I have a simple console app that uses:
regSubKey = <some registry key>
Dim reg As RegistryKey = Registry.ClassesRoot.OpenSubKey(regSubKey)
Dim path As String
path = CStr(reg.GetValue(""))
to grab the default value of a registry key.
It works great on my machine. When I try to
access the application from another machine, it fails due to security
issues. Specifically I get an error message regarding
System.Security.Permissions.RegistryPermissions. Apparently I don't have
permission to read the registry on the remote PC.
How can this be handled?
Thanks,
Al
8  5335 
Hi,
Thanks for posting in the community.
First of all, I would like to confirm my understanding of your issue.
From your description, I understand that your app which will access local
registry successfully will not work for remote registry.
Have I fully understood you? If there is anything I misunderstood, please
feel free to let me know.
From the MSDN,
In order for a key to be opened remotely, both machines (the service, and
client) must be running the remote registry service, and have remote
administration enabled. http://msdn.microsoft.com/library/de...us/cpref/html/
frlrfmicrosoftwin32registrykeyclassopenremotebasek eytopic.asp
As the feature is provided by OS but not .NET framework. Hence, the regular
policies apply. The user of application needs the Administrator privilege
of the remote machine. Additional, in order for a key to be opened
remotely, both machines (the service, and client) must be running the
remote registry service, and have remote administration enabled.
You may try to log on as an user in the administrators group. Here is my
test code.
Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles Button1.Click
Dim regLocalMachine As RegistryKey =
RegistryKey.OpenRemoteBaseKey(RegistryHive.LocalMa chine, "<Computer Name>")
Dim regComputerName As RegistryKey =
regLocalMachine.OpenSubKey("SYSTEM\CurrentControlS et\Control\ComputerName\Co
mputerName", False)
MessageBox.Show(regComputerName.GetValue("Computer Name"))
End Sub
Please apply my suggestion above and let me know if it helps resolve your
problem.
Best regards,
Peter Huang
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
Peter,
Thanks for your response. I should have been more specific. Here's what
I'm trying to do:
My application will reside on a central server and be run from PCs on the
LAN. It's intent is to launch Microsoft Access applications which reside on
the central server. That means that each individual PC must launch its
local version of MSAccess.exe. My application looks in the registry for the
path to MSAccess.exe and then launches it. The problem is that I cannot
read the registry on the local PC.
If you need any more information, please let me know. Thanks for your help,
Al
"Peter Huang" <v-******@online.microsoft.com> wrote in message
news:DJ**************@cpmsftngxa07.phx.gbl... Hi,
Thanks for posting in the community.
First of all, I would like to confirm my understanding of your issue.
From your description, I understand that your app which will access local
registry successfully will not work for remote registry.
Have I fully understood you? If there is anything I misunderstood, please
feel free to let me know.
From the MSDN,
In order for a key to be opened remotely, both machines (the service, and
client) must be running the remote registry service, and have remote
administration enabled.
http://msdn.microsoft.com/library/de...us/cpref/html/ frlrfmicrosoftwin32registrykeyclassopenremotebasek eytopic.asp
As the feature is provided by OS but not .NET framework. Hence, the
regular policies apply. The user of application needs the Administrator privilege
of the remote machine. Additional, in order for a key to be opened
remotely, both machines (the service, and client) must be running the
remote registry service, and have remote administration enabled.
You may try to log on as an user in the administrators group. Here is my
test code.
Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles Button1.Click
Dim regLocalMachine As RegistryKey =
RegistryKey.OpenRemoteBaseKey(RegistryHive.LocalMa chine, "<Computer
Name>") Dim regComputerName As RegistryKey =
regLocalMachine.OpenSubKey("SYSTEM\CurrentControlS et\Control\ComputerName\Co mputerName", False)
MessageBox.Show(regComputerName.GetValue("Computer Name"))
End Sub
Please apply my suggestion above and let me know if it helps resolve your
problem.
Best regards,
Peter Huang
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no
rights.
Hi,
Thanks for your quickly reply!
Here I wants to reword your senario as below.
1. a cetral server SRV which will share the winform application in a shared
folder.
2. e.g. PC A will access the winform application by using UNC path, i.e.
\\SRV \Sharedfolder\winapp.exe
3. the winapp will check the MSAccess.exe path in the PC A, and the winapp
will lauch the application.
In this senario, the winapp.exe run on the UNC path need the CAS permission
on the PC A.
You may set it by following the steps below.
