Does the madSecurity work on Vista?

delphi package - easy access to security apis

Does the madSecurity work on Vista?

Postby edubel » Fri Feb 22, 2008 5:31 am

I have the following code:

RegSec := RegistrySecurity('HKLM\SOFTWARE\....');
RegSec.ProtectedDAcl := false;
RegSec.DAcl.SetFileAccess(Everyone, true);


It works fine on XP, however does not seem to be creating permissions to read/write for "everyone" on Vista computers. Note, the program runs "as administrator".

Thanks in advance.
edubel
 
Posts: 3
Joined: Fri Feb 22, 2008 5:08 am

Postby madshi » Mon Feb 25, 2008 7:08 pm

Hello,

don't have Vista installed on this PC right now. What does that code do on Vista? Doesn't it do anything? Or does it just not do what you expected?
madshi
Site Admin
 
Posts: 9831
Joined: Sun Mar 21, 2004 5:25 pm

Postby edubel » Mon Feb 25, 2008 10:03 pm

On XP it creates Full Control permission entry to "Everyone", on Vista it does nothing.
edubel
 
Posts: 3
Joined: Fri Feb 22, 2008 5:08 am

Postby moonrisesystems » Tue Apr 01, 2008 1:12 pm

RegSec := RegistrySecurity('HKLM\SOFTWARE\....');
RegSec.ProtectedDAcl := false;
RegSec.DAcl.SetFileAccess(Everyone, true);


This may be related to the new "Integrity Level" security feature introduced in Vista. Every object and process now has one of four Integrity Levels - System, High, Medium and Low.

Most user Processes have a Medium Integrity Level though some have a High integrity Level (When you "Run As Administrator").

The short story is that in order to change anything about an object (such as a file or registry key) the process or user that does so must have an Integrity Level the same or higher than the object itself as well as also having the necessary read or write permissions that it would have needed under XP.

A Medium Level Process cannot change a High Level Object. Only A High Level or System Level Process can do that.

So you need to find out the Integrity level of the key you are trying to change. The integrity level exists as a new type of Access Control Entry in the objects ACL.
moonrisesystems
 
Posts: 36
Joined: Mon Feb 18, 2008 5:48 pm

Postby edubel » Wed Apr 02, 2008 1:34 am

The application was executed "as administrator" and the above code did not work (hasn't created a brand new key with access permision to Everyone).

Has anybody done a similar code for Vista that did work?
edubel
 
Posts: 3
Joined: Fri Feb 22, 2008 5:08 am

Postby moonrisesystems » Thu Apr 03, 2008 2:28 pm

he application was executed "as administrator" and the above code did not work (hasn't created a brand new key with access permision to Everyone).


Have you tried creating the key first using RegCreatekeyEx, then setting the permissions?

Other than that I am not sure why it is not working.
moonrisesystems
 
Posts: 36
Joined: Mon Feb 18, 2008 5:48 pm


Return to madSecurity

Who is online

Users browsing this forum: No registered users and 2 guests