entries, and it doesn't LOOK like all of the paths I can see connecting
> remotely via regedit are in those lists (but I could be wrong).
>
> So what's the magic formula for accessing these keys remotely? And are
> some
> of them tied down by default? I don't think anyone here specifically
> decided
> to make the local_machine hive inaccessible remotely...
>
> Here's some details:
> My Machine: Windows 2000 Professional
> Remote Machine: Windows 2003 Server
> I'm an admin on both machines...
>
> Just for fun, here's a code sample:
>
> public static RegistryKey GetKey(RegistryHive hive, string key, string
> server)
> {
> RegistryKey parentKey;
> RegistryKey returnKey = null;
>
> if (server == null || server.Length == 0)
> {
> server = string.Empty;
> }
>
> parentKey = RegistryKey.OpenRemoteBaseKey(hive, server);
>
>
> if (parentKey != null)
> {
> try
> {
> // THE LINE BELOW THROWS
> //
> System.SecurityException
>
> returnKey = parentKey.OpenSubKey(key, true);
> }
> catch(Exception exception)
> {
> // handle the exception!
> returnKey = null;
> }
>
> }
>
> return returnKey;
> }
>
You need to be an admininistrator on the remote machine for this to work.
Willy.
Okay, one of is is obviously not understanding something. Probably it's me.
Using Regedit: I'm sitting at my local machine, logged on under my network
account. I pull up regedit, click Registyr/Connect Network Registry, and type
in the remote server name. At this point, I can see the HKLM hive, but I get
an error when I try to open it.
Programmatically: Running an app on my local machine, I succeed when calling
RegistryKey.OpenRemoteBaseKey, but fail when calling OpenSubKey.
So... I don't understand where the local accounts come into play (unless
you're talking about the LOCAL SERVICE account).
"Willy Denoyette [MVP]" wrote: A local admin cannot be admin on two different machines unless it's a shadow
account, that is the credentials (account/password) are the same. Is this
the case?
Willy.
"Kevin Swanson" <ke**********@nospam.nospam> wrote in message
news:DF**********************************@microsof t.com... yeah... I'm an admin on both machines.
"Willy Denoyette [MVP]" wrote:
"Kevin Swanson" <ke**********@nospam.nospam> wrote in message
news:2F**********************************@microsof t.com...
> I'm attempting some remote registry manipulation via C#. I've written a
> test
> app to simply grab a specified key from a specified hive on a specified
> machine. The call to OpenSubKey is throwing System.SecurityException.
>
> Also of note: Sitting at my local box, I can open regedit and connect
> to
> the
> remote registry. I see three hives: _CLASSES_ROOT, _LOCAL_MACHINE, and
> _USERS. I can open all but HKEY_LOCAL_MACHINE. When I try to expand
> that
> one,
> I get a simple error message that tells me almost nothing.
>
> So I'm fairly certain I'm running up against some kind of permissions
> issue.
> This is a dev server, but I still don't want to go mucking around too
> much
> without knowing what I'm doing. Via Terminal Services, I added LOCAL
> SERVICE
> to HKEY_LOCAL_MACHINE and a few sub keys. That didn't help. I also
> found
> two
> interesting entries in the Local Security Polcy: Remotely accessible
> registry
> paths and Remotely accesible registry paths and sub-paths. I didn't
> mess
> around with those much, but I did notice that there's no hive on any of
> the
> entries, and it doesn't LOOK like all of the paths I can see connecting
> remotely via regedit are in those lists (but I could be wrong).
>
> So what's the magic formula for accessing these keys remotely? And are
> some
> of them tied down by default? I don't think anyone here specifically
> decided
> to make the local_machine hive inaccessible remotely...
>
> Here's some details:
> My Machine: Windows 2000 Professional
> Remote Machine: Windows 2003 Server
> I'm an admin on both machines...
>
> Just for fun, here's a code sample:
>
> public static RegistryKey GetKey(RegistryHive hive, string key, string
> server)
> {
> RegistryKey parentKey;
> RegistryKey returnKey = null;
>
> if (server == null || server.Length == 0)
> {
> server = string.Empty;
> }
>
> parentKey = RegistryKey.OpenRemoteBaseKey(hive, server);
>
>
> if (parentKey != null)
> {
> try
> {
> // THE LINE BELOW THROWS
> //
> System.SecurityException
>
> returnKey = parentKey.OpenSubKey(key, true);
> }
> catch(Exception exception)
> {
> // handle the exception!
> returnKey = null;
> }
>
> }
>
> return returnKey;
> }
>
You need to be an admininistrator on the remote machine for this to work.
Willy.
"Kevin Swanson" <ke**********@nospam.nospam> wrote in message
news:67**********************************@microsof t.com... Okay, one of is is obviously not understanding something. Probably it's
me.
Using Regedit: I'm sitting at my local machine, logged on under my
network
account. I pull up regedit, click Registyr/Connect Network Registry, and
type
in the remote server name. At this point, I can see the HKLM hive, but I
get
an error when I try to open it.