1. Run the command line below
%systemroot%\Microsoft.NET\Framework\v1.1.4322\msc orcfg.msc
to open the .NET Configuration 1.1
( you may also open the dialog by browse to Control Panel/Adminitrative
Tools/Microsoft .NET Framework 1.1 Configuration)
2. Navigate to My Computer/Runtime Security Policy/Machine/Code
Groups/All_Code/Internet_Zone
3. Right click on the Internet_Zone and select New...
4. Check "Create a new code group", input text into name(e.g.
Testcodegroup) Next
5. In the drop down box select URL, in the URL: input the UNC path the
format is similar with below
\\SRV \Sharedfolder\*
Next
6. Check "Use existing permission set: select Full Trust/Next
7. Finish
8. Run the \\SRV \Sharedfolder\winapp.exe on the PC A to see if the problem
persists.
BTW It's intent is to launch Microsoft Access applications which reside on
the central server. That means that each individual PC must launch its
local version of MSAccess.exe.
So I am confused by you statement about where the Microsoft Access
applications resided?
It is on the central server SRV or PC A?
Best regards,
Peter Huang
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
Peter,
I don't think it makes any difference but my application is a console
application, not a windows application. For clarification purposes, my .NET
application's exe resides on PC A, but that's just a maintenance and
administration convenience. It would be a headache but it could be
installed on each PC. If it is installed on a PC, it runs just fine, i.e.,
there is no problem reading the registry. If the application is installed
on PC A and run from PC B then PC B's registry cannot be read.
Here's where I get confused. When the application is executed from PC B, I
thought it was running on the PC B regardless of the location of the exe. I
didn't think the location of the exe controlled where the application was
running. Are you saying that the application is running on PC A and is
therefore attempting to access the registry on PC B that it considers
remote?
The bottom line seems to be: Installed locally, the application can read
the registry. Installed remotely but run locally, the application cannot
read the registry.
Thanks again for your help,
Al
"Peter Huang" <v-******@online.microsoft.com> wrote in message
news:0Z**************@cpmsftngxa07.phx.gbl... Hi,
Thanks for your quickly reply!
Here I wants to reword your senario as below.
1. a cetral server SRV which will share the winform application in a
shared folder.
2. e.g. PC A will access the winform application by using UNC path, i.e.
\\SRV \Sharedfolder\winapp.exe
3. the winapp will check the MSAccess.exe path in the PC A, and the winapp
will lauch the application.
In this senario, the winapp.exe run on the UNC path need the CAS
permission on the PC A.
You may set it by following the steps below.
1. Run the command line below
%systemroot%\Microsoft.NET\Framework\v1.1.4322\msc orcfg.msc
to open the .NET Configuration 1.1
( you may also open the dialog by browse to Control Panel/Adminitrative
Tools/Microsoft .NET Framework 1.1 Configuration)
2. Navigate to My Computer/Runtime Security Policy/Machine/Code
Groups/All_Code/Internet_Zone
3. Right click on the Internet_Zone and select New...
4. Check "Create a new code group", input text into name(e.g.
Testcodegroup) Next
5. In the drop down box select URL, in the URL: input the UNC path the
format is similar with below
\\SRV \Sharedfolder\*
Next
6. Check "Use existing permission set: select Full Trust/Next
7. Finish
8. Run the \\SRV \Sharedfolder\winapp.exe on the PC A to see if the
problem persists.
BTW It's intent is to launch Microsoft Access applications which reside on
the central server. That means that each individual PC must launch its
local version of MSAccess.exe.
So I am confused by you statement about where the Microsoft Access
applications resided?
It is on the central server SRV or PC A?
Best regards,
Peter Huang
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no
rights.
Hi,
Thanks for your quickly reply!
Comments in line.
Best regards,
Peter Huang
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
-------------------- From: "Al Kaufman" <al*******@austin.rr.com>
References: <uM**************@TK2MSFTNGP09.phx.gbl>
<DJ**************@cpmsftngxa07.phx.gbl>
<#Z**************@TK2MSFTNGP10.phx.gbl>
<0Z**************@cpmsftngxa07.phx.gbl>Subject: Re: Registry Permissions
Date: Fri, 20 Feb 2004 09:56:34 -0600
Lines: 92
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Message-ID: <Ox**************@TK2MSFTNGP11.phx.gbl>
Newsgroups: microsoft.public.dotnet.languages.vb
NNTP-Posting-Host: cs24243238-237.austin.rr.com 24.243.238.237
Path:
cpmsftngxa07.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSFTN GXA06.phx.gbl!TK2MSFTNGXA0
5.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP11.phx.gb lXref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.languages.vb:183037
X-Tomcat-NG: microsoft.public.dotnet.languages.vb
Peter,
I don't think it makes any difference but my application is a console
application, not a windows application. For clarification purposes, my
.NETapplication's exe resides on PC A, but that's just a maintenance and
administration convenience. It would be a headache but it could be
installed on each PC. If it is installed on a PC, it runs just fine, i.e.,
there is no problem reading the registry. If the application is installed
on PC A and run from PC B then PC B's registry cannot be read.
