Page 1 of 1

Does the madSecurity work on Vista?

Posted: Fri Feb 22, 2008 5:31 am
by edubel
I have the following code:
RegSec := RegistrySecurity('HKLM\SOFTWARE\....');
RegSec.ProtectedDAcl := false;
RegSec.DAcl.SetFileAccess(Everyone, true);
It works fine on XP, however does not seem to be creating permissions to read/write for "everyone" on Vista computers. Note, the program runs "as administrator".

Thanks in advance.

Posted: Mon Feb 25, 2008 7:08 pm
by madshi
Hello,

don't have Vista installed on this PC right now. What does that code do on Vista? Doesn't it do anything? Or does it just not do what you expected?

Posted: Mon Feb 25, 2008 10:03 pm
by edubel
On XP it creates Full Control permission entry to "Everyone", on Vista it does nothing.

Posted: Tue Apr 01, 2008 1:12 pm
by moonrisesystems
RegSec := RegistrySecurity('HKLM\SOFTWARE\....');
RegSec.ProtectedDAcl := false;
RegSec.DAcl.SetFileAccess(Everyone, true);
This may be related to the new "Integrity Level" security feature introduced in Vista. Every object and process now has one of four Integrity Levels - System, High, Medium and Low.

Most user Processes have a Medium Integrity Level though some have a High integrity Level (When you "Run As Administrator").

The short story is that in order to change anything about an object (such as a file or registry key) the process or user that does so must have an Integrity Level the same or higher than the object itself as well as also having the necessary read or write permissions that it would have needed under XP.

A Medium Level Process cannot change a High Level Object. Only A High Level or System Level Process can do that.

So you need to find out the Integrity level of the key you are trying to change. The integrity level exists as a new type of Access Control Entry in the objects ACL.

Posted: Wed Apr 02, 2008 1:34 am
by edubel
The application was executed "as administrator" and the above code did not work (hasn't created a brand new key with access permision to Everyone).

Has anybody done a similar code for Vista that did work?

Posted: Thu Apr 03, 2008 2:28 pm
by moonrisesystems
he application was executed "as administrator" and the above code did not work (hasn't created a brand new key with access permision to Everyone).
Have you tried creating the key first using RegCreatekeyEx, then setting the permissions?

Other than that I am not sure why it is not working.