Programmatically: Running an app on my local machine, I succeed when
calling
RegistryKey.OpenRemoteBaseKey, but fail when calling OpenSubKey.
So... I don't understand where the local accounts come into play (unless
you're talking about the LOCAL SERVICE account).
<logged on under my network account...>, does it mean you are logged on
using a DOMAIN account (I guess not), or a local account?
You said you were an administrator on both machines, right? This can only be
true if:
- you are logged on using a DOMAIN administrators account that is a member
of the remote and the local machines administrators group, or
- you are logged on as a local administrator who has a shadow account on the
remote machine.
A shadows account is an account with the same credentials
(username/password) having the same privileges (so a member of
administrators in your case).
Hope it clears things up now,
Willy.
Willy,
Sorry it's taken so long for a reply. Somehow I didn't receive notice that
you had replied.
I'm signed into a domain account. The domain account is an admin on both
machines.
"Willy Denoyette [MVP]" wrote:
"Kevin Swanson" <ke**********@nospam.nospam> wrote in message
news:67**********************************@microsof t.com... Okay, one of is is obviously not understanding something. Probably it's
me.
Using Regedit: I'm sitting at my local machine, logged on under my
network
account. I pull up regedit, click Registyr/Connect Network Registry, and
type
in the remote server name. At this point, I can see the HKLM hive, but I
get
an error when I try to open it.
Programmatically: Running an app on my local machine, I succeed when
calling
RegistryKey.OpenRemoteBaseKey, but fail when calling OpenSubKey.
So... I don't understand where the local accounts come into play (unless
you're talking about the LOCAL SERVICE account).
<logged on under my network account...>, does it mean you are logged on
using a DOMAIN account (I guess not), or a local account?
You said you were an administrator on both machines, right? This can only be
true if:
- you are logged on using a DOMAIN administrators account that is a member
of the remote and the local machines administrators group, or
- you are logged on as a local administrator who has a shadow account on the
remote machine.
A shadows account is an account with the same credentials
(username/password) having the same privileges (so a member of
administrators in your case).
Hope it clears things up now,
Willy.
Hi Kevin,
If you logon on the remote machine using the same domain account, can to
access the registry key? Also, please check if the user has full control to
the registry key and wasn't denied access to it.
Kevin Yu
=======
"This posting is provided "AS IS" with no warranties, and confers no
rights."
KY,
Yeah... I can log on to the remote machine using my domain account, and get
full access to the registry. But I can't open HKLM using regedit from my
machine (same domain account) and connecting to the remote machine. I can see
the hive, but can't open it.
"Kevin Yu [MSFT]" wrote: Hi Kevin,
If you logon on the remote machine using the same domain account, can to
access the registry key? Also, please check if the user has full control to
the registry key and wasn't denied access to it.
Kevin Yu
=======
"This posting is provided "AS IS" with no warranties, and confers no
rights."
Hi Kevin,
Looking at the nature of this issue, it would require intensive
troubleshooting which would be done quickly and effectively with direct
assistance from a Microsoft Support Professional through Microsoft Product
Support Services. You can contact Microsoft Product Support directly to
discuss additional support options you may have available, by contacting us
at 1-(800)936-5800 or by choosing one of the options listed at http://support.microsoft.com/default...d=sz;en-us;top.
Kevin Yu
=======
"This posting is provided "AS IS" with no warranties, and confers no
rights."
I have a similar problem with accessing the remote registry on W2K SP4 from
W2K3 SP1. My problem strictly exist only with W2K3 SP1. I don't get this
problem with no service pack or when I access WXP. I always get "Access
Denied" when I try to open a registry key on W2K from W2K3 SP1. I run as a
web service on IIS under the IWAM account. I impersonate the local
administrator on the W2K3 box and authenticate as the local administrator on
the W2K box. I connect to the remote registry with no problems. I just
can't open any keys as the local administrator on the W2K box. I have full
permissions to the registry. I'm not sure why this only happens with W2K3
SP1. I haven't solved my problem, yet. I found this knowledgebase pretty
helpful. Appearly, Exchange Server 2003 also has a similar problem with a
fix: http://support.microsoft.com/?id=841561. Unfortunately, the fix is
application specific for Exchange Server 2003. I wish I can find more
details on what they did to fix this problem.
"Kevin Swanson" wrote: I'm attempting some remote registry manipulation via C#. I've written a test
app to simply grab a specified key from a specified hive on a specified
machine. The call to OpenSubKey is throwing System.SecurityException.
Also of note: Sitting at my local box, I can open regedit and connect to the
remote registry. I see three hives: _CLASSES_ROOT, _LOCAL_MACHINE, and
_USERS. I can open all but HKEY_LOCAL_MACHINE. When I try to expand that one,
I get a simple error message that tells me almost nothing.
So I'm fairly certain I'm running up against some kind of permissions issue.
This is a dev server, but I still don't want to go mucking around too much
without knowing what I'm doing. Via Terminal Services, I added LOCAL SERVICE
to HKEY_LOCAL_MACHINE and a few sub keys. That didn't help. I also found two
interesting entries in the Local Security Polcy: Remotely accessible registry
paths and Remotely accesible registry paths and sub-paths. I didn't mess
around with those much, but I did notice that there's no hive on any of the
entries, and it doesn't LOOK like all of the paths I can see connecting
remotely via regedit are in those lists (but I could be wrong).