From your description, I assume that you application is similar with code
below. That is to say it will not need any other resource, e.g. it do not
need to open an file that is located on PC A, or it hasn't some information
in the registry on PC A particularlly.
Imports Microsoft.Win32
Module Module1
Public Sub Main()
Dim regLocalMachine As RegistryKey =
RegistryKey.OpenRemoteBaseKey(RegistryHive.LocalMa chine, "sha-phuang-03")
Dim regComputerName As RegistryKey =
Registry.LocalMachine.OpenSubKey("SYSTEM\CurrentCo ntrolSet\Control\ComputerN
ame\ComputerName", False)
Console.WriteLine(regComputerName.GetValue("Comput erName"))
End Sub
End Module
Here's where I get confused. When the application is executed from PC B, I
thought it was running on the PC B regardless of the location of the exe.
Ididn't think the location of the exe controlled where the application was
running. Are you saying that the application is running on PC A and is
therefore attempting to access the registry on PC B that it considers
remote?
Yes, if an application is located on PC A, and you shared the application
with an UNC path.
If you run the application from PC B, the code will run in PC B.
But .NET framework has a set of security modal(CAS code access security ).
You can specify an application from different place with different security
level. As I said in my last post, Microsoft .NET Framework 1.1
Configuration will help you configurate the permission for the application
from different place. By default, the local machine has the high privilege
to let the code from local machine do the thing which needs high privilege.
While an application from outside the local machine will be given less
privilege, so that when you run the application from another PC will get
the security exception which was thrown by .NET framework.
So to run the application located in PC A from PC B, you must change the
default CAS setting on the PC B as I said in my last post.
For detailed information about .NET Framework Configuration Tool . Take a
look at the link below.
.NET Framework Tools
.NET Framework Configuration Tool (Mscorcfg.msc)
http://msdn.microsoft.com/library/de...us/cptools/htm
l/cpconnetframeworkadministrationtoolmscorcfgmsc.asp
The bottom line seems to be: Installed locally, the application can read
the registry. Installed remotely but run locally, the application cannot
read the registry.
Thanks again for your help,
Al
Hello Peter,
Sorry if I don't seem to be getting the point but here's a little more
information that, hopefully, will clarify my understanding.
My code contains something like:
Dim regSubKey As String
regSubKey = "Access.Application.8\shell\Open\Command"
Dim reg As RegistryKey = Registry.ClassesRoot.OpenSubKey(regSubKey)
Console.Write(CStr(reg.GetValue("")))
I am not using OpenRemoteBaseKey, i.e., I am not trying to read the
registry on a remote PC. I am trying to read the registry on the local PC.
The exe resides on a remote PC, call it PC A, but it is executed from PC B
and the intent is to read the registry on PC B.
If after reading this, your suggested resolution is the same, i.e., the
permissions at each PC on which the application runs will need to be
changed, is there a way to do it programatically? The intent of this little
application was to avoid having to change settings on each PC and reduce the
administrative duties.
Thanks for your patience,
Al
"Peter Huang" <v-******@online.microsoft.com> wrote in message
news:n8****************@cpmsftngxa06.phx.gbl... Hi,
Thanks for your quickly reply!
Comments in line.
Best regards,
Peter Huang
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no
rights. --------------------From: "Al Kaufman" <al*******@austin.rr.com>
References: <uM**************@TK2MSFTNGP09.phx.gbl> <DJ**************@cpmsftngxa07.phx.gbl>
<#Z**************@TK2MSFTNGP10.phx.gbl>
<0Z**************@cpmsftngxa07.phx.gbl>Subject: Re: Registry Permissions
Date: Fri, 20 Feb 2004 09:56:34 -0600
Lines: 92
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Message-ID: <Ox**************@TK2MSFTNGP11.phx.gbl>
Newsgroups: microsoft.public.dotnet.languages.vb
NNTP-Posting-Host: cs24243238-237.austin.rr.com 24.243.238.237
Path:
cpmsftngxa07.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSFTN GXA06.phx.gbl!TK2MSFTNGXA0 5.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP11.phx.gb lXref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.languages.vb:183037
X-Tomcat-NG: microsoft.public.dotnet.languages.vb
Peter,
I don't think it makes any difference but my application is a console
application, not a windows application. For clarification purposes, my NETapplication's exe resides on PC A, but that's just a maintenance and
administration convenience. It would be a headache but it could be
installed on each PC. If it is installed on a PC, it runs just fine,
i.e.,there is no problem reading the registry. If the application is
installedon PC A and run from PC B then PC B's registry cannot be read.
