Page 1 of 1

block access to a key?

Posted: Fri Oct 09, 2009 7:40 pm
by warfighter
to use the madsecurity to block access to a key?

I do not know how to use new code right, someone can help me

Posted: Sat Oct 10, 2009 8:43 am
by madshi
You can use something like this:

Code: Select all

RegistrySecurity(regKeyHandle).DAcl.NewItem(CurrentUser, STANDARD_RIGHTS, atDenied);
This would deny the STANDARD_RIGHTS to the current user. See MS documentation about which exact rights exist for registry keys, if STANDARD_RIGHTS isn't what you need. Of course instead of "CurrentUser" you can also use any other user. See madSecurity help for more information.

The above code will only work if you have enough access rights to change the DAcl of the specified registry key, of course...

Posted: Sat Oct 10, 2009 1:15 pm
by warfighter
procedure TForm1.Button1Click(Sender: TObject);
begin

Code: Select all

RegistrySecurity('HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup').DAcl.NewItem(CurrentUser, STANDARD_RIGHTS_REQUIRED, atDenied);
end;

Correct ?

Posted: Sat Oct 10, 2009 1:38 pm
by madshi
I'm not sure which string the OS expects. I don't think the OS wants "HKEY_LOCAL_MACHINE", but I don't know myself right now. It's better to open the key with the registry APIs (RegOpenKeyEx, IIRC) and feed that to RegistrySecurity.