So what's the magic formula for accessing these keys remotely? And are some
of them tied down by default? I don't think anyone here specifically decided
to make the local_machine hive inaccessible remotely...
Here's some details:
My Machine: Windows 2000 Professional
Remote Machine: Windows 2003 Server
I'm an admin on both machines...
Just for fun, here's a code sample:
public static RegistryKey GetKey(RegistryHive hive, string key, string server)
{
RegistryKey parentKey;
RegistryKey returnKey = null;
if (server == null || server.Length == 0)
{
server = string.Empty;
}
parentKey = RegistryKey.OpenRemoteBaseKey(hive, server);
if (parentKey != null)
{
try
{
// THE LINE BELOW THROWS
//
System.SecurityException
returnKey = parentKey.OpenSubKey(key, true);
}
catch(Exception exception)
{
// handle the exception!
returnKey = null;
}
}
return returnKey;
}
Mind to explain how you authenticate as a W2K 'local' administrator when
accessing the remote registry while impersonating a W2K3 "local"
administrator?
Did you turn on Logon auditing on W2K and check who is failed to
authenticate and what privileges are requested during logon.
Willy.
"Neil Do" <Ne****@discussions.microsoft.com> wrote in message
news:69**********************************@microsof t.com... I have a similar problem with accessing the remote registry on W2K SP4 from
W2K3 SP1. My problem strictly exist only with W2K3 SP1. I don't get this
problem with no service pack or when I access WXP. I always get "Access
Denied" when I try to open a registry key on W2K from W2K3 SP1. I run as
a
web service on IIS under the IWAM account. I impersonate the local
administrator on the W2K3 box and authenticate as the local administrator
on
the W2K box. I connect to the remote registry with no problems. I just
can't open any keys as the local administrator on the W2K box. I have
full
permissions to the registry. I'm not sure why this only happens with W2K3
SP1. I haven't solved my problem, yet. I found this knowledgebase pretty
helpful. Appearly, Exchange Server 2003 also has a similar problem with a
fix: http://support.microsoft.com/?id=841561. Unfortunately, the fix is
application specific for Exchange Server 2003. I wish I can find more
details on what they did to fix this problem.
"Kevin Swanson" wrote:
I'm attempting some remote registry manipulation via C#. I've written a
test
app to simply grab a specified key from a specified hive on a specified
machine. The call to OpenSubKey is throwing System.SecurityException.
Also of note: Sitting at my local box, I can open regedit and connect to
the
remote registry. I see three hives: _CLASSES_ROOT, _LOCAL_MACHINE, and
_USERS. I can open all but HKEY_LOCAL_MACHINE. When I try to expand that
one,
I get a simple error message that tells me almost nothing.
So I'm fairly certain I'm running up against some kind of permissions
issue.
This is a dev server, but I still don't want to go mucking around too
much
without knowing what I'm doing. Via Terminal Services, I added LOCAL
SERVICE
to HKEY_LOCAL_MACHINE and a few sub keys. That didn't help. I also found
two
interesting entries in the Local Security Polcy: Remotely accessible
registry
paths and Remotely accesible registry paths and sub-paths. I didn't mess
around with those much, but I did notice that there's no hive on any of
the
entries, and it doesn't LOOK like all of the paths I can see connecting
remotely via regedit are in those lists (but I could be wrong).
So what's the magic formula for accessing these keys remotely? And are
some
of them tied down by default? I don't think anyone here specifically
decided
to make the local_machine hive inaccessible remotely...
Here's some details:
My Machine: Windows 2000 Professional
Remote Machine: Windows 2003 Server
I'm an admin on both machines...
Just for fun, here's a code sample:
public static RegistryKey GetKey(RegistryHive hive, string key, string
server)
{
RegistryKey parentKey;
RegistryKey returnKey = null;
if (server == null || server.Length == 0)
{
server = string.Empty;
}
parentKey = RegistryKey.OpenRemoteBaseKey(hive, server);
if (parentKey != null)
{
try
{
// THE LINE BELOW THROWS
//
System.SecurityException
returnKey = parentKey.OpenSubKey(key, true);
}
catch(Exception exception)
{
// handle the exception!
returnKey = null;
}
}
return returnKey;
}
I used the local loopback in the user name i.e. 127.0.0.1\Administrator. I
didn't turn on the logon auditing. That's a good idea. Here is the security
event from my W2K3 box:
Logon attempt using explicit credentials:
Logged on user:
User Name: Administrator
Domain: NAPA-2003
Logon ID: (0x0,0x7EFD55)
Logon GUID: -
User whose credentials were used:
Target User Name: administrator
Target Domain: 127.0.0.1
Target Logon GUID: -
Target Server Name: SONOMA-2000S
Target Server Info: SONOMA-2000S
Caller Process ID: 4
Source Network Address: -
Source Port: -
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
"Willy Denoyette [MVP]" wrote: Mind to explain how you authenticate as a W2K 'local' administrator when
accessing the remote registry while impersonating a W2K3 "local"
administrator?
