Does the madSecurity work on Vista?

delphi package - easy access to security apis
Post Reply
edubel
Posts: 3
Joined: Fri Feb 22, 2008 5:08 am

Does the madSecurity work on Vista?

Post by edubel »

I have the following code:
RegSec := RegistrySecurity('HKLM\SOFTWARE\....');
RegSec.ProtectedDAcl := false;
RegSec.DAcl.SetFileAccess(Everyone, true);
It works fine on XP, however does not seem to be creating permissions to read/write for "everyone" on Vista computers. Note, the program runs "as administrator".

Thanks in advance.
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

Hello,

don't have Vista installed on this PC right now. What does that code do on Vista? Doesn't it do anything? Or does it just not do what you expected?
edubel
Posts: 3
Joined: Fri Feb 22, 2008 5:08 am

Post by edubel »

On XP it creates Full Control permission entry to "Everyone", on Vista it does nothing.
moonrisesystems
Posts: 36
Joined: Mon Feb 18, 2008 5:48 pm

Post by moonrisesystems »

RegSec := RegistrySecurity('HKLM\SOFTWARE\....');
RegSec.ProtectedDAcl := false;
RegSec.DAcl.SetFileAccess(Everyone, true);
This may be related to the new "Integrity Level" security feature introduced in Vista. Every object and process now has one of four Integrity Levels - System, High, Medium and Low.

Most user Processes have a Medium Integrity Level though some have a High integrity Level (When you "Run As Administrator").

The short story is that in order to change anything about an object (such as a file or registry key) the process or user that does so must have an Integrity Level the same or higher than the object itself as well as also having the necessary read or write permissions that it would have needed under XP.

A Medium Level Process cannot change a High Level Object. Only A High Level or System Level Process can do that.

So you need to find out the Integrity level of the key you are trying to change. The integrity level exists as a new type of Access Control Entry in the objects ACL.
edubel
Posts: 3
Joined: Fri Feb 22, 2008 5:08 am

Post by edubel »

The application was executed "as administrator" and the above code did not work (hasn't created a brand new key with access permision to Everyone).

Has anybody done a similar code for Vista that did work?
moonrisesystems
Posts: 36
Joined: Mon Feb 18, 2008 5:48 pm

Post by moonrisesystems »

he application was executed "as administrator" and the above code did not work (hasn't created a brand new key with access permision to Everyone).
Have you tried creating the key first using RegCreatekeyEx, then setting the permissions?

Other than that I am not sure why it is not working.
Post Reply