I can successfully create this registry symbolic link;
Link => "hkey_local_machine\software\techinc"
Target => "hkey_users\S-1-5-21...\software\microsoft" (hkey_current_user works as well)
But I cannot get this one to work, I always get Error 5, access denied;
Link => "hkey_users\S-1-5-21...\software\techinc"
Target => "hkey_local_machine\software\microsoft"
Is it not possible to create a registry symbolic link between registry hives, when one of them is the user's current hive?
I am using the traditional "RegCreateKeyEx", along with with "RegSetValueEx", which I know works, since the first example above is working fine. Also, any link that I create within any single hive works perfectly. It's just when I try to link between (2) different hives is when the problem happens.
I should have mentioned that as well, thank you salem c. :)
I ran all my testing logged in as Administrator. I ran my MFC console application within an elevated command prompt.
I've also tried "RegOpenCurrentUser" and it did not fix the issue. Is there another way to obtain the required access rights for "hkey_current_user", programmatically?
Good point, I checked those as well, I have full permissions on "hkey_current_user" and i shut down the anti-virus.
The strange thing is, is that I can add the keys manually via Regedit and everything is fine. Mind you, the key that I'm adding is not a Symbolic link key.
There must be some other permission that is required to create a Symbolic link key. I've scoured the web, for many hours, the best solution I've found is using "RegOpenCurrentUser" with "KEY_ALL_ACCESS". You would think this would do the trick??
That is the code that I based my application off of. :)
The same issue, when trying to set a symbolic link between "hkey_current_user" and a different hive (i.e. hkey_local_machine) it gives an error 5, access denied.
Note Registry symbolic links should only be used for for application compatibility when absolutely necessary.
Also,
If the function fails, the return value is a nonzero error code defined in Winerror.h. You can use the FormatMessage function with the FORMAT_MESSAGE_FROM_SYSTEM flag to get a generic description of the error.
If you do this, do you get a better description of the error?
Which version of windows are you on?
Given the above disclaimer, it might be rather more deprecated than you imagine.
You might need to right-click on the exe and choose some "compatibility" options (perhaps).
Yeah, there is hardly any documentation from Microsoft on this topic. I do like what you found to get more of a detailed message descriptor on this error 5!
Personally, I think that they don't want to let us know about these capabilities, since it is used within the Windows O/S itself and users could easily nuke their O/S. I could be wrong, but all the data on the net has been put together by programmers who need the functionality to make applications portable.
This is what I am trying to do. It has to be the permissions on the current user registry hive! Are there any other ways to assign higher privileges to registry keys?
Check, I am using kernel-mode registry syntax and it's in Unicode. I've read that article as well. :) I've been researching this for about (2) weeks now...
I think I may have found something interesting.... just running some tests now. I'll let you folks know if this works or not ... (just found an article on invoking Administrator rights in Visual Studio, as opposed to using "as invoker"...)
Crap! Just tried it, no luck, WTF is going on??
I tried this idea;
In C++ you need to change the Manifest in the properties:
Right click on the head of the project, below the solution
You will get a popup menu, select: Properties
Under: Configuration Properties/Linker/Manifest file, select:
UAC Execution Level: change from asInvoker to requireAdministrator
Rebuild
This change will allow you to write to HKLM.
From what I'm seeing you CAN'T create a registry symbolic link, under "hkey_current_user", if the target is located in any other hive (anything other than under "hkey_current_user").
If someone can prove me wrong, please let me know.
So according to your information, if we programmatically assign "current_user" the same security descriptors as "local_machine", it should allow the link to work?
If you think this will work, how would you go about accomplishing the reading & writing of registry security descriptors? I tried assigning ADMIN security descriptors to the link key, but that didn't work for me, I'm assuming we'd need to read (capture) the security descriptors for "local_machine" and then write (assign) them to "current_user". Is that the process? Does anyone have a code sample?
That is what I'm thinking as well, that this is a trait of the hkey structure and this boundary cannot be crossed.
I also found a similar limitation within the hkey_users keys themselves. I can't create a symbolic link between hkey_users\<AdminSID> and hkey_users\<pre-loaded registry hive>?
I'd like to know more about these boundaries/limitations, since they all look to be permission based, it should be doable.
I am doing all my testing within a VM, so when things go crazy, I revert back to a previous snapshot. I want to get this perfected before I try it live on my host machine. :)
Using SubInACL, I discovered that "hkey_current_user" has the inheritance flag set. It is showing "SE_DACL_PROTECTED" set, while "hkey_local_machine" does not have that flag set. This looks to be the only difference between their security descriptors.
I don't see a way to de-select this inheritance flag from SubInACL, has anyone done this before?