Did you turn on Logon auditing on W2K and check who is failed to
authenticate and what privileges are requested during logon.
Willy.
"Neil Do" <Ne****@discussions.microsoft.com> wrote in message
news:69**********************************@microsof t.com...I have a similar problem with accessing the remote registry on W2K SP4 from
W2K3 SP1. My problem strictly exist only with W2K3 SP1. I don't get this
problem with no service pack or when I access WXP. I always get "Access
Denied" when I try to open a registry key on W2K from W2K3 SP1. I run as
a
web service on IIS under the IWAM account. I impersonate the local
administrator on the W2K3 box and authenticate as the local administrator
on
the W2K box. I connect to the remote registry with no problems. I just
can't open any keys as the local administrator on the W2K box. I have
full
permissions to the registry. I'm not sure why this only happens with W2K3
SP1. I haven't solved my problem, yet. I found this knowledgebase pretty
helpful. Appearly, Exchange Server 2003 also has a similar problem with a
fix: http://support.microsoft.com/?id=841561. Unfortunately, the fix is
application specific for Exchange Server 2003. I wish I can find more
details on what they did to fix this problem.
"Kevin Swanson" wrote:
I'm attempting some remote registry manipulation via C#. I've written a
test
app to simply grab a specified key from a specified hive on a specified
machine. The call to OpenSubKey is throwing System.SecurityException.
Also of note: Sitting at my local box, I can open regedit and connect to
the
remote registry. I see three hives: _CLASSES_ROOT, _LOCAL_MACHINE, and
_USERS. I can open all but HKEY_LOCAL_MACHINE. When I try to expand that
one,
I get a simple error message that tells me almost nothing.
So I'm fairly certain I'm running up against some kind of permissions
issue.
This is a dev server, but I still don't want to go mucking around too
much
without knowing what I'm doing. Via Terminal Services, I added LOCAL
SERVICE
to HKEY_LOCAL_MACHINE and a few sub keys. That didn't help. I also found
two
interesting entries in the Local Security Polcy: Remotely accessible
registry
paths and Remotely accesible registry paths and sub-paths. I didn't mess
around with those much, but I did notice that there's no hive on any of
the
entries, and it doesn't LOOK like all of the paths I can see connecting
remotely via regedit are in those lists (but I could be wrong).
So what's the magic formula for accessing these keys remotely? And are
some
of them tied down by default? I don't think anyone here specifically
decided
to make the local_machine hive inaccessible remotely...
Here's some details:
My Machine: Windows 2000 Professional
Remote Machine: Windows 2003 Server
I'm an admin on both machines...
Just for fun, here's a code sample:
public static RegistryKey GetKey(RegistryHive hive, string key, string
server)
{
RegistryKey parentKey;
RegistryKey returnKey = null;
if (server == null || server.Length == 0)
{
server = string.Empty;
}
parentKey = RegistryKey.OpenRemoteBaseKey(hive, server);
if (parentKey != null)
{
try
{
// THE LINE BELOW THROWS
//
System.SecurityException
returnKey = parentKey.OpenSubKey(key, true);
}
catch(Exception exception)
{
// handle the exception!
returnKey = null;
}
}
return returnKey;
}
I turned on the "Audit logon events" in "Local Securtiy Settings" for
successes and failures. My W2K box tells me I tried to logon as "ANONYMOUS
LOGON" from my W2K3 SP1 box. I actually register as the W2K adminstrator
from my W2K3 noSP box. Here is the event log:
Successful Network Logon:
User Name: Administrator
Domain: SONOMA-2000S
Logon ID: (0x0,0x5070C)
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: CARMEL-2003
"Willy Denoyette [MVP]" wrote: Mind to explain how you authenticate as a W2K 'local' administrator when
accessing the remote registry while impersonating a W2K3 "local"
administrator?
Did you turn on Logon auditing on W2K and check who is failed to
authenticate and what privileges are requested during logon.
Willy.
"Neil Do" <Ne****@discussions.microsoft.com> wrote in message
news:69**********************************@microsof t.com...I have a similar problem with accessing the remote registry on W2K SP4 from
W2K3 SP1. My problem strictly exist only with W2K3 SP1. I don't get this
problem with no service pack or when I access WXP. I always get "Access
Denied" when I try to open a registry key on W2K from W2K3 SP1. I run as
a
web service on IIS under the IWAM account. I impersonate the local
administrator on the W2K3 box and authenticate as the local administrator
on
the W2K box. I connect to the remote registry with no problems. I just
can't open any keys as the local administrator on the W2K box. I have
full
permissions to the registry. I'm not sure why this only happens with W2K3
SP1. I haven't solved my problem, yet. I found this knowledgebase pretty
helpful. Appearly, Exchange Server 2003 also has a similar problem with a
fix: http://support.microsoft.com/?id=841561. Unfortunately, the fix is
application specific for Exchange Server 2003. I wish I can find more
details on what they did to fix this problem.
