473,326 Members | 2,655 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,326 software developers and data experts.

UnauthorizedAccessException when calling SetSecurityDescriptor

Hi,

I originally posted this in dotnet.security, but have moved it here by request:

Hi,

I am trying to programmatically add a user with read permissions to
the DACL of a registry key. All appears to go well until I try to
save the security descriptor back into the registry. I then get the
UnauthorizedAccessException thrown.

I'm doing this with an account that is in the Administrators group.
Any ideas what I am missing?
Code follows:

using System;
using System.Security.Permissions;
using Microsoft.Win32;
using System.Diagnostics;
using ActiveDs;

namespace TRISClientPreSetup
{
class cMain
{
[STAThread]
static void Main(string[] args)
{
RegistryKey oRootKey = Registry.LocalMachine;
AccessControlEntryClass oACE;
ADsSecurityUtilityClass oADSUC = new ADsSecurityUtilityClass();
SecurityDescriptor oSD;
AccessControlList oACL;

try
{
// Set the SecurtityMask of the Security Utility Class object
oADSUC.SecurityMask =
(int)ADS_SECURITY_INFO_ENUM.ADS_SECURITY_INFO_DACL ;
// Get the SecurityDescriptor of the of the registry key
oSD = (SecurityDescriptor)oADSUC.GetSecurityDescriptor(
@"HKEY_LOCAL_MACHINE\System\CurrentControlSet\Serv ices\EventLog",
(int)ADS_PATHTYPE_ENUM.ADS_PATH_REGISTRY,
(int)ADS_SD_FORMAT_ENUM.ADS_SD_FORMAT_IID);
// Get the DACL of the SecurityDescriptor of the registry key
oACL = (AccessControlList)oSD.DiscretionaryAcl;

// Set up a new AccessControlEntry to add to the DACL
oACE = new AccessControlEntryClass();
// Set the trustee to the new user
oACE.Trustee = @"KA2G2P51\tris";
// I empirically derrived the AccessMask by manually adding
// this user through regedt32 then examining the value of
// the resulting entry
oACE.AccessMask = (int)(ADS_RIGHTS_ENUM.ADS_RIGHT_READ_CONTROL
| ADS_RIGHTS_ENUM.ADS_RIGHT_DS_CREATE_CHILD
| ADS_RIGHTS_ENUM.ADS_RIGHT_DS_READ_PROP
| ADS_RIGHTS_ENUM.ADS_RIGHT_DS_SELF);
// I derrived the AceFlags the same way
oACE.AceFlags = (int)ADS_ACEFLAG_ENUM.ADS_ACEFLAG_INHERIT_ACE;

// Add the AccessControlEntry to the DACL
oACL.AddAce( oACE );
// Save the DACL back into the SecurityDescriptor
oSD.DiscretionaryAcl = oACL;
// Save the SecurityDescriptor back into the registry
oADSUC.SetSecurityDescriptor(
@"HKEY_LOCAL_MACHINE\System\CurrentControlSet\Serv ices\EventLog",
(int)ADS_PATHTYPE_ENUM.ADS_PATH_REGISTRY,
oSD,
(int)ADS_SD_FORMAT_ENUM.ADS_SD_FORMAT_IID);

// This last line is the line that errors with:
// System.UnauthorizedAccessException: Access is denied.

}
catch ( Exception ex )
{
Console.WriteLine( ex.ToString() );
Console.Read();
}
}
}
}
Jul 21 '05 #1
7 3075
Hi,

This is to keep this thread alive.

Is this an MSDN managed group?

Thanks,
Doug
Jul 21 '05 #2
hi Taylor,

This group is managed by us. Please let me know if there is an MSFT replied
your original post and his email. I will help to follow up with him.

Thanks,

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Jul 21 '05 #3
Luke,

Thanks for your reply. In truth, your's is the first reply. Is there
anything that I need to do that will help? Are there any more details
I can supply?

Thanks again,
Doug
lu******@online.microsoft.com (MSFT) wrote in message news:<zw**************@cpmsftngxa06.phx.gbl>...
hi Taylor,

This group is managed by us. Please let me know if there is an MSFT replied
your original post and his email. I will help to follow up with him.

Thanks,

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Jul 21 '05 #4
Hi Doug,

If you have a issue which need assistance, you may post a message on this
group and include all detaill information about the problem. For example,
the exact error message you get, and part of your code which can help to
reproduce the problem.

Regards,

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Jul 21 '05 #5
Luke,

Thanks for your response.

As far as the exact error message and the code which can help to
reproduce the problem... I refer you to my original post.

However, I have had to move on and we have found a 3rd party solution,
so I guess we can let it drop.

I do wish Microsoft would look into making this task easier within the
Framework. I feel it is an overlooked area.

Thanks again,
Doug
lu******@online.microsoft.com (MSFT) wrote in message news:<Yo**************@cpmsftngxa06.phx.gbl>...
Hi Doug,

If you have a issue which need assistance, you may post a message on this
group and include all detaill information about the problem. For example,
the exact error message you get, and part of your code which can help to
reproduce the problem.

Regards,

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Jul 21 '05 #6
Hi, Doug

When you changed the newsgroup of your post, we lost any link to your
original post. Luke was unable to locate it. I did some digging and found
it in microsoft.public.dotnet.security, which is not a managed newsgroup.
This explains why we did respond to your original post. If you wish to
pursue yoru original issue further, please respond here and we will get
someone on it.

