 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / .NET Framework / .NET SDK / November 2006security violation in code, but ok from services applet
Hi; I am trying to change a registry entry for a ervices in a C# forms (not ASP.NET) app. When I call the following I get an UnauthorizedAccessException: RegistryKey key = Registry.LocalMachine.OpenSubKey("SYSTEM\\CurrentControlSet\\Services\\W3SVC"); key.SetValue("Start", 2); But I can go into the services applet and change this. I'm the same user for both apps so shouldn't this work?  Signaturethanks - dave david_at_windward_dot_net http://www.windwardreports.com Cubicle Wars - http://www.windwardreports.com/film.htm > Hi; > [quoted text clipped - 6 lines] > But I can go into the services applet and change this. I'm the same user for > both apps so shouldn't this work? No, it's not the same, when changing service properties through the services cpl, the applet simply 'asks' the service controller to change the start option. The SCM runs as SYSTEM, and as suh has the necessary privilege to change the registry key. That's exactly you should do, you should never ever modify HKLM directly from user code. Willy. Hi Dave, You may use the sc.exe command to run an command in .NET to control the service. sc config W3SVC start= disabled e.g. private void button2_Click(object sender, EventArgs e) { Process.Start("sc"," config W3SVC start= disabled"); // set the startup to disabled for service w3svc } Best regards, Perter Huang Microsoft Online Partner Support SignatureGet Secure! - www.microsoft.com/security This posting is provided "AS IS" with no warranties, and confers no rights. > Hi; > [quoted text clipped - 8 lines] > for > both apps so shouldn't this work? Can you do it by hand using regedt32? If not, then your user account hasn't sufficient permissions, and there's limited privilege elevation being allowed through the service manager apis. If yes, then your C# app is probably running partially trusted. >> Hi; >> [quoted text clipped - 10 lines] > permissions, and there's limited privilege elevation being allowed through the service > manager apis. If yes, then your C# app is probably running partially trusted. HKLM is only writable by Administrators and localsystem, regular users only have read access. And as "user" applications should not run under an administrator account, they should not modify HKLM whatsoever. Willy. ok, this is weird. I can change it in the registry but my program cannot. I have domain user rightsd as well as admin on the machine (not the domain). So it looks like I am running under partially trusted. What do I need to do to run as fully trusted? Signaturethanks - dave david_at_windward_dot_net http://www.windwardreports.com Cubicle Wars - http://www.windwardreports.com/film.htm > >> Hi; > >> [quoted text clipped - 16 lines] > > Willy. > ok, this is weird. I can change it in the registry but my program cannot. I > have domain user rightsd as well as admin on the machine (not the domain). By default, only "local administrators" have write access privileges. Are you sure your domain account is member of local administrators? If this is the case, you'll have to check the ACL settings for this key using regedit. > So it looks like I am running under partially trusted. What do I need to do > to run as fully trusted? Not sure it's a CAS security issue, what's the exception thrown at you? If the code is runs from a local disk, you are running at full trust, if not, you won't have access to the registry (in top of the windows identity based security check). But again, don't mess with this, use the tools meant to change the attributes of a service, like there are the sc.exe (command line tool) and System.Management (WMI) from code. Willy. yes I'm a local administrator and running from my local disk. But I think you're right - I'll just spawn sc.exe. Signaturethanks - dave david_at_windward_dot_net http://www.windwardreports.com Cubicle Wars - http://www.windwardreports.com/film.htm > > ok, this is weird. I can change it in the registry but my program cannot. I > > have domain user rightsd as well as admin on the machine (not the domain). [quoted text clipped - 13 lines] > > Willy. > I am trying to change a registry entry for a ervices in a C# forms (not > ASP.NET) app. When I call the following I get an UnauthorizedAccessException: [quoted text clipped - 4 lines] > But I can go into the services applet and change this. I'm the same user for > both apps so shouldn't this work? RegistryKey.OpenSubKey with only one parameter, which you are using, opens the key for read-only access. As a result, setting values under this key is not possible. If you want to set values, use the second version of OpenSubKey and pass "true" in the second parameter ("writeable"). -- Oleg [VC++ MVP http://www.debuginfo.com/] Ohhhhhhhhhhhh Signaturethanks - dave david_at_windward_dot_net http://www.windwardreports.com Cubicle Wars - http://www.windwardreports.com/film.htm > > I am trying to change a registry entry for a ervices in a C# forms (not > > ASP.NET) app. When I call the following I get an UnauthorizedAccessException: [quoted text clipped - 13 lines] > Oleg > [VC++ MVP http://www.debuginfo.com/] Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.