"Kevin Swanson" wrote:
I'm attempting some remote registry manipulation via C#. I've written a
test
app to simply grab a specified key from a specified hive on a specified
machine. The call to OpenSubKey is throwing System.SecurityException.
Also of note: Sitting at my local box, I can open regedit and connect to
the
remote registry. I see three hives: _CLASSES_ROOT, _LOCAL_MACHINE, and
_USERS. I can open all but HKEY_LOCAL_MACHINE. When I try to expand that
one,
I get a simple error message that tells me almost nothing.
So I'm fairly certain I'm running up against some kind of permissions
issue.
This is a dev server, but I still don't want to go mucking around too
much
without knowing what I'm doing. Via Terminal Services, I added LOCAL
SERVICE
to HKEY_LOCAL_MACHINE and a few sub keys. That didn't help. I also found
two
interesting entries in the Local Security Polcy: Remotely accessible
registry
paths and Remotely accesible registry paths and sub-paths. I didn't mess
around with those much, but I did notice that there's no hive on any of
the
entries, and it doesn't LOOK like all of the paths I can see connecting
remotely via regedit are in those lists (but I could be wrong).
So what's the magic formula for accessing these keys remotely? And are
some
of them tied down by default? I don't think anyone here specifically
decided
to make the local_machine hive inaccessible remotely...
Here's some details:
My Machine: Windows 2000 Professional
Remote Machine: Windows 2003 Server
I'm an admin on both machines...
Just for fun, here's a code sample:
public static RegistryKey GetKey(RegistryHive hive, string key, string
server)
{
RegistryKey parentKey;
RegistryKey returnKey = null;
if (server == null || server.Length == 0)
{
server = string.Empty;
}
parentKey = RegistryKey.OpenRemoteBaseKey(hive, server);
if (parentKey != null)
{
try
{
// THE LINE BELOW THROWS
//
System.SecurityException
returnKey = parentKey.OpenSubKey(key, true);
}
catch(Exception exception)
{
// handle the exception!
returnKey = null;
}
}
return returnKey;
}
I change every audit policy to log success and failure in "Local Security
Settings". I found "ANONYMOUS LOGON" everytime I ran my test. I'm limited
to the SeChangeNotifyPrivilege. I am not sure why my identity as W2K
administrator does not carry over when I try to open a registry key. This
doesn't happen with no service pack on W2K3. I would get "Administrator" with
no problem. What are the new security restriction to the remote registry in
SP1? Thanks!
"Willy Denoyette [MVP]" wrote: Mind to explain how you authenticate as a W2K 'local' administrator when
accessing the remote registry while impersonating a W2K3 "local"
administrator?
Did you turn on Logon auditing on W2K and check who is failed to
authenticate and what privileges are requested during logon.
Willy.
"Neil Do" <Ne****@discussions.microsoft.com> wrote in message
news:69**********************************@microsof t.com...I have a similar problem with accessing the remote registry on W2K SP4 from
W2K3 SP1. My problem strictly exist only with W2K3 SP1. I don't get this
problem with no service pack or when I access WXP. I always get "Access
Denied" when I try to open a registry key on W2K from W2K3 SP1. I run as
a
web service on IIS under the IWAM account. I impersonate the local
administrator on the W2K3 box and authenticate as the local administrator
on
the W2K box. I connect to the remote registry with no problems. I just
can't open any keys as the local administrator on the W2K box. I have
full
permissions to the registry. I'm not sure why this only happens with W2K3
SP1. I haven't solved my problem, yet. I found this knowledgebase pretty
helpful. Appearly, Exchange Server 2003 also has a similar problem with a
fix: http://support.microsoft.com/?id=841561. Unfortunately, the fix is
application specific for Exchange Server 2003. I wish I can find more
details on what they did to fix this problem.
"Kevin Swanson" wrote:
I'm attempting some remote registry manipulation via C#. I've written a
test
app to simply grab a specified key from a specified hive on a specified
machine. The call to OpenSubKey is throwing System.SecurityException.
Also of note: Sitting at my local box, I can open regedit and connect to
the
remote registry. I see three hives: _CLASSES_ROOT, _LOCAL_MACHINE, and
_USERS. I can open all but HKEY_LOCAL_MACHINE. When I try to expand that
one,
I get a simple error message that tells me almost nothing.
So I'm fairly certain I'm running up against some kind of permissions
issue.
This is a dev server, but I still don't want to go mucking around too
much
without knowing what I'm doing. Via Terminal Services, I added LOCAL
SERVICE
to HKEY_LOCAL_MACHINE and a few sub keys. That didn't help. I also found
two
interesting entries in the Local Security Polcy: Remotely accessible
registry
paths and Remotely accesible registry paths and sub-paths. I didn't mess
around with those much, but I did notice that there's no hive on any of
the
entries, and it doesn't LOOK like all of the paths I can see connecting
remotely via regedit are in those lists (but I could be wrong).
So what's the magic formula for accessing these keys remotely? And are
some
of them tied down by default? I don't think anyone here specifically
decided
to make the local_machine hive inaccessible remotely...
