How to deny read access to registry key ?

delphi package - easy access to security apis

How to deny read access to registry key ?

Postby stpavel » Tue Nov 08, 2005 5:44 pm

Hello !
I need deny access for everyone , except Administrator group to some registry key , but sometimes give read access for everyone at that key..
I don't understand how to do it..

I tried :

with RegistrySecurity('HKLM\SOFTWARE\SecurityKey') do begin
Dacl.DeleteItems(Everyone);
DAcl.NewItem(Everyone,ACCESS_CODE,atDenied);
end;

but , how to calcultate this ACCESS_CODE ?
stpavel
 
Posts: 1
Joined: Tue Nov 08, 2005 5:37 pm

Postby madshi » Tue Nov 08, 2005 7:51 pm

I suggest to use IAcl.SetFileAccess. It's not really made for registry access rights, but it will probably work just fine.

If it doesn't work, I'm not sure right now myself which flags to use exactly. The problem is that for each and every security object, Windows has its own security flags. I'd have to analyze it myself.

What you can do is use RegEdit to set the rights you want to have. Then use madSecurity to to enumerate the ACL to see how it looks like. This way you know which flags to set.
madshi
Site Admin
 
Posts: 9827
Joined: Sun Mar 21, 2004 5:25 pm


Return to madSecurity

Who is online

Users browsing this forum: No registered users and 1 guest