From your description, I assume that you application is similar with code
below. That is to say it will not need any other resource, e.g. it do not
need to open an file that is located on PC A, or it hasn't some
information in the registry on PC A particularlly.
Imports Microsoft.Win32
Module Module1
Public Sub Main()
Dim regLocalMachine As RegistryKey =
RegistryKey.OpenRemoteBaseKey(RegistryHive.LocalMa chine, "sha-phuang-03")
Dim regComputerName As RegistryKey =
Registry.LocalMachine.OpenSubKey("SYSTEM\CurrentCo ntrolSet\Control\ComputerN ame\ComputerName", False)
Console.WriteLine(regComputerName.GetValue("Comput erName"))
End Sub
End Module
Here's where I get confused. When the application is executed from PC B,
Ithought it was running on the PC B regardless of the location of the exe. Ididn't think the location of the exe controlled where the application was
running. Are you saying that the application is running on PC A and is
therefore attempting to access the registry on PC B that it considers
remote?
Yes, if an application is located on PC A, and you shared the application
with an UNC path.
If you run the application from PC B, the code will run in PC B.
But .NET framework has a set of security modal(CAS code access security ).
You can specify an application from different place with different
security level. As I said in my last post, Microsoft .NET Framework 1.1
Configuration will help you configurate the permission for the application
from different place. By default, the local machine has the high privilege
to let the code from local machine do the thing which needs high
privilege. While an application from outside the local machine will be given less
privilege, so that when you run the application from another PC will get
the security exception which was thrown by .NET framework.
So to run the application located in PC A from PC B, you must change the
default CAS setting on the PC B as I said in my last post.
For detailed information about .NET Framework Configuration Tool . Take a
look at the link below.
NET Framework Tools
NET Framework Configuration Tool (Mscorcfg.msc)
http://msdn.microsoft.com/library/de...us/cptools/htm l/cpconnetframeworkadministrationtoolmscorcfgmsc.asp
The bottom line seems to be: Installed locally, the application can read
the registry. Installed remotely but run locally, the application cannot
read the registry.
Thanks again for your help,
Al
Hi,
I am sorry for confusion, but even if we did not OpenRemoteBaseKey,
The code access security setting is also needed to run the code below.
Dim regComputerName As RegistryKey =
Registry.LocalMachine.OpenSubKey("SYSTEM\CurrentCo ntrolSet\Control\ComputerN
ame\ComputerName", False)
Console.WriteLine(regComputerName.GetValue("Comput erName"))
Also .NET framework provide a tool for us the modify the CAS
setting.(caspol.exe)
You may find it by referring the link below
Adding Code Groups http://msdn.microsoft.com/library/de...us/cpguide/htm
l/cpconaddingcodegrouptocodegrouphierarchy.asp
More detailed information about caspol.
Code Access Security Policy Tool (Caspol.exe) http://msdn.microsoft.com/library/de...us/cptools/htm
l/cpgrfCodeAccessSecurityPolicyUtilityCaspolexe.asp
Here I write the code for you. You may need to run the code line on PC B,
and the other machines which need to access the WinAPP.exe will need to run
the code line locally, and just run once is OK. (I assume the Winapp.exe in
on PCA.)
caspol -q -m -addgroup 1 -url \\PCA\Sharedfolder\Winapp.exe FullTrust
[Note:]
caspol usually located in the path below
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\caspo l.exe
The code above will grant the \\PCA\Sharedfolder\Winapp.exe the FullTrust
permission so that it can read the local registry. You may try to save the
command line above as a bat file(e.g. settting.cmd)
So that your user can just run the setting.cmd just once to set the CAS
setting.
If you have any concern on this issue, please post here.
Best regards,
Peter Huang
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
Hi
I followed the posting and understand the security requirements for an
app to access the local machine's registry.
Is there a programatic way of reding a local machines registry even
when executed using UNC.
thanks! v-******@online.microsoft.com (Peter Huang) wrote in message news:<L0**************@cpmsftngxa06.phx.gbl>... Hi,
I am sorry for confusion, but even if we did not OpenRemoteBaseKey,
The code access security setting is also needed to run the code below.