Here's some details:
My Machine: Windows 2000 Professional
Remote Machine: Windows 2003 Server
I'm an admin on both machines...
Just for fun, here's a code sample:
public static RegistryKey GetKey(RegistryHive hive, string key, string
server)
{
RegistryKey parentKey;
RegistryKey returnKey = null;
if (server == null || server.Length == 0)
{
server = string.Empty;
}
parentKey = RegistryKey.OpenRemoteBaseKey(hive, server);
if (parentKey != null)
{
try
{
// THE LINE BELOW THROWS
//
System.SecurityException
returnKey = parentKey.OpenSubKey(key, true);
}
catch(Exception exception)
{
// handle the exception!
returnKey = null;
}
}
return returnKey;
}
Hello all!
I have similar problem too. But I work on the one machine. My operation
system is Windows XP SP2.
I read data from registry with help OpenSubKey and exception appeares for
key HKEY_CURRENT_USER\Software\Microsoft\Protected Storage System
provider\S-1-5-21-2025815041-1961764723-2087665911-3808. I saw permissions
in this key - permissions for SYSTEM exist only. How I can read this key
without changing permissions manually?
Help me please if anybody can!
Thank You.
Dmitriy.
P.S. I am sorry for my English but my native language is Russian.
"Kevin Swanson" <ke**********@nospam.nospam> wrote in message
news:DF**********************************@microsof t.com... yeah... I'm an admin on both machines.
"Willy Denoyette [MVP]" wrote:
"Kevin Swanson" <ke**********@nospam.nospam> wrote in message
news:2F**********************************@microsof t.com... > I'm attempting some remote registry manipulation via C#. I've written a
> test
> app to simply grab a specified key from a specified hive on a specified
> machine. The call to OpenSubKey is throwing System.SecurityException.
>
> Also of note: Sitting at my local box, I can open regedit and connect
> to
> the
> remote registry. I see three hives: _CLASSES_ROOT, _LOCAL_MACHINE, and
> _USERS. I can open all but HKEY_LOCAL_MACHINE. When I try to expand
> that
> one,
> I get a simple error message that tells me almost nothing.
>
> So I'm fairly certain I'm running up against some kind of permissions
> issue.
> This is a dev server, but I still don't want to go mucking around too
> much
> without knowing what I'm doing. Via Terminal Services, I added LOCAL
> SERVICE
> to HKEY_LOCAL_MACHINE and a few sub keys. That didn't help. I also
> found
> two
> interesting entries in the Local Security Polcy: Remotely accessible
> registry
> paths and Remotely accesible registry paths and sub-paths. I didn't
> mess
> around with those much, but I did notice that there's no hive on any of
> the
> entries, and it doesn't LOOK like all of the paths I can see connecting
> remotely via regedit are in those lists (but I could be wrong).
>
> So what's the magic formula for accessing these keys remotely? And are
> some
> of them tied down by default? I don't think anyone here specifically
> decided
> to make the local_machine hive inaccessible remotely...
>
> Here's some details:
> My Machine: Windows 2000 Professional
> Remote Machine: Windows 2003 Server
> I'm an admin on both machines...
>
> Just for fun, here's a code sample:
>
> public static RegistryKey GetKey(RegistryHive hive, string key, string
> server)
> {
> RegistryKey parentKey;
> RegistryKey returnKey = null;
>
> if (server == null || server.Length == 0)
> {
> server = string.Empty;
> }
>
> parentKey = RegistryKey.OpenRemoteBaseKey(hive, server);
>
>
> if (parentKey != null)
> {
> try
> {
> // THE LINE BELOW THROWS
> //
> System.SecurityException
>
> returnKey = parentKey.OpenSubKey(key, true);
> }
> catch(Exception exception)
> {
> // handle the exception!
> returnKey = null;
> }
>
> }
>
> return returnKey;
> }
>
You need to be an admininistrator on the remote machine for this to work.
Willy.
Hello all!
I have similar problem too. But I work on the one machine. My operation
system is Windows XP SP2.
I read data from registry with help OpenSubKey and exception appeares for
key HKEY_CURRENT_USER\Software\Microsoft\Protected Storage System
provider\S-1-5-21-2025815041-1961764723-2087665911-3808. I saw permissions
in this key - permissions for SYSTEM exist only. How I can read this key
without changing permissions manually?
Help me please if anybody can!
Thank You.
Dmitriy.
P.S. I am sorry for my English but my native language is Russian.
"Kevin Swanson" <ke**********@nospam.nospam> wrote in message
news:DF**********************************@microsof t.com... yeah... I'm an admin on both machines.
"Willy Denoyette [MVP]" wrote:
"Kevin Swanson" <ke**********@nospam.nospam> wrote in message
news:2F**********************************@microsof t.com...
> I'm attempting some remote registry manipulation via C#. I've written
> a
> test
> app to simply grab a specified key from a specified hive on a
> specified
> machine. The call to OpenSubKey is throwing System.SecurityException.
