Geek Answers Handbook

Running aspnet_setreg.exe on a Windows 2008 server

I have a site that uses aspnet_setreg.exe to encrypt the username and password of the user using the identifier in the registry. It always worked fine, but when I run it on Windows 2008, I get the following:

C: \ aspnet_setreg> aspnet_setreg.exe -k: SOFTWARE \ MYCODE \ identity -u: "domain \ user" -p: "password"

Change the configuration to contain the following:

UserName = "registry: HKLM \ SOFTWARE \ MYCODE \ identity \ ASPNET_SETREG, username" password = "registry: HKLM \ SOFTWARE \ MYCODE \ identity \ ASPNET_SETREG, password"

The DACL in the registry key provides full access to the system, administrators, and the owner.

If you have encrypted credentials for the configuration section or the connection string for the configuration section, make sure that the process ID has read access to the registry key. Also, if you configured IIS to access content on

UNC, the account used to access the resource will need read access to the registry key. Regedt32.exe can be used to view / change registry key permissions.

You can rename the registry key and registry value to prevent detection.

Has anyone else used this and seen how it works in 2008.

thanks

+4
source share
4 answers

I moved the keys from the 2003 server. But still I would like to know if anyone else can experiment using this on a 2008 machine.

0
source

The potential problem with aspnet_setreg.exe is that it is a 32-bit process and will be written to Wow6432Node, and not to the places indicated above. If you are using a 64-bit application pool, you need to copy the registry key to the "real" x64 location.

+5
source

1) The aspnet_setreg application put the registry entry in HKLM \ Software \ Wow6432Node \ the rest of the way.

As mentioned above, this behavior is for a 32-bit application that modifies a 64-bit registry entry.

2) To move the key to the right place, I exported the key to a .reg file, and then edited the file and got rid of the Wow6432Node directory in the file.

3) Alternatively, you can simply use the Wow6432Node path:

For instance:

userName="registry:HKLM\Software\Wow6432Node\MYCODE\identity\ASPNET_SETREG,userName" password="registry:HKLM\Software\Wow6432Node\MYCODE\identity\ASPNET_SETREG,password"

4) Also pay attention to the fact that for its launch there must be administrator rights. In Windows 7, I launched it from the command line using "run as administrator", and aspnet_setreg saved it in HKEY_USERS [USER SID] \ Software \ Classes \ VirtualStore \ MACHINE \ SOFTWARE \ Wow6432Node.

5) Finally, do not forget to specify permissions for the registry entry so that your application can read from the registry key.

Links: http://support.microsoft.com/kb/329290

+1
source

You are right about the x64 location. How to get aspnet_setreg.exe to set reg values ​​in x32 location?

0
source

More articles:


All Articles