How to deny read access to registry key ?

delphi package - easy access to security apis
Post Reply
stpavel
Posts: 1
Joined: Tue Nov 08, 2005 5:37 pm

How to deny read access to registry key ?

Post by stpavel »

Hello !
I need deny access for everyone , except Administrator group to some registry key , but sometimes give read access for everyone at that key..
I don't understand how to do it..

I tried :

with RegistrySecurity('HKLM\SOFTWARE\SecurityKey') do begin
Dacl.DeleteItems(Everyone);
DAcl.NewItem(Everyone,ACCESS_CODE,atDenied);
end;

but , how to calcultate this ACCESS_CODE ?
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

I suggest to use IAcl.SetFileAccess. It's not really made for registry access rights, but it will probably work just fine.

If it doesn't work, I'm not sure right now myself which flags to use exactly. The problem is that for each and every security object, Windows has its own security flags. I'd have to analyze it myself.

What you can do is use RegEdit to set the rights you want to have. Then use madSecurity to to enumerate the ACL to see how it looks like. This way you know which flags to set.
Post Reply