>
> Also of note: Sitting at my local box, I can open regedit and connect
> to
> the
> remote registry. I see three hives: _CLASSES_ROOT, _LOCAL_MACHINE, and
> _USERS. I can open all but HKEY_LOCAL_MACHINE. When I try to expand
> that
> one,
> I get a simple error message that tells me almost nothing.
>
> So I'm fairly certain I'm running up against some kind of permissions
> issue.
> This is a dev server, but I still don't want to go mucking around too
> much
> without knowing what I'm doing. Via Terminal Services, I added LOCAL
> SERVICE
> to HKEY_LOCAL_MACHINE and a few sub keys. That didn't help. I also
> found
> two
> interesting entries in the Local Security Polcy: Remotely accessible
> registry
> paths and Remotely accesible registry paths and sub-paths. I didn't
> mess
> around with those much, but I did notice that there's no hive on any
> of
> the
> entries, and it doesn't LOOK like all of the paths I can see
> connecting
> remotely via regedit are in those lists (but I could be wrong).
>
> So what's the magic formula for accessing these keys remotely? And are
> some
> of them tied down by default? I don't think anyone here specifically
> decided
> to make the local_machine hive inaccessible remotely...
>
> Here's some details:
> My Machine: Windows 2000 Professional
> Remote Machine: Windows 2003 Server
> I'm an admin on both machines...
>
> Just for fun, here's a code sample:
>
> public static RegistryKey GetKey(RegistryHive hive, string key, string
> server)
> {
> RegistryKey parentKey;
> RegistryKey returnKey = null;
>
> if (server == null || server.Length == 0)
> {
> server = string.Empty;
> }
>
> parentKey = RegistryKey.OpenRemoteBaseKey(hive, server);
>
>
> if (parentKey != null)
> {
> try
> {
> // THE LINE BELOW THROWS
> //
> System.SecurityException
>
> returnKey = parentKey.OpenSubKey(key, true);
> }
> catch(Exception exception)
> {
> // handle the exception!
> returnKey = null;
> }
>
> }
>
> return returnKey;
> }
>
You need to be an admininistrator on the remote machine for this to
work.
Willy.
Hello all!
I have similar problem too. But I work on the one machine. My operation
system is Windows XP SP2.
I read data from registry with help OpenSubKey and exception appeares for
key HKEY_CURRENT_USER\Software\Microsoft\Protected Storage System
provider\S-1-5-21-2025815041-1961764723-2087665911-3808. I saw permissions
in this key - permissions for SYSTEM exist only. How I can read this key
without changing permissions manually?
Help me please if anybody can!
Thank You.
Dmitriy.
P.S. I am sorry for my English but my native language is Russian.
"Kevin Swanson" <ke**********@nospam.nospam> wrote in message
news:DF**********************************@microsof t.com... yeah... I'm an admin on both machines.
"Willy Denoyette [MVP]" wrote:
"Kevin Swanson" <ke**********@nospam.nospam> wrote in message
news:2F**********************************@microsof t.com...
> I'm attempting some remote registry manipulation via C#. I've written
> a
> test
> app to simply grab a specified key from a specified hive on a
> specified
> machine. The call to OpenSubKey is throwing System.SecurityException.
>
> Also of note: Sitting at my local box, I can open regedit and connect
> to
> the
> remote registry. I see three hives: _CLASSES_ROOT, _LOCAL_MACHINE,
> and
> _USERS. I can open all but HKEY_LOCAL_MACHINE. When I try to expand
> that
> one,
> I get a simple error message that tells me almost nothing.
>
> So I'm fairly certain I'm running up against some kind of permissions
> issue.
> This is a dev server, but I still don't want to go mucking around too
> much
> without knowing what I'm doing. Via Terminal Services, I added LOCAL
> SERVICE
> to HKEY_LOCAL_MACHINE and a few sub keys. That didn't help. I also
> found
> two
> interesting entries in the Local Security Polcy: Remotely accessible
> registry
> paths and Remotely accesible registry paths and sub-paths. I didn't
> mess
> around with those much, but I did notice that there's no hive on any
> of
> the
> entries, and it doesn't LOOK like all of the paths I can see
> connecting
> remotely via regedit are in those lists (but I could be wrong).
>
> So what's the magic formula for accessing these keys remotely? And
> are
> some
> of them tied down by default? I don't think anyone here specifically
> decided
> to make the local_machine hive inaccessible remotely...
>
> Here's some details:
> My Machine: Windows 2000 Professional
> Remote Machine: Windows 2003 Server
> I'm an admin on both machines...
>
> Just for fun, here's a code sample:
>
> public static RegistryKey GetKey(RegistryHive hive, string key,
> string
> server)
> {
> RegistryKey parentKey;
> RegistryKey returnKey = null;
>
> if (server == null || server.Length == 0)
> {
> server = string.Empty;
> }
>
> parentKey = RegistryKey.OpenRemoteBaseKey(hive, server);
>
>
> if (parentKey != null)
> {
> try
> {
> // THE LINE BELOW THROWS
> //
> System.SecurityException
>
> returnKey = parentKey.OpenSubKey(key, true);
> }
> catch(Exception exception)
> {
> // handle the exception!