Thank you for choosing the MSDN Managed Newsgroups,

John Eikanger
Microsoft Developer Support

This posting is provided “AS IS” with no warranties, and confers no rights.
"Microsoft highly recommends to all of our customers that they visit the
http://www.microsoft.com/protect site and perform the three straightforward
steps listed to improve your computer’s security."
--------------------
| From: do*********@accipitersoftware.com
(doug.h.taylor.accipitersoftware.com)
| Newsgroups: microsoft.public.dotnet.general
| Subject: Re: UnauthorizedAccessException when calling
SetSecurityDescriptor
| Date: 30 Sep 2003 12:14:49 -0700
| Organization: http://groups.google.com
| Lines: 33
| Message-ID: <e1**************************@posting.google.com >
| References: <e1**************************@posting.google.com >
<e1*************************@posting.google.com>
<zw**************@cpmsftngxa06.phx.gbl>
<e1**************************@posting.google.com >
<Yo**************@cpmsftngxa06.phx.gbl>
| NNTP-Posting-Host: 148.134.37.3
| Content-Type: text/plain; charset=ISO-8859-1
| Content-Transfer-Encoding: 8bit
| X-Trace: posting.google.com 1064949289 3840 127.0.0.1 (30 Sep 2003
19:14:49 GMT)
| X-Complaints-To: gr**********@google.com
| NNTP-Posting-Date: Tue, 30 Sep 2003 19:14:49 +0000 (UTC)
| Path:
cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed 00.sul.t-online.de!t-onlin
e.de!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!sn-xit-03!sn-xit-04!sn-
xit-01!sn-xit-09!supernews.com!postnews1.google.com!not-for-mail
| Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.general:110385
| X-Tomcat-NG: microsoft.public.dotnet.general
|
| Luke,
|
| Thanks for your response.
|
| As far as the exact error message and the code which can help to
| reproduce the problem... I refer you to my original post.
|
| However, I have had to move on and we have found a 3rd party solution,
| so I guess we can let it drop.
|
| I do wish Microsoft would look into making this task easier within the
| Framework. I feel it is an overlooked area.
|
| Thanks again,
| Doug

Jul 21 '05 #7
John,

Thanks for your attention. I am sorry for the confusion. When I
switched newsgroups I simply copied the text of the first message in
the security newsgroup and pasted it in a new thread in this
newsgroup. There should be no links between the two newsgroups. When
I view this thread I can see my original posting as message 1 in this
thread. I have no idea why you cannot see it. Perhaps it is because
I am viewing these with Google and it looks different to me.

At any rate, I have moved on. I never got a resolution, but I ran out
of time. Thanks again for your assistance and I'm sorry for all the
confusion.

Doug
jo****@online.microsoft.com (John Eikanger [MSFT]) wrote in message news:<Ea**************@cpmsftngxa06.phx.gbl>...
Hi, Doug

When you changed the newsgroup of your post, we lost any link to your
original post. Luke was unable to locate it. I did some digging and found
it in microsoft.public.dotnet.security, which is not a managed newsgroup.
This explains why we did respond to your original post. If you wish to
pursue yoru original issue further, please respond here and we will get
someone on it.

Thank you for choosing the MSDN Managed Newsgroups,

John Eikanger
Microsoft Developer Support

This posting is provided ?AS IS? with no warranties, and confers no rights.
"Microsoft highly recommends to all of our customers that they visit the
http://www.microsoft.com/protect site and perform the three straightforward
steps listed to improve your computer?s security."

truncated.
Jul 21 '05 #8

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
by: Jessica | last post by:
I have a .Net 1.0 web service that uses a .Net 1.1 assembly to create users, change users' passwords, validate users, and remove users from an LDAP server. The 1.1 code uses the DirectoryServices...
0
by: Jeremy Chapman | last post by:
In an asp.net page, I'm creating an exchange account. I've created the account, and tied it to a primary NT account. Now I'm trying to assign permissions to it but I get an error of "The...
1
by: Hal 9000 | last post by:
In c# we have a function that creates a virtual directory in IIS 6.0 using DirectoryServices API. The code looks like this: // log in to IIS DirectoryEntry rootDir = new...
12
by: Lucas Tam | last post by:
I have a very simple loop: If (Directory.Exists(tempDirectory)) Then Try Dim Files() As String = Directory.GetFiles(tempDirectory) 'Clear out directory For Each Filename As String In Files...
7
by: Doug Taylor | last post by:
Hi, I originally posted this in dotnet.security, but have moved it here by request: Hi, I am trying to programmatically add a user with read permissions to the DACL of a registry key. ...
5
by: Kristoffer Persson | last post by:
Hi all! I'm trying to use a named EventWaitHandle to signal events between processes that run on the same computer. One of them is a service running as SYSTEM and the other one is a normal user....
0
by: nime | last post by:
I've got a problem. I cannot debug my app. which one contains WebBrowser control. I found a resolution but it's for an ASP related problem. I couldn't find a correct "user" to give permisson then...
0
by: =?Utf-8?B?cGxlYXNlIGhlbHAgU3lzdGVtLlVuYXV0aG9yaXpl | last post by:
Please help . iam getting this error after calling a web service which is published on a server. knowing that in this web service i used ie.navigate2(..). ...
1
by: JDS | last post by:
I am getting the following error in my application: System.UnauthorizedAccessException was unhandled Message="Access to the port is denied." Source="System" StackTrace: at...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.