hkcr
i am trying to give the hkcr full permission like this
ErrStatus = g_oShell.Run (sAppsSource & SetAcl "CLASSES_ROOT" "/Registry /grant users /full", 0, True)
please let me know thanks
ErrStatus = g_oShell.Run (sAppsSource & SetAcl "CLASSES_ROOT" "/Registry /grant users /full", 0, True)
please let me know thanks
0 Comments
[ + ] Show comments
Answers (8)
Please log in to answer
Posted by:
WiseUser
18 years ago
I must say that I agree with Brent.
As a software packager, you should only be making the minimum number of changes to a machine in order to allow your software to run. I'm sure your clients would think twice about installing one of your packages if they thought you were doing the kind of thing you suggested above.
Try using a tool like Regmon to troubleshoot any NTFS permission issues.
As a software packager, you should only be making the minimum number of changes to a machine in order to allow your software to run. I'm sure your clients would think twice about installing one of your packages if they thought you were doing the kind of thing you suggested above.
Try using a tool like Regmon to troubleshoot any NTFS permission issues.
Posted by:
VikingLoki
18 years ago
I agree. I can't contribute to such a drastic solution such as that. There is a reason why file & registry security exists and that's defeating the whole point of it.
Let us know why you want to open up HKCR and I'm sure we'll come up with a better solution for it.
Let us know why you want to open up HKCR and I'm sure we'll come up with a better solution for it.
Posted by:
Ipstenu
18 years ago
Actually, if you're on Windows XP do not for the love of all holy unlock the root level of HKCR. You will, about 60% of the time, screw up the PC to the point that you will have to f-disk and start over. We ran into an ancient web application that needed read/write access to HKCR and we're running a locked down XP environment. No matter if we manually unlocked HKCR, or used the only tool we could find to do it, 6 times out of 10, the blighted machine would start throwing services errors. The most notable was that it butchered WMI services.
Posted by:
craig16229
18 years ago
". . . Danger, Will Robinson . . . Danger . . . "
Seriously, though, take to heart all of responses in this thread.
Even if you are lucky and you don't experience issues like described by Ipstenu, you will be creating a very large attack surface for spyware and malware on those workstations.
Craig --<>.
Seriously, though, take to heart all of responses in this thread.
Even if you are lucky and you don't experience issues like described by Ipstenu, you will be creating a very large attack surface for spyware and malware on those workstations.
Craig --<>.
Posted by:
Priapus
18 years ago
please let me know thanks
Hej Linstead,
I have had some applications, which needed to write into registry when you run the software. When you run a lock-down environment, I had to find a solution. So, by using
regini.exe, I have granted rights to the users for only those keys program wants to write into.
More information about regini.exe found in MS;
Regini Exe
Posted by:
Gekris
17 years ago
here's a novel idea... DON"T USE Regini.exe !! for permisions!! it's soooo last centry
use Secedit.exe. it's on the system allready by default.
it's FULLY SUPPORTD under XP-32/64 and 2003 systems as well as the older 2000 systems.
unlike regini.exe or xcacles.exe neather of witch play nice in anything newer then say... NT4.0 sp6.....
Also if u use secedit and/or GPO's to controll your applications permisions it's much easyer to manage.
however if you AD is not desinged to support Application level securty then you'll have to prity much rebuild and restructore it, as well as update how your hardware refresh cycle works... a big project to say the least. i have had the pleasure of doing that acupple of times now.
look at this
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sag_secedittopnode.mspx?mfr=true
and follow the links to:
Secedit commands
and
Security Templates
use Secedit.exe. it's on the system allready by default.
it's FULLY SUPPORTD under XP-32/64 and 2003 systems as well as the older 2000 systems.
unlike regini.exe or xcacles.exe neather of witch play nice in anything newer then say... NT4.0 sp6.....
Also if u use secedit and/or GPO's to controll your applications permisions it's much easyer to manage.
however if you AD is not desinged to support Application level securty then you'll have to prity much rebuild and restructore it, as well as update how your hardware refresh cycle works... a big project to say the least. i have had the pleasure of doing that acupple of times now.
look at this
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sag_secedittopnode.mspx?mfr=true
and follow the links to:
Secedit commands
and
Security Templates
Rating comments in this legacy AppDeploy message board thread won't reorder them,so that the conversation will remain readable.