Dim regComputerName As RegistryKey =
Registry.LocalMachine.OpenSubKey("SYSTEM\CurrentCo ntrolSet\Control\ComputerN
ame\ComputerName", False)
Console.WriteLine(regComputerName.GetValue("Comput erName"))
Also .NET framework provide a tool for us the modify the CAS
setting.(caspol.exe)
You may find it by referring the link below
Adding Code Groups
http://msdn.microsoft.com/library/de...us/cpguide/htm
l/cpconaddingcodegrouptocodegrouphierarchy.asp
More detailed information about caspol.
Code Access Security Policy Tool (Caspol.exe)
http://msdn.microsoft.com/library/de...us/cptools/htm
l/cpgrfCodeAccessSecurityPolicyUtilityCaspolexe.asp
Here I write the code for you. You may need to run the code line on PC B,
and the other machines which need to access the WinAPP.exe will need to run
the code line locally, and just run once is OK. (I assume the Winapp.exe in
on PCA.)
caspol -q -m -addgroup 1 -url \\PCA\Sharedfolder\Winapp.exe FullTrust
[Note:]
caspol usually located in the path below
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\caspo l.exe
The code above will grant the \\PCA\Sharedfolder\Winapp.exe the FullTrust
permission so that it can read the local registry. You may try to save the
command line above as a bat file(e.g. settting.cmd)
So that your user can just run the setting.cmd just once to set the CAS
setting.
If you have any concern on this issue, please post here.
Best regards,
Peter Huang
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: DJP |
last post by:
Hi there
I need to be able to programmatically set permissions on registry keys using
VB / VBScript / VBA. So far I have had a look at doing this...
|
by: Daniel Passwater via DotNetMonster.com |
last post by:
I'm working on a app that displays according to a registry key value. The
user needs the ability to update the display, and hense the registry key...
|
by: Kevin Swanson |
last post by:
I'm attempting some remote registry manipulation via C#. I've written a test
app to simply grab a specified key from a specified hive on a specified...
|
by: Dmitriy Kolesnik |
last post by:
Hello all!
I have problem with reading data from registry. I work on the one machine.
My operation
system is Windows XP SP2.
I read data from...
|
by: Kevin Burton |
last post by:
I am using aspnet_setreg but the permissions that it sets the registry to
leave the application unable to access the information. I want to add the...
|
by: Kevin L |
last post by:
I store some application settings in the registry under
HKEY_LOCAL_MACHINE\Software\MyApplication
I want to allow full access to this key and...
|
by: PiotrKolodziej |
last post by:
Hi
Here is the code:
this.regPath = @"Software\FileManager\" ;
System.Security.Permissions.RegistryPermission permissions =
new...
|
by: Sreppohcdoow |
last post by:
I have a simple tool that I create that stores some settings in the
Registry... however, if the user running it doesn't have Admin priveleges on...
|
by: tmsprowl |
last post by:
Greetings!
I was wondering if someone could help me with a problem I'm having.
My department is just one of many within my organization. My...
|
by: Kemmylinns12 |
last post by:
Blockchain technology has emerged as a transformative force in the business world, offering unprecedented opportunities for innovation and...
|
by: Naresh1 |
last post by:
What is WebLogic Admin Training?
WebLogic Admin Training is a specialized program designed to equip individuals with the skills and knowledge...
|
by: Matthew3360 |
last post by:
Hi there. I have been struggling to find out how to use a variable as my location in my header redirect function.
Here is my code.
...
|
by: Matthew3360 |
last post by:
Hi, I have a python app that i want to be able to get variables from a php page on my webserver. My python app is on my computer. How would I make it...
|
by: Arjunsri |
last post by:
I have a Redshift database that I need to use as an import data source. I have configured the DSN connection using the server, port, database, and...
|
by: WisdomUfot |
last post by:
It's an interesting question you've got about how Gmail hides the HTTP referrer when a link in an email is clicked. While I don't have the specific...
|
by: Matthew3360 |
last post by:
Hi,
I have been trying to connect to a local host using php curl. But I am finding it hard to do this. I am doing the curl get request from my web...
|
by: Carina712 |
last post by:
Setting background colors for Excel documents can help to improve the visual appeal of the document and make it easier to read and understand....
|
by: BLUEPANDA |
last post by:
At BluePanda Dev, we're passionate about building high-quality software and sharing our knowledge with the community. That's why we've created a SaaS...
| |
