Geek Answers Handbook

The application cannot be written to the registry, although the user has administrative privileges

I am using Visual Studio 2010, and I am writing a program that should set (and read) new registry values ​​in HKLM\Software\myapp

The program is based on .NET 2.0 and currently runs on a 64-bit version of Windows 7. Here is my ocde:

 RegistryKey softwareKey = Registry.LocalMachine.OpenSubKey("Software", true); RegistryKey MyKey = softwareKey.CreateSubKey("MyApp"); RegistryKey = MyKey.CreateSubKey("MyKey"); selfPlacingWindowKey.SetValue("instaldateperson", datestr + usrname);

The problem that I encounter when working with Visual Studio 2010 is that it starts the application, but logs in as I do, I am a user and a member of the local administrator group. However, I cannot create the key (despite the fact that I am part of a local administrative group that have rights to this). I also don’t know how to do this as a login (but its also not what I want, since then I would put the Adminuser and password inside the code, and I am already an administrator, so why?)

If this is not possible at all, are there options for creating registry keys?

Somehow add them to the project or so? .. I'm a little confused here.

+5
source share
6 answers

Just because you work as an administrator (or use an account with administrator privileges), this does not mean that these administrative privileges always apply. This is a security measure that prevents malware from using users who stupidly use their computer all the time with administrator rights.

To use your administrative privileges, you need to raise the process. There are two ways to do this:

  • Use a manifest that indicates that your application requires administrative privileges and therefore requires promotion at startup.

    This means that your application will always work with higher priority and should be used only when your application needs it. The Windows Registry Editor (RegEdit), for example, does this because there is little that can be done without administrative privileges.

    Find information on how to run this here on MSDN , or in my answer here . Basically, you just want to add the following line to your manifest:

     <requestedExecutionLevel level="requireAdministrator" />

  • If you need only administrative privileges for certain tasks (i.e. saving a certain parameter in the registry), and the rest of your application does not require this, you must start a new elevated process for this. There is no way to temporarily raise the current process, so you really need to unscrew the new process.

    The advantage of this method is that your application should not run with administrator rights all the time (which increases security), and that users who do not have administrative rights will still be able to run your application to do the rest (i.e. everything , except for one or two tasks that require improvement).

    You select a separate process that contains only the logic necessary for writing to the registry using the Process class and raising the query for this process using the verb runas . See this question for more information. I also wrote an answer that gives a complete description of how to do this with C #, including sample code.

Of course, as mentioned in other answers, most likely the design of your application is incorrect. The whole logic of the Windows security model is that regular applications do not require administrative privileges. They do not need to write to the registry or do other things that could potentially jeopardize the operation of the machine. If you need to save the settings, can I suggest two other possible approaches:

  • Recognizing that Windows is indeed a multi-user operating system and only records your settings for the current user. This makes sense, as different users often have different settings and preferences. Instead of the HKEY_LOCAL_MACHINE branch in the registry (access to which requires administrator rights), you would like to use HKEY_CURRENT_USER . Change the first line of code to:

      RegistryKey softwareKey = Registry.CurrentUser.OpenSubKey("Software", true);

  • Skip all the complexity and complexity of writing to the registry as a whole, using the logic built into .NET to save your application settings. Start reading the answers here , or here , or on MSDN to find out how to do this. I would say that this is by far your best option. Do not write complex code yourself to do something that the structure in use already has built-in support for execution with ease.

+9
source

Perhaps the design of your application is wrong. Standard desktop applications should not write to HKEY_LOCAL_MACHINE . Because of UAC, you need to have administrator rights and work in an elevated process in order to be able to write in HKLM .

If your application needs to make changes to HKLM , then think about it during installation, because the installer will be launched.

If a desktop application needs to write in HKLM , then it should consider separating those parts of the application that should run in a separate process. Otherwise, users will be very tired of going through the UAC dialog to launch your application. Even if they do not use the part of the application that is written to HKLM . And if you force the whole application to demand elevation, then standard users will never be able to run it at all.

+3
source

The reason you cannot create a key under HKEY_LOCAL_MACHINE while running Visual Studio is because Visual Studio does not work as an elevated process.

For end users, the application manifest should indicate that full administrator rights are required. Here is the documentation for embedding the manifest for UAC

If the registry key should not be global, try writing to HKEY_CURRENT_USER instead.

+2
source

Renewal. Create a .manifest file in your project. Give it the same name as the executable. "name_of_executable.exe.manifest" Finally, modify or create a tag for:

 <requestedExecutionLevel level = "requireAdministrator" uiAccess = "false" />
0
source

The previous answers mentioned that you need to indicate in the manifest that you need administrator rights to use HKLM

You can create a manifest with;

  1. Right click on your project,
  2. Going to add a new
  3. Click on General
  4. Click on the application manifest file
  5. Click Add
  6. Open the manifest file and find and requireAdministrator comment in the line requireAdministrator

A more subtle thing that can confuse you is to check the Prefer 32bit checkbox in your project settings.

This will mean that the Registry will not be able to obtain the required access mask, and it will silently fail without an internal exception, because the error handler needs the same access mask so that it cannot be used.

You should avoid storing things in this part of the registry unless you absolutely need to save the settings for different users. The registry should also not be used to store passwords or other confidential information, since you CANNOT reliably control access even using the ACL.

0
source

You must give write permission by adding a true value after your key in the method.

 Registry.LocalMachine.CreateSubKey(@"YOURKEY", true); Registry.LocalMachine.OpenSubKey(@"YOURKEY", true);

You also need elevated permissions to do this, then you can create a .manifest file and set the level to "requireAdministrator" as follows:

 <requestedExecutionLevel level="requireAdministrator" uiAccess="false" />

NOTE: in your code:

 RegistryKey softwareKey = Registry.LocalMachine.OpenSubKey("Software", true); RegistryKey MyKey = softwareKey.CreateSubKey("MyApp"); RegistryKey = MyKey.CreateSubKey("MyKey"); selfPlacingWindowKey.SetValue("instaldateperson", datestr + usrname);

Verify that the object label is correct. You use the labels "softwareKey" and "MyKey" to create the object, but use the other label "selfPlacingWindowKey" to set the value.

0
source

More articles:


All Articles