> returnKey = null;
> }
>
> }
>
> return returnKey;
> }
>
You need to be an admininistrator on the remote machine for this to
work.
Willy.
I have been experiencing a similar problem accessing a remote registry.
It seems that W2K3 SP1 breaks the authentication mechanism used by the
remote registry call. The following is a link to a MS article detailing
the problem. They do not mention the .NET API call, but I assume it is
reasonable for the .NET functions to be a wrapped of some other
functions. http://support.microsoft.com/default...b;en-us;906570
Hopefully this is of some help!
*** Sent via Developersdex http://www.developersdex.com ***
try using this before the OpenRemoteBaseKey line
RegistryPermission rpWrite = new
RegistryPermission(RegistryPermissionAccess.AllAcc ess,
@"HKEY_LOCAL_MACHINE\SOFTWARE\ODBC");
RegistryKey rkodbc = local.OpenSubKey("SOFTWARE", true);
this works for me, but my impersonation of the apppool is defined with a
administrator.
hope it helps
*** Sent via Developersdex http://www.developersdex.com ***
I've got 2 solutions for your problem:
1st and the simplest:
RegistryPermission rpWrite = new
RegistryPermission(RegistryPermissionAccess.AllAcc ess,
@"HKEY_LOCAL_MACHINE\SOFTWARE\ODBC");
RegistryKey local =
RegistryKey.OpenRemoteBaseKey(RegistryHive.LocalMa chine, scMachine);
RegistryKey rkodbc = local.OpenSubKey("SOFTWARE", true);
and if you are in a diferent domain or not in a domain you can add a IPC
net use like this, where the path is @"\\MachineNameorIP\IPC$":
String cmdString = String.Format("net use {0} /user:{1}
{2}", path, username, password);
ManagementClass processClass = new
ManagementClass("Win32_Process");
object[] methodArgs = { cmdString, null, null, 0 };
object result = processClass.InvokeMethod("Create",
methodArgs);
*** Sent via Developersdex http://www.developersdex.com ***
I've got 2 solutions for your problem:
1st and the simplest:
RegistryPermission rpWrite = new
RegistryPermission(RegistryPermissionAccess.AllAcc ess,
@"HKEY_LOCAL_MACHINE\SOFTWARE\ODBC");
RegistryKey local =
RegistryKey.OpenRemoteBaseKey(RegistryHive.LocalMa chine, scMachine);
RegistryKey rkodbc = local.OpenSubKey("SOFTWARE", true);
and if you are in a diferent domain or not in a domain you can add a IPC
net use like this, where the path is @"\\MachineNameorIP\IPC$":
String cmdString = String.Format("net use {0} /user:{1}
{2}", path, username, password);
ManagementClass processClass = new
ManagementClass("Win32_Process");
object[] methodArgs = { cmdString, null, null, 0 };
object result = processClass.InvokeMethod("Create",
methodArgs);
*** Sent via Developersdex http://www.developersdex.com *** This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: g82martin |
last post by:
I am using the RegistryKey class to access the registry on remote
machines. I only require read access. I am able to successfully read
registry keys under HKLM\Software\Microsoft\Windows...
|
by: Kovan A. |
last post by:
Steps i have taken:
1. Gave ASPNET user access to C:\WINDOWS\system32\config\appevent.evt
2. Set my anonymous asp user to Administrator (to eliminate any problesm
with reading and writing)
3....
|
by: Josh Flanagan |
last post by:
I am trying to write to the event log from ASP.NET, on Windows XP SP1.
As soon as I try to write an event (or even query the source with
EventLog.SourceExists() or EventLog.LogNameFromSourceName())...
|
by: bfprog |
last post by:
Using IBM iSeries client access OLEDB provider to connect to DB2 on AS/400,
but cannot create connection using .NET web app. Using following code:
Dim cnTest As New...
|
by: LP |
last post by:
Hi,
My webservice is currently deployed on WIndows 2000 server and runs pretty
fine. I am trying to run my webservice on a Windows 2003 server. My
webservice tries to write to a eventlog. The...
|
by: Boris |
last post by:
Has anyone ever managed to read a Windows registry key in a PHP webpage? I
installed the PHP extension win32std and saved their sample script from...
|
by: Peter Ritchie |
last post by:
I'm writing a Web Service and I would like to add performance counter data
for monitoring performance of the Web Service's operations over time and load.
The problem is, I get the "Requested...
|
by: UK1967 |
last post by:
I wrote a ASP.NET application (Windows 2003 Enterprise Server, IIS, .NET
Framework 1.1). This application use the Windows (AD) account and
impersonation. Some functions in this application contact,...
|
by: JB |
last post by:
I am trying to access a registry key on computer like so:
key = RegistryKey.OpenRemoteBaseKey(RegistryHive.LocalMachine,
computerName).OpenSubKey(Subkey);
There are two keys I am trying to...
|
by: CloudSolutions |
last post by:
Introduction:
For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
|
by: Faith0G |
last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
|
by: ryjfgjl |
last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
| |
